diff --git a/fetchExternalContent/fetchAnnotatedCopies/README.md b/fetchExternalContent/fetchAnnotatedCopies/README.md new file mode 100644 index 00000000..e3769cc4 --- /dev/null +++ b/fetchExternalContent/fetchAnnotatedCopies/README.md @@ -0,0 +1,5 @@ +# Order in which to run the scripts: + +1. fetchExternalContentMetaData.js +2. fetchExternalContent.js +3. addHTMLstructureToExternalContent.js \ No newline at end of file diff --git a/fetchExternalContent/fetchAnnotatedCopies/addHTMLstructureToExternalContent.js b/fetchExternalContent/fetchAnnotatedCopies/addHTMLstructureToExternalContent.js new file mode 100644 index 00000000..1b8f3cc0 --- /dev/null +++ b/fetchExternalContent/fetchAnnotatedCopies/addHTMLstructureToExternalContent.js @@ -0,0 +1,132 @@ +#!/usr/bin/env node + +/* + Author: Kor Dwarshuis + Created: 2023 + Updated: - + Description: + + Markdown to Bootstrap Accordion Converter + + This script automates the conversion of Markdown files in the directoryPath directory into Bootstrap accordion format. + It imports a JSON file named 'externalContentMetaData.json' to create a mapping of anchor tags to 'Level' attributes, which + are then used as data attributes in the generated Bootstrap accordions. + + Features: + 1. Reads all Markdown (.md) files in the specified directory. + 2. Imports 'Level' attributes from an external JSON file. + 3. Converts all headings in the Markdown files to H2. + 4. Wraps sections under H2 headings in Bootstrap accordion divs, utilizing the imported 'Level' as a data attribute. + 5. Writes the updated content back into each Markdown file. + + Dependencies: + - Node.js built-in modules: 'fs' for file system operations, 'path' for path manipulations. + + Logging: + Outputs a log message for each successfully updated file. + */ + + + + +const fs = require('fs'); +const path = require('path'); +require('dotenv').config(); + +// Directory path +const directoryPath = process.env.ANNOTATED_COPIES_OUTPUT_DIR; + +// Import external JSON object TODO: fix the way the path is constructed +const externalContentMetaData = require(path.join(__dirname, '../.' + process.env.ANNOTATED_COPIES_INPUT_DIR)); + + +// Create mapping from the imported JSON +let dataAttributeMap = {}; +externalContentMetaData.values.slice(1).forEach(row => { + let anchor = row[5]; + if (anchor) { + // Remove everything before the last "#" + anchor = anchor.split("#").pop().toLowerCase().replace(/\s/g, '-'); + dataAttributeMap[anchor] = row[11]; // using 'Level' as the data attribute + } +}); + + +fs.readdir(directoryPath, (err, files) => { + if (err) { + return console.log('Unable to scan directory: ' + err); + } + + // Process all .md files + files.filter(file => path.extname(file) === '.md').forEach(file => { + const markdownFilePath = path.join(directoryPath, file); + + fs.readFile(markdownFilePath, 'utf8', (err, data) => { + if (err) { + console.error(`Failed to read file ${file}:`, err); + return; + } + + // Replace all headings with H2 + let updatedData = data.replace(/^(#{1,6}) (.*$)/gm, '## $2'); + + // Wrap H2 sections in divs with data-attributes + updatedData = updatedData.split(/\n(?=## )/g).map(section => { + let match = section.match(/## (.*)$/m); + let heading = match ? match[1] : null; + let anchor = heading ? heading.toLowerCase() : Math.floor(Math.random() * 10000000000000).toString(); + anchor = anchor + .replace(/\s/g, '-') + .replace(/&/g, '-') + .replace(/\//g, '-') + .replace(/\\/g, '-') + .replace(//g, '-') + .replace(/\(/g, '-') + .replace(/\)/g, '-') + .replace(/'/g, '-') + .replace(/`/g, '-') + .replace(/,/g, '-') + .replace(/\./g, '-') + .replace(/;/g, '-') + .replace(/:/g, '-') + .replace(/\?/g, '-') + .replace(/\?/g, '-') + .replace(/!/g, '-') + .replace(/"/g, '-') + ; + let dataAttribute = dataAttributeMap[anchor] || '1'; + + // Creating Bootstrap Accordion + // the “\n\n” must be added or the code will fail + return ` + \n\n
+ \n\n

+ \n\n + \n\n

+ \n\n
+ \n\n
+ \n\n${section} + \n\n
+ \n\n
+ \n\n
+ `; + }).join('\n'); + + // Wrap all content in a div with the accordion className + updatedData = `
` + updatedData + `
`; + + // Write to the file + fs.writeFile(markdownFilePath, updatedData, (err) => { + if (err) { + console.error(`Failed to write to file ${file}:`, err); + return; + } + + console.log(`Successfully updated markdown file: ${file}`); + }); + }); + }); +}); diff --git a/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContent.js b/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContent.js new file mode 100644 index 00000000..aef9cca4 --- /dev/null +++ b/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContent.js @@ -0,0 +1,144 @@ +#!/usr/bin/env node + +/* + Author: Kor Dwarshuis + Created: 2023 + Updated: - + Description: + + This script consumes the data produced by the 'fetchExternalContentMetaData.js' script. + + This script performs the following tasks: + 1. Reads the 'externalContentMetaData.json' file located in the './static/json/' directory to obtain a list of URLs. + 2. Downloads Markdown files (.md) from the URLs and stores them in the outputFileLocation directory. + 3. Cleans up the downloaded Markdown files by: + - Replacing Markdown links without URLs. + - Removing the first line if it contains "---". + Configuration: + - `inputFileLocation`: Directory and filename where the JSON file containing URLs is located. + - `outputFileLocation`: Directory where the downloaded files will be stored. + The code utilizes Node.js and its 'fs', 'path', and 'https' modules to read files, manage directories, and download content. + Promises are used for asynchronous operations. + +*/ + +const fs = require('fs'); +const https = require('https'); +require('dotenv').config(); + +// Config +const inputFileLocation = process.env.ANNOTATED_COPIES_INPUT_DIR; +const outputFileLocation = process.env.ANNOTATED_COPIES_OUTPUT_DIR; // Where to copy the files to +// End Config + +// Create the output directory if it doesn't exist +if (!fs.existsSync(outputFileLocation)) { + fs.mkdirSync(outputFileLocation, { recursive: true }); +} + +function readFileAsync(filePath) { + return new Promise((resolve, reject) => { + fs.readFile(filePath, 'utf8', (err, data) => { + if (err) { + reject(err); + return; + } + + try { + const inputData = JSON.parse(data); + resolve(inputData); + } catch (err) { + reject(err); + } + }); + }); +} + +function processJSON(json) { + // Used for naming the downloaded file: Remove the protocol from the URL, this is done to ensure that the file name is valid (no colons, slashes, etc.) + function removeProtocol(inputString) { + if (inputString.startsWith("https://")) { + inputString = inputString.substring(8); + } else if (inputString.startsWith("http://")) { + inputString = inputString.substring(7); + } + let transformedString = inputString.replace('raw.githubusercontent.com/', ''); + transformedString = transformedString.replace(/\//g, "-"); + return transformedString; + } + + json.values.forEach((item, index) => { + if (item[1] === 'Source') return;// First row is the header + if (item[1] === '') return;// Skip rows when there is no URL + if (item[1] === undefined) return; // Skip rows when there is no URL + const transformedUrl = removeProtocol(item[1]); + + // only copy markdown files + if (!item[1].endsWith(".md")) { return; } + downloadFile(item[1], outputFileLocation + transformedUrl); + }); +} + +function downloadFile(url, destination) { + return new Promise((resolve, reject) => { + const file = fs.createWriteStream(destination); + + https.get(url, response => { + response.pipe(file); + + file.on('finish', () => { + file.close(); + resolve(); + cleanUpFile(destination); + }); + }).on('error', error => { + fs.unlink(destination, () => { + reject(error); + }); + }); + }); +} + +function cleanUpFile(filePath) { + fs.readFile(filePath, 'utf8', (err, data) => { + if (err) { + console.error('Error reading file:', err); + return; + } + + let updatedContent = data; + + // Check and replace Markdown links without URLs + const regex = /\[([^\]]+)\]\(\)/g; + updatedContent = updatedContent.replace(regex, '$1'); + + // Check and remove first line if it's "---" + const lines = updatedContent.split('\n'); + if (lines[0] === '---') { + lines.shift(); // Remove the first line + updatedContent = lines.join('\n'); + } + + if (data !== updatedContent) { + fs.writeFile(filePath, updatedContent, 'utf8', (err) => { + if (err) { + console.error('Error saving file:', err); + } else { + console.log('File updated successfully.'); + } + }); + } else { + console.log('No changes required. File remains unchanged.'); + } + }); + +} + +readFileAsync(inputFileLocation) + .then((input) => { + processJSON(input); + }) + .catch((err) => { + console.error('Error reading file:', err); + }); + diff --git a/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContentMetaData.js b/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContentMetaData.js new file mode 100644 index 00000000..bdffbdee --- /dev/null +++ b/fetchExternalContent/fetchAnnotatedCopies/fetchExternalContentMetaData.js @@ -0,0 +1,82 @@ +#!/usr/bin/env node + +/* + Author: Kor Dwarshuis + Created: 2023 + Updated: - + Description: + + This script creates the data for the fetchExternalContent.js script. + + This Node.js script performs the following tasks: + 1. Sends an HTTP GET request to a Google Sheets API endpoint (“WOT-terms” Google Sheet, tab “LabelContent”) to fetch JSON-formatted data (see https://sheets.googleapis.com/v4/spreadsheets/18IUa-1NSJ_8Tz_2D-VSuSQa_yf3ES1s_hovitm3Clvc/values/LabelContent?alt=json&key=AIzaSyCA4sOfLTriHKjaQftREYWMnQNokDHf_tM). + - The URL of the Google Sheet API endpoint is hardcoded within the script. + 2. Receives and accumulates the JSON data in chunks as it is streamed from the Google Sheet API. + 3. Once all data is received, it writes the JSON data to a file named 'externalContentMetaData.json' in the './static/json/' directory. + + Configuration: + - `outputDirJSON`: Directory where the output JSON file will be stored. + - `outputFileNameJSON`: Name of the output JSON file. + + Note: + - The script should be run from the root of the project. + - For information on how to create a JSON endpoint from a Google Sheet, refer to https://stackoverflow.com/a68854199 + + The code uses the Node.js 'fs', 'path', and 'https' modules to manage directories, write files, and perform HTTPS GET requests. + +*/ + +const fs = require('fs'); +const path = require('path'); +const https = require('https'); +require('dotenv').config(); + +// Config +const outputDirJSON = './static/json/'; //TODO: find a better place for this file +const outputFileNameJSON = 'externalContentMetaData.json'; +// End Config + + +// How to create JSON endpoint from Google Sheet: https://stackoverflow.com/a/68854199 +// const url = +// 'https://sheets.googleapis.com/v4/spreadsheets/18IUa-1NSJ_8Tz_2D-VSuSQa_yf3ES1s_hovitm3Clvc/values/LabelContentTempCopy?alt=json&key=AIzaSyCA4sOfLTriHKjaQftREYWMnQNokDHf_tM'; +const url = process.env.ANNOTATED_COPIES_JSON_ENDPOINT; + +https + .get(url, (resp) => { + let data = ''; + + // A chunk of data has been received. + resp.on('data', (chunk) => { + data += chunk; + }); + + // The whole response has been received. Print out the result. + resp.on('end', () => { + writeJSONFile(data); + }); + }) + .on('error', (err) => { + console.log('Error: ' + err.message); + }); + +function writeJSONFile(content) { + // Create the output directory if it doesn't exist + if (!fs.existsSync(outputDirJSON)) { + fs.mkdirSync(outputDirJSON, { recursive: true }); + } + + // Path to the output file + const filePath = path.join(outputDirJSON, outputFileNameJSON); + + fs.writeFile( + filePath, + content, + function (err) { + if (err) { + return console.log(err); + } + console.log('JSON file has been written successfully.'); + } + ); +} // End writeJSONFile \ No newline at end of file diff --git a/fetchExternalContent/fetchAnnotatedCopies/main.sh b/fetchExternalContent/fetchAnnotatedCopies/main.sh new file mode 100644 index 00000000..51381c8d --- /dev/null +++ b/fetchExternalContent/fetchAnnotatedCopies/main.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Run the first script +node fetchExternalContent/fetchAnnotatedCopies/fetchExternalContentMetaData.js + +# Run the second script +node fetchExternalContent/fetchAnnotatedCopies/fetchExternalContent.js + +# Run the third script +node fetchExternalContent/fetchAnnotatedCopies/addHTMLstructureToExternalContent.js diff --git a/fetchExternalContent/fetchExternalGlossaries/addAliasesToTermsInGlossaries.mjs b/fetchExternalContent/fetchExternalGlossaries/addAliasesToTermsInGlossaries.mjs new file mode 100644 index 00000000..9bebbf5e --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/addAliasesToTermsInGlossaries.mjs @@ -0,0 +1,91 @@ +/* + Author: Kor Dwarshuis + Created: 2024-02-09 + Updated: - + Description: +*/ + +import fs from 'fs'; +import path from 'path'; + +const currentDir = path.dirname(new URL(import.meta.url).pathname); +const sourceDir = path.join(currentDir, '../static/json/external-glosseries/glossaries'); + +function createAliases(item) { + const aliases = []; + let alias; + + // To lower case and replace spaces with dashes + alias = item.term.toLowerCase().replace(/\s/g, '-'); + aliases.push(alias); + + // Replace spaces with dashes + alias = item.term.replace(/\s/g, '-'); + aliases.push(alias); + + // Replace dashes with spaces + alias = item.term.replace(/-/g, ' '); + aliases.push(alias); + + // Replace spaces with underscores + alias = item.term.replace(/\s/g, '_'); + aliases.push(alias); + + // Make every first letter of a word uppercase + alias = item.term.replace(/\b\w/g, l => l.toUpperCase()); + aliases.push(alias); + + // Make every first letter of a word uppercase and replace spaces with dashes + alias = item.term.replace(/\b\w/g, l => l.toUpperCase()).replace(/\s/g, '-'); + aliases.push(alias); + + // Make the first letter of the first word uppercase and replace spaces with dashes + alias = item.term.replace(/\b\w/g, l => l.toUpperCase()).replace(/\s/g, '-'); + aliases.push(alias); + + // Make the first letter of the first word uppercase + alias = item.term.replace(/\b\w/g, l => l.toUpperCase()); + + // Remove duplicate items in the array + let uniqueAliases = [...new Set(aliases)]; + + // If item is in the array, remove it + if (uniqueAliases.includes(item.term)) { + const index = uniqueAliases.indexOf(item.term); + uniqueAliases.splice(index, 1); + } + + return uniqueAliases; +} + +// Get a list of directories in the source directory +const files = fs.readdirSync(sourceDir) + .filter(filename => fs.lstatSync(path.join(sourceDir, filename)).isFile()); + +// Process each JSON file +files.forEach(filename => { + try { + // Load the JSON file + fs + .promises + .readFile(path.join(sourceDir, filename), 'utf-8') + .then(jsonData => { + const parsedData = JSON.parse(jsonData); + console.log('parsedData: ', parsedData.length); + parsedData.forEach((item, index) => { + item.aliases = createAliases(item); + // console.log('item: ', item); + fs.writeFileSync(path + .join(sourceDir, filename), JSON.stringify(parsedData, null, 2)); + + }); + }); + } catch (err) { + console.error(`Error processing file: ${filename}`, err); + } +} +); + + + + diff --git a/fetchExternalContent/fetchExternalGlossaries/createDictionary.mjs b/fetchExternalContent/fetchExternalGlossaries/createDictionary.mjs new file mode 100644 index 00000000..d68f9488 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/createDictionary.mjs @@ -0,0 +1,75 @@ +import fs from 'fs'; +import path from 'path'; +import dotenv from 'dotenv'; + +dotenv.config(); + +const directoryPathInput = process.env.GENERATED_JSON_GLOSSARIES_DIR; +const directoryPathOutput = "./" + process.env.GENERATED_JSON_DICTIONARY_DIR + "/"; +const outputFilename = 'dictionary.json'; + +let termsMap = {}; + +fs.readdir(directoryPathInput, (err, files) => { + if (err) { + console.error('Error reading directory', err); + return; + } + + files.forEach(file => { + if (path.extname(file) === '.json') { + const filePath = path.join(directoryPathInput, file); + const fileContent = fs.readFileSync(filePath, 'utf8'); + let jsonData = JSON.parse(fileContent); + + if (!Array.isArray(jsonData)) { + console.error(`File ${file} does not contain a top-level array. Skipping.`); + return; + } + + jsonData.forEach(entry => { + // Skip the entry if the 'term' is an empty string + if (entry.term === "") { + return; + } + + if (!termsMap[entry.term]) { + termsMap[entry.term] = { + term: entry.term, + anchor: entry.anchor, + definitions: [] + }; + } + termsMap[entry.term].definitions.push({ + organisation: entry.organisation, + definition: entry.definition, + url: entry.url, + anchor: entry.anchor + }); + }); + + } + }); + + const finalArray = Object.values(termsMap); + + // Sort the finalArray alphabetically based on 'term' + finalArray.sort((a, b) => { + if (a.term < b.term) { + return -1; + } + if (a.term > b.term) { + return 1; + } + return 0; + }); + + if (!fs.existsSync(directoryPathOutput)) { + fs.mkdirSync(directoryPathOutput, { recursive: true }); + } + + fs.writeFileSync(path.join(directoryPathOutput, outputFilename), JSON.stringify(finalArray, null, 2)); + console.log(`Dictionary file created at ${path.join(directoryPathOutput, outputFilename)}`); +}); + +export { }; diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchDigitalGovtNzContent/fetchDigitalGovtNzContent.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchDigitalGovtNzContent/fetchDigitalGovtNzContent.mjs new file mode 100644 index 00000000..37da48d2 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchDigitalGovtNzContent/fetchDigitalGovtNzContent.mjs @@ -0,0 +1,44 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import fs from 'fs'; +import path from 'path'; +import cheerio from 'cheerio'; +import { config as configDotEnv } from 'dotenv'; +configDotEnv(); + +// Config +const url = 'https://www.digital.govt.nz/standards-and-guidance/identification-management/identification-terminology/'; +const organisation = 'digital.govt.nz'; +const jsonFileName = 'terms-definitions-digitalgovtnz.json'; + +console.log('DigitalGovtNz: Fetching external content...'); + + +axios.get(url, organisation, jsonFileName) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + $('tr').each((i, el) => { + const term = $(el).find('td').first().text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).find('td').last().text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.log(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + console.log(`Digital Govt Nz terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.log(error); + }); + diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchEssifLabContent/fetchEssifLabContent.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchEssifLabContent/fetchEssifLabContent.mjs new file mode 100644 index 00000000..08beef6f --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchEssifLabContent/fetchEssifLabContent.mjs @@ -0,0 +1,53 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import fs from 'fs'; +import path from 'path'; +import cheerio from 'cheerio'; +import { config as configDotEnv } from 'dotenv'; +configDotEnv(); + +const url = 'https://essif-lab.github.io/framework/docs/essifLab-glossary'; + +console.log('essifLab: Fetching external content...'); + +axios.get(url) + .then(response => { + console.log('External content fetched successfully.'); + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + $('h3').each((i, el) => { + const organisation = 'Essif-Lab'; + const term = $(el).text().trim(); + const anchor = $(el).attr('id'); + // const definition = $(el).nextUntil('h3').text().trim(); + const definition = $(el).nextUntil('h3').html(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + // Loop through all definitions and remove the string '/framework/docs/terms/' + // from the 'url' property + terms.forEach(term => { + // if the link is relative, replace it with the absolute link + term.definition = term.definition.replace(/href=\"\/framework\/docs\/terms\//g, 'href=\"https://essif-lab.github.io/framework/docs/terms/'); + + + }); + + console.log('Writing terms to file...'); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, 'terms-definitions-essiflab.json'); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.log(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + console.log('Essiflab Terms saved'); + } + }); + }) + .catch(error => { + console.log('Error fetching external content:', error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.json b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.json new file mode 100644 index 00000000..8a57177a --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.json @@ -0,0 +1 @@ +{"totalRecords":9578,"comment":"This file includes content from the Glossary at NIST's Computer Security Resource Center (CSRC): https://csrc.nist.gov/glossary. A description of the Glossary's design can be found in NISTIR 7298 Rev. 3, \"Glossary of Key Information Security Terms,\" at https://doi.org/10.6028/NIST.IR.7298r3. It also describes the methodology, assumptions, and constraints used in the development of the underlying database and associated online user interface.","parentTerms":[{"term":"(EC)DH","link":"https://csrc.nist.gov/glossary/term/_ec_dh","abbrSyn":[{"text":"(Elliptic Curve) Diffie-Hellman"}],"definitions":null},{"term":"(p, t)-completeness","link":"https://csrc.nist.gov/glossary/term/p_t_completeness","definitions":[{"text":"For a given set of n variables, (p, t)-completeness is the proportion of the C(n, t) combinations that have configuration coverage of at least p.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878","refSources":[{"text":"Maximoff et al"}]}]}]},{"term":"(t + k)-way combination coverage","link":"https://csrc.nist.gov/glossary/term/t_k_way_combination_coverage","definitions":[{"text":"For a given test set that provides 100% t-way coverage for n variables, (t+k)-way combination coverage is the proportion of (t+k)-way combinations of n variables for which all variable-values configurations are fully covered.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":".csv","link":"https://csrc.nist.gov/glossary/term/_csv","abbrSyn":[{"text":"Comma-Separated Value","link":"https://csrc.nist.gov/glossary/term/comma_separated_value"}],"definitions":null},{"term":"[T]2","link":"https://csrc.nist.gov/glossary/term/bracket_t_sub_2","definitions":[{"text":"A binary representation for the integer T (using an agreed-upon length and bit order).","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An integer T represented as a binary string (denoted by the “2”) with a length specified by the function, an algorithm, or a protocol which uses T as an input.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]}]},{"term":"{X}","link":"https://csrc.nist.gov/glossary/term/brace_x","definitions":[{"text":"Used to indicate that data X is an optional input to the key derivation function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"Indicates that the inclusion of X is optional.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"+","link":"https://csrc.nist.gov/glossary/term/plus","definitions":[{"text":"Addition. For example, 5 + 4 = 9.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"Addition.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"(n, d)","link":"https://csrc.nist.gov/glossary/term/parenths_n_d","definitions":[{"text":"RSA private key in the basic format.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"(n, e)","link":"https://csrc.nist.gov/glossary/term/parenths_n_e","definitions":[{"text":"RSA public key.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"(n, e, d, p, q, dP, dQ, qInv)","link":"https://csrc.nist.gov/glossary/term/parenths_n_etc","definitions":[{"text":"RSA private key in the Chinese Remainder Theorem (CRT) format.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"(p, q, d)","link":"https://csrc.nist.gov/glossary/term/parenths_p_q_d","definitions":[{"text":"RSA private key in the prime-factor format.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"(r, s)","link":"https://csrc.nist.gov/glossary/term/parenths_r_s","definitions":[{"text":"Digital signature for DSA or ECDSA.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"[a, b]","link":"https://csrc.nist.gov/glossary/term/bracket_a_b","definitions":[{"text":"The set of integers x, such that a ≤ x ≤ b.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"The set of integers x such that a ≤ x ≤ b.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"[x]m","link":"https://csrc.nist.gov/glossary/term/bracket_x_m","definitions":[{"text":"The binary representation of the non-negative integer x, in m bits, where x<2m.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"[x]s","link":"https://csrc.nist.gov/glossary/term/bracket_x_sub_s","definitions":[{"text":"The binary representation of the non-negative integer x, in s bits, where x<2s.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The binary representation of the non-negative integer x as a string of s bits, where x<2s.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"The binary representation of the non-negative integer x as a string of s bits, where x < 2s.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"{a1, ...ai}","link":"https://csrc.nist.gov/glossary/term/brace_ai","definitions":[{"text":"The internal state of the DRBG at a point in time. The types and number of the ai values depends on the specific DRBG mechanism.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"{x, y}","link":"https://csrc.nist.gov/glossary/term/brace_x_y","definitions":[{"text":"A set containing the integers x and y.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"|x|","link":"https://csrc.nist.gov/glossary/term/absolute_x","definitions":[{"text":"The length of a bit string in bits.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under |X| "}]},{"text":"The length (in bits) of the bit string x. For example, |01100100| = 8.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"The absolute value of x.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under │x│ "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"leftmost (V, a)","link":"https://csrc.nist.gov/glossary/term/leftmost","definitions":[{"text":"The leftmost a bits of V.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"len (a)","link":"https://csrc.nist.gov/glossary/term/len_a","definitions":[{"text":"The length in bits of string a.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"min (a, b)","link":"https://csrc.nist.gov/glossary/term/min_a_b","definitions":[{"text":"The minimum of a and b.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"rightmost (V, a)","link":"https://csrc.nist.gov/glossary/term/rightmost_bits","definitions":[{"text":"The rightmost a bits of V.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"select (V, a, b)","link":"https://csrc.nist.gov/glossary/term/select_v_a_b","definitions":[{"text":"A substring of string V consisting of bit a through bit b.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"X • Y","link":"https://csrc.nist.gov/glossary/term/x_y_block_product","definitions":[{"text":"The product of two blocks, X and Y, regarded as elements of a certain binary Galois field.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"xmodn","link":"https://csrc.nist.gov/glossary/term/xmodn","definitions":[{"text":"The unique remainder r (where 0£ r £ n-1) when integer x is divided by n. For example, 23 mod 7 = 2.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"∇ψ2m(obs);∇2ψ2m(obs)","link":"https://csrc.nist.gov/glossary/term/matchobserved","definitions":[{"text":"A measure of how well the observed values match the expected value. See Sections 2.11 and 3.11.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"0s","link":"https://csrc.nist.gov/glossary/term/0_power_s","definitions":[{"text":"For a positive integer s, 0s is the string that consists of s consecutive 0 bits.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]},{"text":"The bit string that consists of s ‘0’ bits.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"The bit string that consists of s consecutive ‘0’ bits.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"0x","link":"https://csrc.nist.gov/glossary/term/x_power_x","definitions":[{"text":"A string of x zero bits. For example, 05 = 00000.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"The prefix to a bit string that is represented in hexadecimal characters.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The marker for the beginning of a hexadecimal representation of a bit string.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"A string of x zero bits.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"0x0X","link":"https://csrc.nist.gov/glossary/term/0x0x","definitions":[{"text":"8-bit binary representation of the hexadecimal number X, for example, 0x02 = 00000010.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"0xab","link":"https://csrc.nist.gov/glossary/term/0xab","definitions":[{"text":"Hexadecimal notation that is used to define a byte (i.e., eight bits) of information, where a and b each specify four bits of  information and have values from the range {0, 1, 2,…F}. For example, 0xc6 is used to represent 11000110, where c is 1100, and 6 is 0110.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"a mod b","link":"https://csrc.nist.gov/glossary/term/a_mod_b","definitions":[{"text":"The modulo operation of integers a and b. “a mod b” returns the remainder after dividing a by b.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"A(i)","link":"https://csrc.nist.gov/glossary/term/a_parenths_i","definitions":[{"text":"The output of the ith iteration in the first pipeline of a double pipeline iteration mode.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"The output of the ith  iteration in the first pipeline in a doublepipeline iteration mode.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]}]},{"term":"A","link":"https://csrc.nist.gov/glossary/term/a_uppercase","abbrSyn":[{"text":"Address","link":"https://csrc.nist.gov/glossary/term/address"}],"definitions":[{"text":"The associated data string.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The additional authenticated data","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"Additional input that is bound to the secret keying material; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A short, alphanumeric string derived from a user’s public key using a hash function, with additional data to detect errors. Addresses are used to send and receive digital assets.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Address "},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Address ","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"text":"Additional input that is bound to keying material; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"a","link":"https://csrc.nist.gov/glossary/term/a_lowercase","definitions":[{"text":"The significance level.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The octet length of the associated data.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"ADRS","link":"https://csrc.nist.gov/glossary/term/adrs","definitions":[{"text":"A 32-byte data structure used in XMSS when generating prefixes (keys) and bitmasks.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"AES(k, input)","link":"https://csrc.nist.gov/glossary/term/aes_k_input","definitions":[{"text":"A single AES encryption operation as specified in [FIPS 197] with k and input being the AES encryption key and one 128-bit block of plaintext/data, respectively.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"Alen","link":"https://csrc.nist.gov/glossary/term/alen","definitions":[{"text":"The bit length of the associated data.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Alphabet size","link":"https://csrc.nist.gov/glossary/term/alphabet_size","definitions":[{"text":"The number of distinct symbols that the noise source produces.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Alphabet","link":"https://csrc.nist.gov/glossary/term/alphabet","definitions":[{"text":"A finite set of two or more symbols.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"assurance_level","link":"https://csrc.nist.gov/glossary/term/assurance_level","definitions":[{"text":"The level of assurance (e.g., HIGH, MEDIUM, or LOW) that a claimed signatory possesses the private signature key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"b","link":"https://csrc.nist.gov/glossary/term/lower_case_b","definitions":[{"text":"The block size, in bits.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The bit length of a block.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"B","link":"https://csrc.nist.gov/glossary/term/upper_case_b","definitions":[{"text":"The bit string to be determined","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Bi","link":"https://csrc.nist.gov/glossary/term/bi","definitions":[{"text":"The ith block of the formatted input.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Binary data (from a noise source)","link":"https://csrc.nist.gov/glossary/term/binary_data","definitions":[{"text":"Digitized output from a noise source that consists of a single bit; that is, each sampled output value is represented as either 0 or 1.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"bLen","link":"https://csrc.nist.gov/glossary/term/blen","definitions":[{"text":"The length of the bit string B in bits","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"C#j","link":"https://csrc.nist.gov/glossary/term/c_pound_sub_i","definitions":[{"text":"The jth ciphertext segment.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"C*n","link":"https://csrc.nist.gov/glossary/term/cstarn","definitions":[{"text":"The last block of the ciphertext, which may be a partial block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"CIPH-1K(X)","link":"https://csrc.nist.gov/glossary/term/ciph_1kx","definitions":[{"text":"The inverse cipher function of the block cipher algorithm under the key K applied to the data block X.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The output of the inverse of the designated cipher function of the block cipher under the key K applied to the block X.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"CIPHK(X)","link":"https://csrc.nist.gov/glossary/term/ciph_kx","definitions":[{"text":"The forward cipher function of the block cipher algorithm under the key K applied to the data block X.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The output of the forward cipher function of the block cipher under the key K applied to the block X.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under CIPHK (X) "}]},{"text":"The output of the forward cipher function of the block cipher algorithm under the key K applied to the data block X.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The output of the designated cipher function of the block cipher under the key K applied to the block X.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Cj","link":"https://csrc.nist.gov/glossary/term/cj","definitions":[{"text":"The jth ciphertext block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Clen","link":"https://csrc.nist.gov/glossary/term/clen","definitions":[{"text":"The bit length of the ciphertext.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Cn","link":"https://csrc.nist.gov/glossary/term/cn_symbol","definitions":[{"text":"Block of data representing the Ciphertext n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"Conditioning (of noise source output)","link":"https://csrc.nist.gov/glossary/term/conditioning","definitions":[{"text":"A method of processing the raw data to reduce bias and/or ensure that the entropy rate of the conditioned output is no less than some specified amount.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Confidence interval","link":"https://csrc.nist.gov/glossary/term/confidence_interval","abbrSyn":[{"text":"CI","link":"https://csrc.nist.gov/glossary/term/ci"}],"definitions":[{"text":"An interval estimate [low, high] of a population parameter. If the population is repeatedly sampled, and confidence intervals are computed for each sample with significance level α, approximately 100(1− α) % of the intervals are expected to contain the true population parameter.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Continuous test","link":"https://csrc.nist.gov/glossary/term/continuous_test","definitions":[{"text":"A type of health test performed within an entropy source on the output of its noise source in order to gain some level of assurance that the noise source is working correctly, prior to producing each output from the entropy source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Ctri","link":"https://csrc.nist.gov/glossary/term/ctri","definitions":[{"text":"The ith counter block.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Cumulative Distribution Function (CDF) F(x)","link":"https://csrc.nist.gov/glossary/term/cumulative_distribution_function","definitions":[{"text":"A function giving the probability that the random variable X is less than or equal to x, for every value x. That is, \nF(x) = P(X £ x).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"D","link":"https://csrc.nist.gov/glossary/term/d_uppercase","definitions":[{"text":"A payload of data that is assembled and transmitted by the message signatory, which includes (at least) the message and a digital signature, and may also include one or more timestamps.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]},{"text":"The number of levels of trees in XMSSMT.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"d","link":"https://csrc.nist.gov/glossary/term/d_lowercase","definitions":[{"text":"The normalized difference between the observed and expected number of frequency components. See Sections 2.6 and 3.6.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"RSA private exponent; a positive integer.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Dataset","link":"https://csrc.nist.gov/glossary/term/dataset","definitions":[{"text":"A collection of data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under dataset "}]},{"text":"A sequence of sample values. (See Sample.)","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}],"seeAlso":[{"text":"Sample","link":"sample"}]},{"term":"Destruction","link":"https://csrc.nist.gov/glossary/term/destruction","definitions":[{"text":"The process of overwriting, erasing, or physically destroying a key so that it cannot be recovered.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"The process of overwriting, erasing, or physically destroying information (e.g., a cryptographic key) so that it cannot be recovered. See NIST SP 800-88.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Dictionary","link":"https://csrc.nist.gov/glossary/term/dictionary","definitions":[{"text":"A dynamic-length data structure that stores a collection of elements or values, where a unique label identifies each element. The label can be any data type.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Digitization","link":"https://csrc.nist.gov/glossary/term/digitization","definitions":[{"text":"The process of generating bits from the noise source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"dP","link":"https://csrc.nist.gov/glossary/term/dp","definitions":[{"text":"RSA private exponent for the prime factor p in the CRT format, i.e., d mod (p - 1); an integer.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"RSA private exponent for the prime factor p in the CRT format, i.e., d mod (p-1); an integer.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"dQ","link":"https://csrc.nist.gov/glossary/term/dq","definitions":[{"text":"RSA private exponent for the prime factor q in the CRT format, i.e., d mod (q - 1); an integer.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"RSA private exponent for the prime factor q in the CRT format, i.e., d mod (q-1); an integer.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"E[ ]","link":"https://csrc.nist.gov/glossary/term/expected_value_of_random_value","definitions":[{"text":"The expected value of a random variable.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"e","link":"https://csrc.nist.gov/glossary/term/e","definitions":[{"text":"The original input string of zero and one bits to be tested.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"RSA public exponent; a positive integer.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"eBits","link":"https://csrc.nist.gov/glossary/term/ebits","definitions":[{"text":"The bit length of the RSA exponent e.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Length in bits of the RSA exponent e.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"ei","link":"https://csrc.nist.gov/glossary/term/ei","definitions":[{"text":"The ith bit in the original sequencee.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"enc8(i)","link":"https://csrc.nist.gov/glossary/term/byte_encoding_of_int","definitions":[{"text":"For an integer i ranging from 0 to 255, enc8(i) is the byte encoding of i, with bit 0 being the low-order bit of the byte.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Entropy rate","link":"https://csrc.nist.gov/glossary/term/entropy_rate","definitions":[{"text":"The rate at which a digitized noise source (or entropy source) provides entropy; it is computed as the assessed amount of entropy provided by a bitstring output from the source, divided by the total number of bits in the bitstring (yielding the assessed bits of entropy per output bit). This will be a value between zero (no entropy) and one.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Estimate","link":"https://csrc.nist.gov/glossary/term/estimate","definitions":[{"text":"The estimated value of a parameter, as computed using an estimator.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Estimator","link":"https://csrc.nist.gov/glossary/term/estimator","definitions":[{"text":"A technique for estimating the value of a parameter.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"F","link":"https://csrc.nist.gov/glossary/term/f","definitions":[{"text":"Standard Normal Cumulative Distribution Function (see Section 5.5.3).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"fn","link":"https://csrc.nist.gov/glossary/term/f_n","definitions":[{"text":"The sum of the log2 distances between matching L-bit templates, i.e., the sum of the number of digits in the distance between L-bit templates. See Sections 2.9 and 3.9.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"GCD(a, b)","link":"https://csrc.nist.gov/glossary/term/gcda_b","definitions":[{"text":"Greatest Common Divisor of two positive integers a and b. For example, GCD(12, 16) = 4.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"GCTRK (ICB, X)","link":"https://csrc.nist.gov/glossary/term/gctrk","definitions":[{"text":"The output of the GCTR function for a given block cipher with key K applied to the bit string X with an initial counter block ICB.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"GHASHH (X)","link":"https://csrc.nist.gov/glossary/term/ghash_x","definitions":[{"text":"The output of the GHASH function under the hash subkey H applied to the bit string X.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"gir","link":"https://csrc.nist.gov/glossary/term/g_ir","definitions":[{"text":"DH key exchange value, also called a DH shared secret (in IKE version 2).","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"Global performance metric","link":"https://csrc.nist.gov/glossary/term/global_performance_metric","definitions":[{"text":"For a predictor, the number of accurate predictions over a long period.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"gxy","link":"https://csrc.nist.gov/glossary/term/gxy","definitions":[{"text":"Diffie-Hellman (DH) key exchange value, also called a DH shared secret (in IKE version 1).","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"H(M)","link":"https://csrc.nist.gov/glossary/term/hm","definitions":[{"text":"A hash value that is generated on M.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"H(x)","link":"https://csrc.nist.gov/glossary/term/hx","definitions":[{"text":"A cryptographic hash function with x as an input.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"A cryptographic hash function with x as an input","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"h","link":"https://csrc.nist.gov/glossary/term/lower_case_h","definitions":[{"text":"An ECC domain parameter; the cofactor, a positive integer that is equal to the order of the elliptic curve group, divided by the order of the cyclic subgroup generated by the distinguished point G. That is, nh is the order of the elliptic curve, where n is the order of the cyclic subgroup generated by the distinguished point G.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"The length of the PRF output in bits.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An integer whose value is the length of the output of the PRF in bits.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"H","link":"https://csrc.nist.gov/glossary/term/upper_case_h","definitions":[{"text":"The hash subkey.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"An auxiliary function used in certain key derivation methods. H is either an approved hash function, hash, or an HMAC-hash based on an approved hash function, hash, with a salt value used as the HMAC key.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"In LMS and XMSS, the height of the tree. In XMSSMT, the total height of the multi-tree (the trees at each level have a height of H/D).","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"H0","link":"https://csrc.nist.gov/glossary/term/h_0","definitions":[{"text":"The null hypothesis; i.e., the statement that the sequence is random.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"HMAC-hash","link":"https://csrc.nist.gov/glossary/term/hmac_hash","abbrSyn":[{"text":"Keyed-Hash Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code"}],"definitions":[{"text":"The HMAC algorithm using the hash function, HASH (e.g., HASHcould be SHA-1). See FIPS 198-1 for the specification of the HMAC algorithm using one of the approved hash functions.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under HMAC-HASH "}]},{"text":"Keyed-hash Message Authentication Code (as specified in [FIPS 198]) with an approved hash function hash.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"i","link":"https://csrc.nist.gov/glossary/term/i","definitions":[{"text":"A counter taking integer values in the interval [1, 2r-1] that is encoded as a bit string of length r; used as an input to each invocation of a PRF in the counter mode and (optionally) in the feedback and double-pipeline iteration modes.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"The counter for each iteration, which is represented as a binary string of length r when it is an input to each iteration of the PRF.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]}]},{"term":"ICV1","link":"https://csrc.nist.gov/glossary/term/icv1","definitions":[{"text":"The 64-bit default ICV for KW:0xA6A6A6A6A6A6A6A6.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"ICV2","link":"https://csrc.nist.gov/glossary/term/icv2","definitions":[{"text":"The 32-bit default ICV for KWP:0xA65959A6.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"ICV3","link":"https://csrc.nist.gov/glossary/term/icv3","definitions":[{"text":"The 32-bit default ICV for TKW:0xA6A6A6A6.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"IDP, IDR, IDU, IDV","link":"https://csrc.nist.gov/glossary/term/idp_idr_idu_idv","definitions":[{"text":"Identifier bit strings for parties P, R, U, and V, respectively.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Ij","link":"https://csrc.nist.gov/glossary/term/i_j","definitions":[{"text":"The jth input block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"In","link":"https://csrc.nist.gov/glossary/term/input_block_n","definitions":[{"text":"Block of data representing the Input Block n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"incs(X)","link":"https://csrc.nist.gov/glossary/term/output_increment_s_bits","definitions":[{"text":"The output of incrementing the right-most s bits of the bit string X, regarded as the binary representation of an integer, by 1 modulo 2s.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Independent","link":"https://csrc.nist.gov/glossary/term/independent","definitions":[{"text":"Two random variables X and Y are independent if they do not convey information about each other. Receiving information about X does not change the assessment of the probability distribution of Y (and vice versa).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"int(X)","link":"https://csrc.nist.gov/glossary/term/int_x","definitions":[{"text":"The integer for which the bit string X is a binary representation. len(X) The bit length of the bit string X.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"The integer for which the bit string X is the binary representation.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"j","link":"https://csrc.nist.gov/glossary/term/j","definitions":[{"text":"The index to a sequence of data blocks or data segments ordered from left to right.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"K1","link":"https://csrc.nist.gov/glossary/term/k1","definitions":[{"text":"The first subkey.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"K2","link":"https://csrc.nist.gov/glossary/term/k2","definitions":[{"text":"The second subkey.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Key management product","link":"https://csrc.nist.gov/glossary/term/key_management_product","definitions":[{"text":"A key management product is a cryptographic key (symmetric or asymmetric) or certificate used for encryption, decryption, digital signature, or signature verification; and other items, such as certificate revocation lists and compromised key lists, obtained by trusted means from the same source, which validate the authenticity of keys or certificates. Software that performs either a security or cryptographic function (e.g., keying material accounting and control, random number generation, cryptographic module verification) is also considered to be a cryptographic product.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A symmetric or asymmetric cryptographic key, a public-key certificate and other related items (such as domain parameters, IVs, random numbers, certificate revocation lists and compromised key lists, and tokens) that are obtained by a trusted means from some source.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key specification","link":"https://csrc.nist.gov/glossary/term/key_specification","definitions":[{"text":"A key specification documents the data format, encryption algorithms, hashing algorithms, signature algorithms, physical media, and data constraints for keys required by a cryptographic device and/or application.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A specification of the data format, cryptographic algorithms, physical media, and data constraints for keys required by a cryptographic device, application or process.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key1","link":"https://csrc.nist.gov/glossary/term/key1","definitions":[{"text":"The first component of a TDEA key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Key2","link":"https://csrc.nist.gov/glossary/term/key2","definitions":[{"text":"The second component of a TDEA key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Key3","link":"https://csrc.nist.gov/glossary/term/key3","definitions":[{"text":"The third component of a TDEA key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"KeyData","link":"https://csrc.nist.gov/glossary/term/keydata","definitions":[{"text":"Keying material other than that which is used for the MacKey employed in key confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KEYn","link":"https://csrc.nist.gov/glossary/term/keyn","definitions":[{"text":"Block of data representing KEY n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"Kill Command","link":"https://csrc.nist.gov/glossary/term/kill_command","definitions":[{"text":"A command that readers can send to tags that uses electronic disabling mechanisms to prevent tags from responding to any additional commands.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Klen","link":"https://csrc.nist.gov/glossary/term/klen","definitions":[{"text":"The bit length of the block cipher key.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"kLen","link":"https://csrc.nist.gov/glossary/term/k_len","definitions":[{"text":"The length of K in bits","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"L","link":"https://csrc.nist.gov/glossary/term/l","definitions":[{"text":"An integer specifying the length of the derived keying material KOUT in bits, which is represented as a bit string when it is an input to a key-derivation function.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An integer specifying the length of the derived keying material KOin bits, which is represented as a binary string when it is an input to a key derivation function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"An integer specifying the length of the derived keying material KMin bits, which is represented as a binary string when it is an input to a key derivation procedure.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"The number of levels of trees in HSS.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"L-bit Hash Function","link":"https://csrc.nist.gov/glossary/term/l_bit_hash_function","definitions":[{"text":"A hash function for which the length of the output is L bits.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"term":"LCM(a, b)","link":"https://csrc.nist.gov/glossary/term/lcma_b","definitions":[{"text":"Least Common Multiple of two positive integers a and b. For example, LCM(4, 6) = 12.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Len","link":"https://csrc.nist.gov/glossary/term/len","definitions":[{"text":"The number of n-byte string elements in a WOTS+ private key, public key, and signature.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"Level of Significance (a)","link":"https://csrc.nist.gov/glossary/term/level_of_significance_a","definitions":[{"text":"The probability of falsely rejecting the null hypothesis, i.e., the probability of concluding that the null hypothesis is false when the hypothesis is, in fact, true. The tester usually chooses this value; typical values are 0.05, 0.01 or 0.001; occasionally, smaller values such as 0.0001 are used. The level of significance is the probability of concluding that a sequence is non-random when it is in fact random. Synonyms: Type I error, a error.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"lg(x)","link":"https://csrc.nist.gov/glossary/term/lg_x","definitions":[{"text":"The base 2 logarithm of the positive real number x.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"List","link":"https://csrc.nist.gov/glossary/term/list","definitions":[{"text":"A dynamic-length data structure that stores a sequence of values, where each value is identified by its integer index.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Local performance metric","link":"https://csrc.nist.gov/glossary/term/local_performance_metric","definitions":[{"text":"For a predictor, the length of the longest run of correct predictions","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Lock Command","link":"https://csrc.nist.gov/glossary/term/lock_command","definitions":[{"text":"A command that readers can send to a tag to block access to certain information on the tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"log(x)","link":"https://csrc.nist.gov/glossary/term/log_x","definitions":[{"text":"The natural logarithm of x: log(x) = loge(x) = ln(x).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"log2(x)","link":"https://csrc.nist.gov/glossary/term/log2_x","definitions":[{"text":"Defined as ln(x)/ln(2), where ln is the natural logarithm.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"LSBm(X)","link":"https://csrc.nist.gov/glossary/term/lsbm_x","definitions":[{"text":"The bit string consisting of the m least significant bits of the bit string X.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"MacData","link":"https://csrc.nist.gov/glossary/term/macdata","definitions":[{"text":"A byte string input to the MacTag computation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"MacDataU, (or MacDataV)","link":"https://csrc.nist.gov/glossary/term/macdata_u","definitions":[{"text":"MacData associated with party U (or party V, respectively), and used to generate MacTagU (or MacTagV, respectively). Each is a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"MacKey","link":"https://csrc.nist.gov/glossary/term/mackey","definitions":[{"text":"Key used to compute the MAC; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"MacKeyLen","link":"https://csrc.nist.gov/glossary/term/mackeylen","definitions":[{"text":"The byte length of the MacKey.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Length in bytes of the MacKey.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"MacTagLen","link":"https://csrc.nist.gov/glossary/term/mactaglen","definitions":[{"text":"The byte length of MacTag.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The length of MacTag in bytes.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"MacTagV, (MacTagU)","link":"https://csrc.nist.gov/glossary/term/mactag_v","definitions":[{"text":"The MacTag generated by party V (or party U, respectively). Each is a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Markov model","link":"https://csrc.nist.gov/glossary/term/markov_model","definitions":[{"text":"A model for a probability distribution where the probability that the ith element of a sequence has a given value depends only on the values of the previous n elements of the sequence. The model is called an nth order Markov model.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"MaxErrs","link":"https://csrc.nist.gov/glossary/term/maxerrs","definitions":[{"text":"The maximum number of times that the output of any implementation of the decryption verification process can be INVALID before the key is retired.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"mgfSeed","link":"https://csrc.nist.gov/glossary/term/mgfseed","definitions":[{"text":"String from which a mask is derived; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Mi","link":"https://csrc.nist.gov/glossary/term/m_sub_i","definitions":[{"text":"The ith block of the formatted message.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"min(x, y)","link":"https://csrc.nist.gov/glossary/term/min_x_y","definitions":[{"text":"The minimum ofx and y. For example, if x < y, then min(x, y) = x.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"The minimum of x and y; min(x, y) = x if x < y, and min(x, y) = y otherwise.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"The minimum of x and y; min(x, y) = x if x < y, and min(x, y) = y otherwise","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Mlen","link":"https://csrc.nist.gov/glossary/term/mlen","definitions":[{"text":"The bit length of the message.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Mn*","link":"https://csrc.nist.gov/glossary/term/mnstar","definitions":[{"text":"The final block, possibly a partial block, of the formatted message.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Ms","link":"https://csrc.nist.gov/glossary/term/ms","definitions":[{"text":"The (original) message prior to randomization.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"MSBm(X)","link":"https://csrc.nist.gov/glossary/term/msbm_x","definitions":[{"text":"The bit string consisting of the m most significant bits of the bit string X.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"N","link":"https://csrc.nist.gov/glossary/term/n","definitions":[{"text":"The number of M-bit blocks to be tested.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The nonce.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"n","link":"https://csrc.nist.gov/glossary/term/n_lowercase","definitions":[{"text":"The number of iterations of the PRF needed to generate L bits of keying material.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"The number of bits in the stream being tested.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The number of data blocks or data segments in the plaintext.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The number of blocks in the formatted message.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]},{"text":"The octet length of the nonce.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"RSA modulus. n = pq, where p and q are distinct odd primes.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"The number of bytes in the output of a hash function.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"Narrowest internal width","link":"https://csrc.nist.gov/glossary/term/narrowest_internal_width","definitions":[{"text":"The maximum amount of information from the input that can affect the output. For example, if f(x) = SHA-1(x) || 01, and x consists of a string of 1000 binary bits, then the narrowest internal width of f(x) is 160 bits (the SHA-1 output length), and the output width of f(x) is 162 bits (the 160 bits from the SHA-1 operation, concatenated by 01).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"nBits","link":"https://csrc.nist.gov/glossary/term/nbits","definitions":[{"text":"The bit length of the RSA modulus n.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Length in bits of the RSA modulus n.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"nLen","link":"https://csrc.nist.gov/glossary/term/n_len","definitions":[{"text":"The bit length of the nonce.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Nlen "}]},{"text":"The byte length of the RSA modulus n. (Note that in FIPS 186, nlen refers to the bit length of n.)","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Length in bytes of the RSA modulus n.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Noise source","link":"https://csrc.nist.gov/glossary/term/noise_source","definitions":[{"text":"The component of an entropy source that contains the non-deterministic, entropy-producing activity (e.g., thermal noise or hard drive seek times).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Non-deterministic Random Bit Generator (NRBG)","link":"https://csrc.nist.gov/glossary/term/non_deterministic_random_bit_generator","abbrSyn":[{"text":"NRBG","link":"https://csrc.nist.gov/glossary/term/nrbg"}],"definitions":[{"text":"An RBG that always has access to an entropy source and (when working properly) produces output bitstrings that have full entropy. Often called a True Random Number (or Bit) Generator. (Contrast with a deterministic random bit generator).","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Non-Deterministic Random Bit Generator (Non-deterministic RBG) (NRBG) "}]},{"text":"An RBG that always has access to an entropy source and (when working properly) produces outputs that have full entropy (see SP 800-90C). Also called a true random bit (or number) generator (Contrast with a DRBG).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}],"seeAlso":[{"text":"DRBG","link":"drbg"}]},{"term":"Non-physical non-deterministic random bit generator","link":"https://csrc.nist.gov/glossary/term/non_physical_non_deterministic_random_bit_generator","definitions":[{"text":"An entropy source that does not use dedicated hardware but uses system resources (RAM content, thread number etc.) or the interaction of the user (time between keystrokes etc.).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Null","link":"https://csrc.nist.gov/glossary/term/null_symbol","definitions":[{"text":"The empty bit string","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"The empty bit string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"NV","link":"https://csrc.nist.gov/glossary/term/nv","definitions":[{"text":"Nonce contributed by party V; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Oj","link":"https://csrc.nist.gov/glossary/term/o_sub_j","definitions":[{"text":"The jth output block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"On","link":"https://csrc.nist.gov/glossary/term/o_n","definitions":[{"text":"Block of data representing Output Block n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"On-demand test","link":"https://csrc.nist.gov/glossary/term/on_demand_test","definitions":[{"text":"A type of health test that is available to be run whenever a user or a relying component requests it.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"P#j","link":"https://csrc.nist.gov/glossary/term/jth_plaintext_segment","definitions":[{"text":"The jth plaintext segment.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"P*n","link":"https://csrc.nist.gov/glossary/term/p_star_n","definitions":[{"text":"The last block of the plaintext, which may be a partial block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"p","link":"https://csrc.nist.gov/glossary/term/p_lowercase","definitions":[{"text":"An FFC domain parameter; an odd prime number that determines the size of the finite field GF(p).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"3.14159… unless defined otherwise for a specific test.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"First prime factor of the RSA modulus n.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"The number of n-byte string elements in an LM-OTS private key, public key, and signature.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"padding","link":"https://csrc.nist.gov/glossary/term/padding","definitions":[{"text":"A string consisting of a single “1” bit, followed by zero or more “0” bits.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"Physical non-deterministic random bit generator","link":"https://csrc.nist.gov/glossary/term/physical_non_deterministic_random_bit_generator","definitions":[{"text":"An entropy source that uses dedicated hardware or uses a physical experiment (noisy diode(s), oscillators, event sampling like radioactive decay, etc.)","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Pj","link":"https://csrc.nist.gov/glossary/term/p_sub_j","definitions":[{"text":"The jth plaintext block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Plen","link":"https://csrc.nist.gov/glossary/term/p_len","definitions":[{"text":"The bit length of the payload.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Pn","link":"https://csrc.nist.gov/glossary/term/p_sub_n","definitions":[{"text":"Block of data representing Plaintext n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"Predictor","link":"https://csrc.nist.gov/glossary/term/predictor","definitions":[{"text":"A function that predicts the next value in a sequence, based on previously observed values in the sequence.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"PRF(s, x)","link":"https://csrc.nist.gov/glossary/term/prf_s_x","definitions":[{"text":"A pseudorandom function with seed s and input data x.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"PrivKeyU, PrivKeyV","link":"https://csrc.nist.gov/glossary/term/privkey_u_privkey_v","definitions":[{"text":"Private key of party U or V, respectively.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Probability model","link":"https://csrc.nist.gov/glossary/term/probability_model","definitions":[{"text":"A mathematical representation of a random phenomenon.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"PubKeyU, PubKeyV","link":"https://csrc.nist.gov/glossary/term/pubkey_u_pubkey_v","definitions":[{"text":"Public key of party U or V, respectively.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"q","link":"https://csrc.nist.gov/glossary/term/q_lowercase","definitions":[{"text":"When used as an FFC domain parameter, q is the (odd) prime number equal to the order of the multiplicative subgroup of GF(p)* generated by g. Note that q is a divisor of p – 1.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"When used as an ECC domain parameter, q is the field size. It is either an odd prime p or equal to 2m, for some prime integer m.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"The octet length of the binary representation of the octet length of the payload.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"Second prime factor of the RSA modulus n.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Q","link":"https://csrc.nist.gov/glossary/term/q","abbrSyn":[{"text":"Quasi","link":"https://csrc.nist.gov/glossary/term/quasi"}],"definitions":[{"text":"A bit string representation of the octet length of P.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"qInv","link":"https://csrc.nist.gov/glossary/term/q_inv","definitions":[{"text":"Inverse of q modulo p in the CRT format, i.e., q-1 mod p; an integer.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"r","link":"https://csrc.nist.gov/glossary/term/r_lowercase","definitions":[{"text":"An integer that is less than or equal to 32, whose value is the bit length of the agreed-upon binary encoding of a counter i used as input during invocations of the PRF employed by a KDF.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An integer, smaller or equal to 32, whose value is the length of the binary representation of the counter i when i is an input in counter mode  or  (optionally)  in  feedback  mode  and  double-pipeline iteration mode of each iteration of the PRF.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"The number of blocks in the formatted input data (N, A, P).","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"R","link":"https://csrc.nist.gov/glossary/term/r","definitions":[{"text":"The constant within the algorithm for the block multiplication operation.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"In XMSS, the n-byte randomizer used for randomized message hashing.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"Raw data","link":"https://csrc.nist.gov/glossary/term/raw_data","definitions":[{"text":"Digitized output of the noise source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Rb","link":"https://csrc.nist.gov/glossary/term/r_sub_b","definitions":[{"text":"The constant string for subkey generation for a cipher with block size b.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"RESULTn","link":"https://csrc.nist.gov/glossary/term/resultn","definitions":[{"text":"Block of data representing Plaintext n, if encryption state, or Ciphertext n, if decryption state","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"Run (of output sequences)","link":"https://csrc.nist.gov/glossary/term/run_of_output_sequences","definitions":[{"text":"A sequence of identical values.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"rv[0…b]","link":"https://csrc.nist.gov/glossary/term/rv_substring","definitions":[{"text":"For bit string rv, rv[0…b] is a substring consisting of the leftmost b+1 bit(s) of rv, where b ≥ 0.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"rv_length_indicator","link":"https://csrc.nist.gov/glossary/term/rv_length_indicator","definitions":[{"text":"A 16-bit binary representation of the length (in bits) of rv.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"rv","link":"https://csrc.nist.gov/glossary/term/rv","definitions":[{"text":"The random value that is combined with the message Ms to produce the randomized message M.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"S_XMSS","link":"https://csrc.nist.gov/glossary/term/s_xmss","definitions":[{"text":"A secret random value used for pseudorandom key generation in XMSS.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"s","link":"https://csrc.nist.gov/glossary/term/s","definitions":[{"text":"The standard deviation of a random variable =Öò(x-m)2f ( x )dx.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The number of bits in a data segment.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"Security strength in bits.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"Salt used during randomness extraction.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"S","link":"https://csrc.nist.gov/glossary/term/s_uppercase","abbrSyn":[{"text":"Specific","link":"https://csrc.nist.gov/glossary/term/specific"}],"definitions":[{"text":"The desired security strength for a digital signature.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"The summation symbol.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"String of bytes.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"s2","link":"https://csrc.nist.gov/glossary/term/s2","definitions":[{"text":"The variance of a random variable = (standard deviation)2.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Sample","link":"https://csrc.nist.gov/glossary/term/sample","definitions":[{"text":"An observation of the raw data output by a noise source. Common examples of output values obtained by sampling are single bits, single bytes, etc. (The term “sample” is often extended to denote a sequence of such observations; this Recommendation will refrain from that practice.)","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}],"seeAlso":[{"text":"Dataset","link":"dataset"}]},{"term":"Security boundary","link":"https://csrc.nist.gov/glossary/term/security_boundary","definitions":[{"text":"A conceptual boundary that is used to assess the amount of entropy provided by the values output from an entropy source. The entropy assessment is performed under the assumption that any observer (including any adversary) is outside of that boundary.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"SEED","link":"https://csrc.nist.gov/glossary/term/seed_symbol","definitions":[{"text":"An optional ECC domain parameter; an initialization value that is used during domain parameter generation that can also be used to provide assurance at a later time that the resulting domain parameters were generated using a canonical process.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"An FFC domain parameter; an initialization value that is used during domain parameter generation that can also be used to provide assurance at a later time that the resulting domain parameters were generated using a canonical process.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"In XMSS, the public, random, unique identifier for the long-term key.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]},{"text":"In LMS, a secret random value used for pseudorandom key generation.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"sig’","link":"https://csrc.nist.gov/glossary/term/sig_received","definitions":[{"text":"The received digital signature of a randomized message.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"sig","link":"https://csrc.nist.gov/glossary/term/sig","definitions":[{"text":"A digital signature of a randomized message.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"SK_PRF","link":"https://csrc.nist.gov/glossary/term/sk_prf","definitions":[{"text":"An n-byte key used to pseudorandomly generate the randomizer r.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"SKEY","link":"https://csrc.nist.gov/glossary/term/skey","definitions":[{"text":"A session key in TPM.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"Sn","link":"https://csrc.nist.gov/glossary/term/s_sub_n","definitions":[{"text":"The nth partial sum for values Xi = {-1, +1}; i.e., the sum of the first n values of Xi.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"sobs","link":"https://csrc.nist.gov/glossary/term/sobs","definitions":[{"text":"The observed value which is used as a statistic in the Frequency test.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"ss_K","link":"https://csrc.nist.gov/glossary/term/ss_k","definitions":[{"text":"The security strength that can be supported by the key K","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"ss_Mi","link":"https://csrc.nist.gov/glossary/term/ss_mi","definitions":[{"text":"The security strength that can be supported by the combination of the methods used to generate a key Ki, and the methods used to protect it after generation (e.g., during key-transport and/or storage)","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Start-up testing","link":"https://csrc.nist.gov/glossary/term/start_up_testing","definitions":[{"text":"A suite of health tests that are performed every time the entropy source is initialized or powered up. These tests are carried out on the noise source before any output is released from the entropy source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Stochastic model","link":"https://csrc.nist.gov/glossary/term/stochastic_model","definitions":[{"text":"A stochastic model is a mathematical description (of the relevant properties) of an entropy source using random variables. A stochastic model used for an entropy source analysis is used to support the estimation of the entropy of the digitized data and finally of the raw data. In particular, the model is intended to provide a family of distributions, which contains the true (but unknown) distribution of the noise source outputs. Moreover, the stochastic model should allow an understanding of the factors that may affect the entropy. The distribution of the entropy source needs to remain in the family of distributions, even if the quality of the digitized data goes down.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Submitter","link":"https://csrc.nist.gov/glossary/term/submitter","definitions":[{"text":"The party that submits the entire entropy source and output from its components for validation. The submitter can be any entity that can provide validation information as required by this Recommendation (e.g., developer, designer, vendor or any organization).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Symbol","link":"https://csrc.nist.gov/glossary/term/symbol","definitions":[{"text":"The value of the noise source output (i.e., sample value).","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"T","link":"https://csrc.nist.gov/glossary/term/t_uppercase","definitions":[{"text":"The MAC.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]},{"text":"The MAC that is generated as an internal variable in the CCM processes.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The authentication tag.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"t","link":"https://csrc.nist.gov/glossary/term/t","definitions":[{"text":"The octet length of the MAC.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The bit length of the authentication tag.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"T192(X)","link":"https://csrc.nist.gov/glossary/term/t_192_x","definitions":[{"text":"A truncation function that outputs the most significant (i.e., leftmost) 192 bits of the input bit string X.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"Testing laboratory","link":"https://csrc.nist.gov/glossary/term/testing_laboratory","definitions":[{"text":"An accredited cryptographic security testing laboratory.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"TEXTn","link":"https://csrc.nist.gov/glossary/term/textn","definitions":[{"text":"Block of data representing Plaintext n, if encryption state, or Ciphertext n,","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"timestamp_signatureTTA","link":"https://csrc.nist.gov/glossary/term/timestamp_signaturetta","definitions":[{"text":"A digital signature that is generated using a TTA’s private signature key.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"timestamp_time","link":"https://csrc.nist.gov/glossary/term/timestamp_time","definitions":[{"text":"The time provided in a timestamp.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"timestamp","link":"https://csrc.nist.gov/glossary/term/timestamp_symbol","definitions":[{"text":"Contains the time and, possibly, other information; a component of timestamped_data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"timestamped_data","link":"https://csrc.nist.gov/glossary/term/timestamped_data","definitions":[{"text":"The data on which a digital signature is generated by a TTA.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"Tj","link":"https://csrc.nist.gov/glossary/term/t_sub_j","definitions":[{"text":"The jth counter block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Tlen","link":"https://csrc.nist.gov/glossary/term/tlen","definitions":[{"text":"The bit length of the MAC.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"TMacTagBits(X)","link":"https://csrc.nist.gov/glossary/term/tmactagbits_x","definitions":[{"text":"A truncation function that outputs the most significant (i.e., leftmost) MacTagBits bits of the input string, X, when the bit length of X is greater than MacTagBits; otherwise, the function outputs X. For example, T2(1011) = 10, T3(1011) = 101, and T4(1011) = 1011.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A truncation function that outputs the most significant (i.e., leftmost) MacTagBits bits of the input string, X, when the bit length of X is greater than MacTagBits; otherwise, the function outputs X. For example, T2(1011)=10, T3(1011)=101, and T4(1011)=1011.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"TTA_supplied_info","link":"https://csrc.nist.gov/glossary/term/tta_supplied_info","definitions":[{"text":"Additional information that is included in the timestamped_data by a TTA during the generation of a timestamp_signature.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"TW(S)","link":"https://csrc.nist.gov/glossary/term/tw_s","definitions":[{"text":"The output of the wrapping function for TKW applied to the string S.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"TW-1(C)","link":"https://csrc.nist.gov/glossary/term/tw_1_c","definitions":[{"text":"The output of the unwrapping function for TKW applied to the string C.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Type I error","link":"https://csrc.nist.gov/glossary/term/type_i_error","definitions":[{"text":"Incorrectly rejection of a true null hypothesis.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"u","link":"https://csrc.nist.gov/glossary/term/u_lowercase","definitions":[{"text":"The number of bits in the last plaintext or ciphertext block.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"user_supplied_info","link":"https://csrc.nist.gov/glossary/term/user_supplied_info","definitions":[{"text":"Additional information that is provided by an entity when requesting a timestamp from a TTA.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"VARIABLEn","link":"https://csrc.nist.gov/glossary/term/variablen","definitions":[{"text":"Block of data representing the value of VARIABLE for the nth iteration","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"Vn(obs)","link":"https://csrc.nist.gov/glossary/term/vnobs","definitions":[{"text":"The observed number of runs in a sequence of length n. See Sections 2.3 and 3.3.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Vn","link":"https://csrc.nist.gov/glossary/term/vn","definitions":[{"text":"The expected number of runs that would occur in a sequence of length n under an assumption of randomness See Sections 2.3 and 3.3.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"W(S)","link":"https://csrc.nist.gov/glossary/term/w_s","definitions":[{"text":"The output of the wrapping function for KW and KWP applied to the bit string S.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"w","link":"https://csrc.nist.gov/glossary/term/w","definitions":[{"text":"The length of a key-derivation key in bits.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An integer that denotes the length of a key derivation key in bits.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"In XMSS, the length of a Winternitz chain. A single Winternitz chain uses log2(w) bits from the hash or checksum.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]},{"text":"In LMS, the number of bits from the hash or checksum used in a single Winternitz chain. The length of a Winternitz chain is 2w. (Note that using a Winternitz parameter of w = 4 in LMS would be comparable to using a parameter of w = 16 in XMSS.)","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"W-1(C)","link":"https://csrc.nist.gov/glossary/term/w_1_c","definitions":[{"text":"The output of the unwrapping function for KW and KWP applied to the bit string C.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"X =? Y","link":"https://csrc.nist.gov/glossary/term/x_notequalto_y","definitions":[{"text":"Check for the equality of X and Y.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Check for equality of X and Y.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"x -1 mod n","link":"https://csrc.nist.gov/glossary/term/x__1_mod_n","definitions":[{"text":"The multiplicative inverse of the integer x modulo the positive integer n. This quantity is defined if and only if x is relatively prime to n. For the purposes of this Recommendation, y = x-1 mod n is the unique integer satisfying the following two conditions:","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The multiplicative inverse of the integer x modulo the positive integer n. This quantity is defined if and only if x is relatively prime to n. For the purposes of this Recommendation, y = x-1 mod n is the unique integer satisfying the following two conditions: 1) 0 £ y < n, and 2) 1 = (xy) mod n.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"x mod n","link":"https://csrc.nist.gov/glossary/term/x_mod_n","definitions":[{"text":"The unique remainder r, 0£ r £ (n – 1), when integer x is divided by positive integer n. For example, 23 mod 7 = 2.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"The modular reduction of the (arbitrary) integer x by the positive integer n (the modulus). For the purposes of this Recommendation, y = x mod n is the unique integer satisfying the following two conditions: 1) 0 £ y < n, and 2) x - y is divisible by n.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"X|Y","link":"https://csrc.nist.gov/glossary/term/x_concat_y","definitions":null},{"term":"X⊕Y","link":"https://csrc.nist.gov/glossary/term/x_XOR_y","definitions":[{"text":"Bit-wise inclusive-or of two bit-strings X and Y of the same bit length.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"The bitwise exclusive-OR of two bit strings X and Y of the same length.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under X⊕  Y "},{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under X⊕ Y "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under X⊕ Y "}]},{"text":"The bitwise exclusive-OR of bit strings X and Y whose bit lengths are equal.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under X⊕ Y "}]},{"text":"Bitwise exclusive-or (also bitwise addition modulo 2) of two bitstrings\nX and Y of the same length.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"X","link":"https://csrc.nist.gov/glossary/term/x_uppercase","definitions":[{"text":"The smallest integer that is larger than or equal to X. The ceiling of X.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"Byte string to be converted to or from an integer; the output of conversion from an ASCII string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"⎾x⏋","link":"https://csrc.nist.gov/glossary/term/ceiling_x","definitions":[{"text":"The smallest integer that is larger than or equal to X. The ceiling of X. For example, \\(\\lceil\\)8.2\\(\\rceil\\) = 9.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under \\(\\lceil\\)X\\(\\rceil\\) "}]},{"text":"The ceiling of x; the smallest integer ≥ x. For example,⎾5⏋= 5 and⎾5.2⏋= 6.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"},{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"For a real number x, ⌈x⌉ is the least integer that is not strictly less than x. For example, ⌈3.2⌉ = 4, ⌈−3.2⌉ = −3, and ⌈6⌉=6.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]},{"text":"The ceiling of x; the smallest integer ≥ x. For example,⎾5⏋= 5 and⎾5.3⏋= 6.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"The ceiling of x; the smallest integer \\(\\geq\\) x. For example, \\(\\lceil\\)5\\(\\rceil\\) = 5 and \\(\\lceil\\)5.3\\(\\rceil\\) = 6.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under ┌x┐ "}]}]},{"term":"X<< 1","link":"https://csrc.nist.gov/glossary/term/x_leftbitshift_1","definitions":[{"text":"The bit string that results from discarding the leftmost bit of the bit string X and appending a ‘0’ bit on the right.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"X>> 1","link":"https://csrc.nist.gov/glossary/term/x_rightbitshift_1","definitions":[{"text":"The bit string that results from discarding the rightmost bit of the bit string X and prepending a ‘0’ bit on the left.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"x·y","link":"https://csrc.nist.gov/glossary/term/x_y_int_product","definitions":[{"text":"The product of two integers, x and y.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"X2(obs)","link":"https://csrc.nist.gov/glossary/term/x2obs","definitions":[{"text":"The chi-square statistic computed on the observed values. See Sections 2.2, 2.4, 2.5, 2.7, 2.8, 2.10, 2.12, 2.14, and the corresponding sections of Section 3.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"X2","link":"https://csrc.nist.gov/glossary/term/x2","definitions":[{"text":"The [theoretical] chi-square distribution; used as a test statistic; also, a test statistic that follows the X2 distribution.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Xi","link":"https://csrc.nist.gov/glossary/term/xi","definitions":[{"text":"The elements of the string consisting of±1 that is to be tested for randomness, where Xi = 2ei-1.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"For a positive integer i, the ith power of X under the product ‘•’.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"xj","link":"https://csrc.nist.gov/glossary/term/xj","definitions":[{"text":"The total number of times that a given state occurs in the identified cycles. See Section 2.15 and 3.15.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Z","link":"https://csrc.nist.gov/glossary/term/z_uppercase","definitions":[{"text":"A shared secret (represented as a byte string) that is used to derive secret keying material using a key derivation method.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A shared secret that is used to derive secret keying material using a key-derivation method; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"Shared secret.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"KIN","link":"https://csrc.nist.gov/glossary/term/k_sub_in","definitions":[{"text":"A key-derivation key used as input to a key-derivation function (along with other data) to derive the output keying material KOUT.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"KOUT","link":"https://csrc.nist.gov/glossary/term/k_sub_out","definitions":[{"text":"Output keying material that is derived from the key-derivation key KIN and other data that were used as input to a key-derivation function.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":":= Y","link":"https://csrc.nist.gov/glossary/term/define_x_equal_to_y","definitions":[{"text":"X is defined to be equal to Y.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"\\(\\in\\)","link":"https://csrc.nist.gov/glossary/term/element_belongs_to","definitions":[{"text":"For an element s and a set S, s \\(\\in\\) S, means that s belongs to S.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"\\(\\varepsilon\\)","link":"https://csrc.nist.gov/glossary/term/epsilon","definitions":[{"text":"A positive constant that is assumed to be no greater than \\(2^{-32}\\)","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]}]},{"term":"client","link":"https://csrc.nist.gov/glossary/term/client","definitions":[{"text":"a machine or software application that accesses a cloud over a network connection, perhaps on behalf of a consumer; and","sources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]},{"text":"A function that uses the PKI to obtain certificates and validate certificates and signatures. Client functions are present in CAs and end entities. Client functions may also be present in entities that are not certificate holders. That is, a system or user that verifies signatures and validation paths is a client, even if it does not hold a certificate itself. See section 2.4.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under client (or PKI client) "}]},{"text":"A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Client (application) "}]},{"text":"A machine or software application that accesses a cloud over a network connection, perhaps on behalf of a consumer.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]}]},{"text":"A function that uses the PKI to obtain certificates and validate certificates and signatures. Client functions are present in CAs and end entities. Client functions may also be present in entities that are not certificate holders. That is, a system or user that verifies signatures and validation paths is a client, even if it does not hold a certificate itself.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Client ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]}]}]},{"term":"cloud consumer or customer","link":"https://csrc.nist.gov/glossary/term/cloud_consumer_or_customer","definitions":[{"text":"a person or organization that is a customer of a cloud; note that a cloud customer may itself be a cloud and that clouds may offer services to one another;","sources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]}]},{"term":"cloud provider or provider","link":"https://csrc.nist.gov/glossary/term/cloud_provider_or_provider","definitions":[{"text":"an organization that provides cloud services.","sources":[{"text":"NIST SP 800-146","link":"https://doi.org/10.6028/NIST.SP.800-146"}]}]},{"term":"Shall","link":"https://csrc.nist.gov/glossary/term/shall","definitions":[{"text":"The term used to indicate a requirement of a Federal Information Processing Standard (FIPS) or a requirement that needs to be fulfilled to claim conformance with this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under shall "}]},{"text":"A requirement that needs to be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A requirement for Federal Government use.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]},{"text":"Used to indicate a requirement of this standard.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"Used to indicate a requirement of this Recommendation.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"},{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"This term is used to indicate a requirement of a Federal Information Processing Standard (FIPS) or a requirement that needs to be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"This term is used to indicate a requirement of a Federal Information Processing Standard (FIPS) or a requirement that must be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"This term is used to indicate a requirement that needs to be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"Is required to. Requirements apply to conforming implementations.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under shall "}]},{"text":"A requirement that needs to be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"Used to indicate a requirement of this Recommendation. \"Shall\" may be coupled with \"not\" to become \"shall not.\"","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"The term used to indicate a requirement that needs to be fulfilled to claim conformance to this Recommendation. Note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]},{"text":"A requirement that must be met unless a justification of why it cannot be met is given and accepted.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"This term is used to indicate a requirement of a Federal Information Processing Standard (FIPS) or a requirement that must be fulfilled to claim conformance to this Recommendation; note that shall may be coupled with not to become shall not.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Should","link":"https://csrc.nist.gov/glossary/term/should","definitions":[{"text":"The term used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under should "}]},{"text":"Used to indicate a strong recommendation but not a requirement of this standard. Ignoring the recommendation could result in undesirable results.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"This term is used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"},{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"Is recommended to.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under should "}]},{"text":"An important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"This term is used to indicate a very important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"Used to indicate a strong recommendation, but not a requirement of this Recommendation.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"Used to indicate a highly desirable feature for a DRBG mechanism that is not necessarily required by this Recommendation. \"Should\" may be coupled with \"not\" to become \"should not.\"","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"The term used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]},{"text":"When shown in a bold font, this term is used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results. Note that should may be coupled with not to become should not.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"This term is used to indicate an important recommendation. Ignoring the recommendation could result in undesirable results.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108"}]}]},{"text":"An objective that can be met.  It is used when a specific requirement is not feasible in some situations or with common current technology.  Non- conformance to such requirements requires less justification and should be more readily approved.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]}]},{"term":"∅","link":"https://csrc.nist.gov/glossary/term/empty_set","definitions":[{"text":"The empty binary string. That is, for any binary string A,∅ || A = A || ∅= A.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"0x00","link":"https://csrc.nist.gov/glossary/term/0x00","definitions":[{"text":"An all-zero octet.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An all zero octet.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"An all-zero octet. In this Recommendation, it is suggested for use as an ending indicator of a variable length data field, which holds the ASCII code for a character string.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"24 Hours a Day, Seven Days a Week","link":"https://csrc.nist.gov/glossary/term/24_hours_a_day_seven_days_a_week","abbrSyn":[{"text":"24/7","link":"https://csrc.nist.gov/glossary/term/24_7"}],"definitions":null},{"term":"24/7","link":"https://csrc.nist.gov/glossary/term/24_7","abbrSyn":[{"text":"24 Hours a Day, Seven Days a Week","link":"https://csrc.nist.gov/glossary/term/24_hours_a_day_seven_days_a_week"}],"definitions":null},{"term":"2FA","link":"https://csrc.nist.gov/glossary/term/2fa","abbrSyn":[{"text":"abstraction","link":"https://csrc.nist.gov/glossary/term/abstraction"},{"text":"Multifactor Authentication"},{"text":"Two-Factor Authentication","link":"https://csrc.nist.gov/glossary/term/two_factor_authentication"}],"definitions":[{"text":"Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/personal identification number [PIN]); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"View of an object that focuses on the information relevant to a particular purpose and ignores the remainder of the information.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under abstraction ","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"An authentication system that requires more than one distinct authentication factor for successful authentication. Multifactor authentication can be performed using a multifactor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multifactor Authentication "}]}]},{"term":"2G","link":"https://csrc.nist.gov/glossary/term/2g","abbrSyn":[{"text":"2nd Generation","link":"https://csrc.nist.gov/glossary/term/2nd_generation"}],"definitions":null},{"term":"2nd Generation","link":"https://csrc.nist.gov/glossary/term/2nd_generation","abbrSyn":[{"text":"2G","link":"https://csrc.nist.gov/glossary/term/2g"}],"definitions":null},{"term":"2TDEA","link":"https://csrc.nist.gov/glossary/term/2tdea","abbrSyn":[{"text":"Two-key TDEA"},{"text":"Two-key Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/two_key_triple_data_encryption_algorithm"}],"definitions":[{"text":"Two-key Triple Data Encryption Algorithm specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]}]},{"term":"3DES","link":"https://csrc.nist.gov/glossary/term/3des","abbrSyn":[{"text":"Triple Data Encryption Standard","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_standard"},{"text":"Triple DES"},{"text":"Triple DES (TDEA)"}],"definitions":null,"seeAlso":[{"text":"Triple Data Encryption Algorithm","link":"triple_data_encryption_algorithm"}]},{"term":"3G","link":"https://csrc.nist.gov/glossary/term/3g","abbrSyn":[{"text":"3rd Generation","link":"https://csrc.nist.gov/glossary/term/3rd_generation"}],"definitions":null},{"term":"3rd Generation","link":"https://csrc.nist.gov/glossary/term/3rd_generation","abbrSyn":[{"text":"3G","link":"https://csrc.nist.gov/glossary/term/3g"}],"definitions":null},{"term":"3TDEA","link":"https://csrc.nist.gov/glossary/term/3tdea","abbrSyn":[{"text":"Three key TDEA"},{"text":"Three-key TDEA"},{"text":"Three-key Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/three_key_triple_data_encryption_algorithm"}],"definitions":[{"text":"Three-key Triple Data Encryption Algorithm specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]}]},{"term":"4G","link":"https://csrc.nist.gov/glossary/term/4g","abbrSyn":[{"text":"4th Generation","link":"https://csrc.nist.gov/glossary/term/4th_generation"}],"definitions":null},{"term":"4th Generation","link":"https://csrc.nist.gov/glossary/term/4th_generation","abbrSyn":[{"text":"4G","link":"https://csrc.nist.gov/glossary/term/4g"}],"definitions":null},{"term":"5G","link":"https://csrc.nist.gov/glossary/term/5g","abbrSyn":[{"text":"5th Generation","link":"https://csrc.nist.gov/glossary/term/5th_generation"},{"text":"Fifth generation technology standard for broadband cellular networks","link":"https://csrc.nist.gov/glossary/term/fifth_generation_technology_standard_for_broadband_cellular_networks"}],"definitions":null},{"term":"5th Generation","link":"https://csrc.nist.gov/glossary/term/5th_generation","abbrSyn":[{"text":"5G","link":"https://csrc.nist.gov/glossary/term/5g"}],"definitions":null},{"term":"6LowPANs","link":"https://csrc.nist.gov/glossary/term/6lowpans","abbrSyn":[{"text":"IPv6 over Low-Power Wireless Personal Area Networks","link":"https://csrc.nist.gov/glossary/term/ipv6_over_low_power_wireless_personal_area_networks"}],"definitions":null},{"term":"8 Phase Differential Phase Shift Keying","link":"https://csrc.nist.gov/glossary/term/8_phase_differential_phase_shift_keying","abbrSyn":[{"text":"8DPSK","link":"https://csrc.nist.gov/glossary/term/8dpsk"}],"definitions":null},{"term":"8DPSK","link":"https://csrc.nist.gov/glossary/term/8dpsk","abbrSyn":[{"text":"8 phase Differential Phase Shift Keying"},{"text":"8 Phase Differential Phase Shift Keying","link":"https://csrc.nist.gov/glossary/term/8_phase_differential_phase_shift_keying"}],"definitions":null},{"term":"a | x","link":"https://csrc.nist.gov/glossary/term/a_div_x","definitions":[{"text":"a divides x.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"A&A","link":"https://csrc.nist.gov/glossary/term/aanda","abbrSyn":[{"text":"Assessment and Authorization","link":"https://csrc.nist.gov/glossary/term/assessment_and_authorization"}],"definitions":null},{"term":"A3","link":"https://csrc.nist.gov/glossary/term/a3","abbrSyn":[{"text":"Association for Advancing Automation","link":"https://csrc.nist.gov/glossary/term/association_for_advancing_automation"}],"definitions":null},{"term":"AA","link":"https://csrc.nist.gov/glossary/term/aa","abbrSyn":[{"text":"Attribute Authority","link":"https://csrc.nist.gov/glossary/term/attribute_authority"}],"definitions":[{"text":"An entity, recognized by the Federal PKI Policy Authority or comparable Agency body as having the authority to verify the association of attributes to an identity.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Attribute Authority "}]}]},{"term":"AAA","link":"https://csrc.nist.gov/glossary/term/aaa","abbrSyn":[{"text":"Authentication, Authorization, and Accounting","link":"https://csrc.nist.gov/glossary/term/authentication_authorization_and_accounting"}],"definitions":null},{"term":"AAAK","link":"https://csrc.nist.gov/glossary/term/aaak","abbrSyn":[{"text":"Authentication, Authorization, and Accounting Key","link":"https://csrc.nist.gov/glossary/term/authentication_authorization_and_accounting_key"}],"definitions":null},{"term":"AAD","link":"https://csrc.nist.gov/glossary/term/aad","abbrSyn":[{"text":"Additional Authenticated Data","link":"https://csrc.nist.gov/glossary/term/additional_authenticated_data"},{"text":"Additional Authentication Data"}],"definitions":[{"text":"The input data to the authenticated encryption function that is authenticated but not encrypted.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Additional Authenticated Data "}]}]},{"term":"AAL","link":"https://csrc.nist.gov/glossary/term/aal","abbrSyn":[{"text":"application allowlisting","link":"https://csrc.nist.gov/glossary/term/application_allowlisting"},{"text":"Authenticator Assurance Level"}],"definitions":[{"text":"A list of applications and application components (libraries, configuration files, etc.) that are authorized to be present or active on a host according to a well-defined baseline.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under application allowlisting ","refSources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167","note":" - Under \"application whitelist\""}]}]},{"text":"A category describing the strength of the authentication process.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator Assurance Level "}]}]},{"term":"AAMI","link":"https://csrc.nist.gov/glossary/term/aami","abbrSyn":[{"text":"Advancement of Medical Instrumentation","link":"https://csrc.nist.gov/glossary/term/advancement_of_medical_instrumentation"},{"text":"Association for the Advancement of Medical Instrumentation","link":"https://csrc.nist.gov/glossary/term/association_for_the_advancement_of_medical_instrumentation"}],"definitions":null},{"term":"AAMVA","link":"https://csrc.nist.gov/glossary/term/aamva","abbrSyn":[{"text":"American Association of Motor Vehicle Administrators","link":"https://csrc.nist.gov/glossary/term/american_association_of_motor_vehicle_administrators"}],"definitions":null},{"term":"AAP","link":"https://csrc.nist.gov/glossary/term/aap","abbrSyn":[{"text":"Attribute Administration Point","link":"https://csrc.nist.gov/glossary/term/attribute_administration_point"}],"definitions":null},{"term":"AAR","link":"https://csrc.nist.gov/glossary/term/aar","abbrSyn":[{"text":"After Action Report","link":"https://csrc.nist.gov/glossary/term/after_action_report"}],"definitions":[{"text":"A document containing findings and recommendations from an exercise or a test.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84","underTerm":" under After Action Report "}]}]},{"term":"AAS","link":"https://csrc.nist.gov/glossary/term/aas","abbrSyn":[{"text":"Adaptable Antenna Support","link":"https://csrc.nist.gov/glossary/term/adaptable_antenna_support"},{"text":"Authentication and Authorization Service","link":"https://csrc.nist.gov/glossary/term/authentication_and_authorization_service"}],"definitions":null},{"term":"AASC","link":"https://csrc.nist.gov/glossary/term/aasc","abbrSyn":[{"text":"Attribute and Authorization Services Committee","link":"https://csrc.nist.gov/glossary/term/attribute_and_authorization_services_committee"}],"definitions":null},{"term":"ABAC","link":"https://csrc.nist.gov/glossary/term/abac","abbrSyn":[{"text":"Attribute Based Access Control"},{"text":"Attribute-Based Access Control"}],"definitions":[{"text":"An access control approach in which access is mediated based on attributes associated with subjects (requesters) and the objects to be accessed. Each object and subject has a set of associated attributes, such as location, time of creation, access rights, etc. Access to an object is authorized or denied depending upon whether the required (e.g., policy-defined) correlation can be made between the attributes of that object and of the requesting subject.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Attribute Based Access Control ","refSources":[{"text":"Common Criteria v2.3, Part 2","link":"https://www.commoncriteriaportal.org/cc/"}]}]},{"text":"an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]}]},{"term":"Abbreviated Dialing Numbers","link":"https://csrc.nist.gov/glossary/term/abbreviated_dialing_numbers","definitions":[{"text":"phone book entries kept on the SIM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"ABE","link":"https://csrc.nist.gov/glossary/term/abe","abbrSyn":[{"text":"attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/attribute_based_encryption"}],"definitions":null},{"term":"ABI","link":"https://csrc.nist.gov/glossary/term/abi","abbrSyn":[{"text":"Application Binary Interface","link":"https://csrc.nist.gov/glossary/term/application_binary_interface"}],"definitions":null},{"term":"abstraction","link":"https://csrc.nist.gov/glossary/term/abstraction","abbrSyn":[{"text":"2FA","link":"https://csrc.nist.gov/glossary/term/2fa"}],"definitions":[{"text":"View of an object that focuses on the information relevant to a particular purpose and ignores the remainder of the information.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]}]},{"term":"AC","link":"https://csrc.nist.gov/glossary/term/ac","abbrSyn":[{"text":"access control","link":"https://csrc.nist.gov/glossary/term/access_control"},{"text":"Access Control"},{"text":"Alternating Current","link":"https://csrc.nist.gov/glossary/term/alternating_current"}],"definitions":[{"text":"The process of granting or denying specific requests to 1) obtain and use information and related information processing services and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Access Control "}]},{"text":"The decision to permit or deny a subject access to system objects (network, data, application, service, etc.)","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162","underTerm":" under access control "}]},{"text":"To ensure that an entity can only access protected resources if they have the appropriate permissions based on the predefined access control policies.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The process of permitting or restricting access to applications at a granular level, such as per-user, per-group, and per-resources.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Access Control "}]},{"text":"Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a controlled space.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Access Control "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Access Control "}]},{"text":"Enable authorized use of a resource while preventing unauthorized use or use in an unauthorized manner.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under access control "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under access control "}]},{"text":"Process of granting access to information system resources only to authorized users, programs, processes, or other systems.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Access Control "}]},{"text":"The process of granting access to information technology (IT) system resources only to authorized users, programs, processes, or other systems.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests to: (i) obtain and use information and related information processing services; and (ii) enter specific physical facilities (e.g., Federal buildings, military establishments, and border-crossing entrances).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests for obtaining and using information and related information processing services; and to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under access control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]}]},{"text":"The process of limiting access to resources of a system only to authorized programs, processes, or other systems (in a network).","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests for obtaining and using information and related information processing services.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances).","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Access Control "}]}]},{"term":"AC RAM","link":"https://csrc.nist.gov/glossary/term/ac_ram","abbrSyn":[{"text":"Authenticated Code Random Access Memory","link":"https://csrc.nist.gov/glossary/term/authenticated_code_random_access_memory"}],"definitions":null},{"term":"ACA","link":"https://csrc.nist.gov/glossary/term/aca","abbrSyn":[{"text":"Attestation Certificate Authority","link":"https://csrc.nist.gov/glossary/term/attestation_certificate_authority"}],"definitions":null},{"term":"ACC","link":"https://csrc.nist.gov/glossary/term/acc","abbrSyn":[{"text":"Administration Control Center","link":"https://csrc.nist.gov/glossary/term/administration_control_center"},{"text":"American Chemistry Council","link":"https://csrc.nist.gov/glossary/term/american_chemistry_council"}],"definitions":null},{"term":"Acceptable Risk","link":"https://csrc.nist.gov/glossary/term/acceptable_risk","definitions":[{"text":"A level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"the level of Residual Risk that has been determined to be a reasonablelevel of potential loss/disruption for a specific IT system. (See Total Risk, Residual Risk, and Minimum Level of Protection.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}],"seeAlso":[{"text":"Minimum Level of Protection","link":"minimum_level_of_protection"},{"text":"Residual Risk"},{"text":"Total Risk","link":"total_risk"}]},{"term":"acceptable use agreement","link":"https://csrc.nist.gov/glossary/term/acceptable_use_agreement","definitions":[{"text":"See user agreement.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"access agreement","link":"https://csrc.nist.gov/glossary/term/access_agreement","definitions":[{"text":"See user agreement.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"access authority","link":"https://csrc.nist.gov/glossary/term/access_authority","definitions":[{"text":"An entity responsible for monitoring and granting access privileges for other authorized entities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Access Complexity","link":"https://csrc.nist.gov/glossary/term/access_complexity","definitions":[{"text":"reflects the complexity of the attack required to exploit the software feature misuse vulnerability.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]},{"text":"a means to convey the level of difficulty required for an attacker to exploit a vulnerability once the target system is identified. ","sources":[{"text":"NISTIR 7946","link":"https://doi.org/10.6028/NIST.IR.7946"}]}]},{"term":"access control","link":"https://csrc.nist.gov/glossary/term/access_control","abbrSyn":[{"text":"AC","link":"https://csrc.nist.gov/glossary/term/ac"},{"text":"authorization","link":"https://csrc.nist.gov/glossary/term/authorization"}],"definitions":[{"text":"The process of granting or denying specific requests to 1) obtain and use information and related information processing services and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Access Control "}]},{"text":"The decision to permit or deny a subject access to system objects (network, data, application, service, etc.)","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]},{"text":"To ensure that an entity can only access protected resources if they have the appropriate permissions based on the predefined access control policies.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497","underTerm":" under Access Control "}]},{"text":"The right or a permission that is granted to a system entity to access a system resource.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under authorization ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"The official management decision given by a senior organizational official to authorize the operation of an information system and to explicitly accept the risk to organizational operations and assets, individuals, other organizations, and the Nation, based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under authorization "}]},{"text":"The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Access Control ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Access privileges granted to a user, program, or process or the act of granting those privileges.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The process of permitting or restricting access to applications at a granular level, such as per-user, per-group, and per-resources.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Access Control "}]},{"text":"Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a controlled space.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Access Control "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Access Control "}]},{"text":"The granting or denying of access rights to a user, program, or process.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under authorization "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under authorization "}]},{"text":"Enable authorized use of a resource while preventing unauthorized use or use in an unauthorized manner.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Process of granting access to information system resources only to authorized users, programs, processes, or other systems.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Access Control "}]},{"text":"The process of granting access to information technology (IT) system resources only to authorized users, programs, processes, or other systems.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Access Control "}]},{"text":"Restricts resource access to only privileged entities.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Access control "}]},{"text":"Restricts access to resources only to privileged entities.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Access control "}]},{"text":"The process of granting or denying specific requests to: (i) obtain and use information and related information processing services; and (ii) enter specific physical facilities (e.g., Federal buildings, military establishments, and border-crossing entrances).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Access Control "}]},{"text":"As used in this Recommendation, the set of procedures and/or processes that only allow access to information in accordance with pre-established policies and rules.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Access control "}]},{"text":"Restricts resource access to only authorized entities.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Access control "}]},{"text":"The process of granting or denying specific requests for obtaining and using information and related information processing services; and to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]}]},{"text":"The process of limiting access to resources of a system only to authorized programs, processes, or other systems (in a network).","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests for obtaining and using information and related information processing services.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Access Control "}]},{"text":"The process of granting or denying specific requests: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., Federal buildings, military establishments, border crossing entrances).","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Access Control "}]},{"text":"Restricts access to resources to only privileged entities.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Access control "}]}]},{"term":"Access Control Entry","link":"https://csrc.nist.gov/glossary/term/access_control_entry","abbrSyn":[{"text":"ACE","link":"https://csrc.nist.gov/glossary/term/ace"}],"definitions":null},{"term":"Access Control Matrix","link":"https://csrc.nist.gov/glossary/term/access_control_matrix","definitions":[{"text":"A table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"access control mechanism","link":"https://csrc.nist.gov/glossary/term/access_control_mechanism","abbrSyn":[{"text":"ACM","link":"https://csrc.nist.gov/glossary/term/acm"}],"definitions":[{"text":"Implementations of formal AC policy such as AC model. Access control mechanisms can be designed to adhere to the properties of the model by machine implementation using protocols, architecture, or formal languages such as program code.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Access Control Mechanism "}]},{"text":"Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Access Control Model","link":"https://csrc.nist.gov/glossary/term/access_control_model","definitions":[{"text":"Formal presentations of the security policies enforced by AC systems, and are useful for proving theoretical limitations of systems. AC models bridge the gap in abstraction between policy and mechanism.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]}]},{"term":"Access Control Policy","link":"https://csrc.nist.gov/glossary/term/access_control_policy","definitions":[{"text":"High-level requirements that specify how access is managed and who may access information under what circumstances.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]},{"text":"The set of rules that define the conditions under which an access may take place.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Access Control Policy Tool","link":"https://csrc.nist.gov/glossary/term/access_control_policy_tool","abbrSyn":[{"text":"ACPT","link":"https://csrc.nist.gov/glossary/term/acpt"}],"definitions":null},{"term":"Access Control Rule","link":"https://csrc.nist.gov/glossary/term/access_control_rule","abbrSyn":[{"text":"ACR","link":"https://csrc.nist.gov/glossary/term/acr"}],"definitions":null},{"term":"Access Control Rule Logic Circuit Simulation","link":"https://csrc.nist.gov/glossary/term/access_control_rule_logic_circuit_simulation","abbrSyn":[{"text":"ACRLCS","link":"https://csrc.nist.gov/glossary/term/acrlcs"}],"definitions":null},{"term":"Access control system","link":"https://csrc.nist.gov/glossary/term/access_control_system","definitions":[{"text":"A set of procedures and/or processes, normally automated, which allows access to a controlled area or to information to be controlled, in accordance with pre-established policies and rules.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"access cross domain solution","link":"https://csrc.nist.gov/glossary/term/access_cross_domain_solution","definitions":[{"text":"A type of transfer cross domain solution (CDS) that provides access to a computing platform, application, or data residing in different security domains without transfer of user data between the domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"access level","link":"https://csrc.nist.gov/glossary/term/access_level","definitions":[{"text":"A category within a given security classification limiting entry or system connectivity to only authorized persons.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"access list","link":"https://csrc.nist.gov/glossary/term/access_list","definitions":[{"text":"A list of users, programs, and/or processes and the specifications of access categories to which each is assigned."},{"text":"Roster of individuals authorized admittance to a controlled area.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Access Management","link":"https://csrc.nist.gov/glossary/term/access_management","definitions":[{"text":"Access Management is the set of practices that enables only those permitted the ability to perform an action on a particular resource. The three most common Access Management services you encounter every day perhaps without realizing it are: Policy Administration, Authentication, and Authorization.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"FICAM Architecture","link":"https://arch.idmanagement.gov/services/access/"}]}]}]},{"term":"Access Point (AP)","link":"https://csrc.nist.gov/glossary/term/access_point","abbrSyn":[{"text":"AP","link":"https://csrc.nist.gov/glossary/term/ap"}],"definitions":[{"text":"A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization’s enterprise wired network.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"Access Point Name","link":"https://csrc.nist.gov/glossary/term/access_point_name","abbrSyn":[{"text":"APN","link":"https://csrc.nist.gov/glossary/term/apn"}],"definitions":null},{"term":"access profile","link":"https://csrc.nist.gov/glossary/term/access_profile","definitions":[{"text":"Association of a user with a list of protected objects the user may access.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"access program (SAP)","link":"https://csrc.nist.gov/glossary/term/access_program","definitions":[{"text":"A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"Access Rights Management","link":"https://csrc.nist.gov/glossary/term/access_rights_management","abbrSyn":[{"text":"ARM","link":"https://csrc.nist.gov/glossary/term/arm"}],"definitions":null},{"term":"Access Strum","link":"https://csrc.nist.gov/glossary/term/access_strum","abbrSyn":[{"text":"AS","link":"https://csrc.nist.gov/glossary/term/as"}],"definitions":null},{"term":"access type","link":"https://csrc.nist.gov/glossary/term/access_type","definitions":[{"text":"The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create)."},{"text":"Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Access Vector","link":"https://csrc.nist.gov/glossary/term/access_vector","definitions":[{"text":"reflects the access required to exploit the vulnerability.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]},{"text":"measures an attacker’s ability to successfully exploit a vulnerability based on how remote an attacker can be, from a networking perspective, to an information system.","sources":[{"text":"NISTIR 7946","link":"https://doi.org/10.6028/NIST.IR.7946"}]}]},{"term":"Account","link":"https://csrc.nist.gov/glossary/term/account","definitions":[{"text":"An entity in a blockchain that is identified with an address and can send transactions to the blockchain.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"accountability","link":"https://csrc.nist.gov/glossary/term/accountability","definitions":[{"text":"Property that ensures that the actions of an entity may be traced uniquely to the entity."},{"text":"A privacy principle (FIPP) that refers to an organization's requirements to demonstrate their implementation of the FIPPs and applicable privacy requirements."},{"text":"The principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Accountability ","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A property that ensures that the actions of an entity may be traced uniquely to that entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Accountability "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Accountability "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Accountability "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Accountability "}]},{"text":"The security objective that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"2. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]}]},{"text":"1. Assigning key management responsibilities to individuals and holding them accountable for these activities. 2. A property that ensures that the actions of an entity may be traced uniquely to that entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Accountability "}]},{"text":"The property that ensures that the actions of an entity may be traced uniquely to the entity.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Accountability ","refSources":[{"text":"ISO DIS 10181-2"}]}]},{"text":"The property of being able to trace activities on a system to individuals who may then be held responsible for their actions.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Accountability "}]}]},{"term":"accounting legend code","link":"https://csrc.nist.gov/glossary/term/accounting_legend_code","abbrSyn":[{"text":"ALC","link":"https://csrc.nist.gov/glossary/term/alc"}],"definitions":[{"text":"A numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC material control system (CMCS).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"accounting number","link":"https://csrc.nist.gov/glossary/term/accounting_number","definitions":[{"text":"A number assigned to an individual item of COMSEC material at its point of origin to facilitate its handling and accounting.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"accredit","link":"https://csrc.nist.gov/glossary/term/accredit","definitions":[{"text":"recognize an entity or person to perform a specific action; CAs accredit ORAs to act as their intermediary (see organizational registration authority below).","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]}],"seeAlso":[{"text":"organizational registration authority"}]},{"term":"accreditation","link":"https://csrc.nist.gov/glossary/term/accreditation","abbrSyn":[{"text":"authorization to operate","link":"https://csrc.nist.gov/glossary/term/authorization_to_operate"},{"text":"authorize processing","link":"https://csrc.nist.gov/glossary/term/authorize_processing"},{"text":"Authorize Processing"}],"definitions":[{"text":"Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Formal recognition that a laboratory is competent to carry out specific tests or calibrations or types of tests or calibrations."},{"text":"Formal recognition that a laboratory is competent to carry out specific tests or calibrations or types of tests or calibrations."},{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under ACCREDITATION "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accreditation ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accreditation ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Accreditation ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Accreditation "}]},{"text":"See Accreditation.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authorize Processing "}]},{"text":"Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Accreditation "}]},{"text":"The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"See authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorize processing ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorize Processing "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorize Processing "}]}],"seeAlso":[{"text":"Certification"}]},{"term":"accreditation boundary","link":"https://csrc.nist.gov/glossary/term/accreditation_boundary","abbrSyn":[{"text":"security perimeter","link":"https://csrc.nist.gov/glossary/term/security_perimeter"},{"text":"Security Perimeter"}],"definitions":[{"text":"Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"All components of an information system to be accredited by an authorizing official and excludes separately accredited systems, to which the information system is connected. Synonymous with the term security perimeter defined in CNSS Instruction 4009 and DCID 6/3.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"All components of an information system to be accredited by an authorizing official and excludes separately accredited systems to which the information system is connected. Synonymous with the term security perimeter defined in CNSS Instruction 4009 and DCID 6/3.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Product comprised of a system security plan (SSP) and a report documenting the basis for the accreditation decision. \nRationale: The RMF uses a new term to refer to this concept, and it is called RMF security authorization package.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under accreditation package "}]},{"text":"A physical or logical boundary that is defined for a system, domain, or enclave; within which a particular security policy or security architecture is applied.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security perimeter "}]},{"text":"See Accreditation Boundary.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Perimeter "}]}],"seeAlso":[{"text":"authorization boundary","link":"authorization_boundary"}]},{"term":"Accredited Standards Committee","link":"https://csrc.nist.gov/glossary/term/accredited_standards_committee","abbrSyn":[{"text":"ASC","link":"https://csrc.nist.gov/glossary/term/asc"}],"definitions":null},{"term":"accrediting authority","link":"https://csrc.nist.gov/glossary/term/accrediting_authority","abbrSyn":[{"text":"Authorizing Official"},{"text":"Designated Accrediting Authority","link":"https://csrc.nist.gov/glossary/term/designated_accrediting_authority"}],"definitions":[{"text":"Synonymous with designated accrediting authority (DAA).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"See Authorizing Official.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accrediting Authority "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accrediting Authority "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Accrediting Authority "}]},{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.","sources":[{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009-2010"}]}]}],"seeAlso":[{"text":"authorizing official","link":"authorizing_official"}]},{"term":"accuracy","link":"https://csrc.nist.gov/glossary/term/accuracy","definitions":[{"text":"Closeness of computations or estimates to the exact or true values that the statistics were intended to measure.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"accuracy (absolute)","link":"https://csrc.nist.gov/glossary/term/accuracy_absolute","definitions":[{"text":"The degree of conformity of a measured or calculated value to the true value, typically based on a global reference system. For time, the global reference can be based on the following time scales: UTC, International Atomic Time (TAI), or GPS. For position, the global reference can be WGS 84.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]},{"text":"The degree of conformity of a measured or calculated value to the true value, typically based on a global reference system. For time, the global reference can be based on the following time scales: UTC, TAI, or GPS. For position, the global reference can be WGS-84.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]"}]}]},{"term":"accuracy (relative)","link":"https://csrc.nist.gov/glossary/term/accuracy_relative","definitions":[{"text":"The degree of agreement between measured or calculated values among the devices and applications dependent on the position, navigation, or time data at an instant in time.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]}]},{"term":"ACD","link":"https://csrc.nist.gov/glossary/term/acd","abbrSyn":[{"text":"Active Cyber Defense"},{"text":"Applied Cybersecurity Division","link":"https://csrc.nist.gov/glossary/term/applied_cybersecurity_division"},{"text":"Automatic Call Distribution","link":"https://csrc.nist.gov/glossary/term/automatic_call_distribution"},{"text":"ITL Applied Cybersecurity Division","link":"https://csrc.nist.gov/glossary/term/itl_applied_cybersecurity_division"}],"definitions":null},{"term":"ACE","link":"https://csrc.nist.gov/glossary/term/ace","abbrSyn":[{"text":"Access Control Entry","link":"https://csrc.nist.gov/glossary/term/access_control_entry"}],"definitions":null},{"term":"ACI","link":"https://csrc.nist.gov/glossary/term/aci","abbrSyn":[{"text":"Aviation Cyber Initiative","link":"https://csrc.nist.gov/glossary/term/aviation_cyber_initiative"}],"definitions":null},{"term":"ACK","link":"https://csrc.nist.gov/glossary/term/ack","abbrSyn":[{"text":"Acknowledgement","link":"https://csrc.nist.gov/glossary/term/acknowledgement"}],"definitions":null},{"term":"Acknowledgement","link":"https://csrc.nist.gov/glossary/term/acknowledgement","abbrSyn":[{"text":"ACK","link":"https://csrc.nist.gov/glossary/term/ack"}],"definitions":null},{"term":"ACL","link":"https://csrc.nist.gov/glossary/term/acl","abbrSyn":[{"text":"Access Control List"},{"text":"Asynchronous Connection-Less","link":"https://csrc.nist.gov/glossary/term/asynchronous_connection_less"}],"definitions":[{"text":"A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity.","sources":[{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","underTerm":" under Access Control List ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Access Control List ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"A list of entities, together with their access rights, that are authorized to have access to a resource.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Access Control List ","refSources":[{"text":"ISO DIS 10181-2"}]}]}]},{"term":"ACM","link":"https://csrc.nist.gov/glossary/term/acm","abbrSyn":[{"text":"Access Control Mechanism"},{"text":"Association for Computing Machinery"},{"text":"Authenticated Code Module","link":"https://csrc.nist.gov/glossary/term/authenticated_code_module"}],"definitions":[{"text":"Implementations of formal AC policy such as AC model. Access control mechanisms can be designed to adhere to the properties of the model by machine implementation using protocols, architecture, or formal languages such as program code.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Access Control Mechanism "}]}]},{"term":"ACME","link":"https://csrc.nist.gov/glossary/term/acme","abbrSyn":[{"text":"Automated Certificate Management Environment","link":"https://csrc.nist.gov/glossary/term/automated_certificate_management_environment"}],"definitions":[{"text":"A protocol defined in IETF RFC 8555 that provides for the automated enrollment of certificates.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Automated Certificate Management Environment "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Automated Certificate Management Environment "}]}]},{"term":"ACO","link":"https://csrc.nist.gov/glossary/term/aco","abbrSyn":[{"text":"Authenticated Cipher Offset","link":"https://csrc.nist.gov/glossary/term/authenticated_cipher_offset"},{"text":"Authenticated Ciphering Offset","link":"https://csrc.nist.gov/glossary/term/authenticated_ciphering_offset"}],"definitions":null},{"term":"ACPI","link":"https://csrc.nist.gov/glossary/term/acpi","abbrSyn":[{"text":"Advanced Configuration and Power Interface","link":"https://csrc.nist.gov/glossary/term/advanced_configuration_and_power_interface"}],"definitions":null},{"term":"ACPT","link":"https://csrc.nist.gov/glossary/term/acpt","abbrSyn":[{"text":"Access Control Policy Tool","link":"https://csrc.nist.gov/glossary/term/access_control_policy_tool"}],"definitions":null},{"term":"acquirer","link":"https://csrc.nist.gov/glossary/term/acquirer","definitions":[{"text":"Organization or entity that acquires or procures a product or service.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html","note":" - adapted"}]}]},{"text":"Stakeholder that acquires or procures a product or service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"},{"text":"ISO/IEC 15288","note":" - Adapted"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Acquirer ","refSources":[{"text":"ISO/IEC 15288","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Acquirer ","refSources":[{"text":"ISO/IEC 15288","note":" - Adapted"}]}]},{"text":"Stakeholder that acquires or procures a product or service from a supplier.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"acquisition","link":"https://csrc.nist.gov/glossary/term/acquisition","abbrSyn":[{"text":"Procurement","link":"https://csrc.nist.gov/glossary/term/procurement"}],"definitions":[{"text":"Includes all stages of the process of acquiring product or services, beginning with the process for determining the need for the product or services and ending with contract completion and closeout.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2","note":" - adapted"}]}]},{"text":"The process associated with obtaining products or services, typically through contracts involving the expenditure of financial resources, as well as to products or services that may be obtained on a cost-free basis via other mechanisms (e.g., the downloading of public domain software products and other software products with limited or no warranty, such as those commonly known as freeware or shareware from the commercial Internet)."},{"text":" (See “acquisition.”)","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Procurement ","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]},{"text":"Includes all stages of the process of acquiring product or services, beginning with the process for determining the need for the product or services and ending with contract completion and closeout.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Acquisition ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2","note":" - Adapted"}]}]},{"text":"A process by which digital evidence is duplicated, copied, or imaged.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Acquisition "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Acquisition "}]},{"text":"Includes all stages of the process of acquiring product or service, beginning with the process for determining the need for the product or service and ending with contract completion and closeout.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Acquisition ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2","note":" - Adapted"}]}]},{"text":"Process of obtaining a system, product, or service.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Acquisition, Development, and Installation Controls","link":"https://csrc.nist.gov/glossary/term/acquisition_development_and_installation_controls","definitions":[{"text":"the process of assuring thatadequate controls are considered, evaluated, selected, designed and built into the system during its early planning and development stages and that an on-going process is established to ensure continued operation at an acceptable level of risk during the installation, implementation and operation stages.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"ACR","link":"https://csrc.nist.gov/glossary/term/acr","abbrSyn":[{"text":"Access Control Rule","link":"https://csrc.nist.gov/glossary/term/access_control_rule"}],"definitions":null},{"term":"ACRLCS","link":"https://csrc.nist.gov/glossary/term/acrlcs","abbrSyn":[{"text":"Access Control Rule Logic Circuit Simulation","link":"https://csrc.nist.gov/glossary/term/access_control_rule_logic_circuit_simulation"}],"definitions":null},{"term":"ACT","link":"https://csrc.nist.gov/glossary/term/act","abbrSyn":[{"text":"Automated Combinatorial Testing","link":"https://csrc.nist.gov/glossary/term/automated_combinatorial_testing"}],"definitions":null},{"term":"Act Fair and Accurate Credit Transaction Act of 2003","link":"https://csrc.nist.gov/glossary/term/act_fair_and_accurate_credit_transaction_act_of_2003","abbrSyn":[{"text":"FACT","link":"https://csrc.nist.gov/glossary/term/fact"}],"definitions":null},{"term":"activation data","link":"https://csrc.nist.gov/glossary/term/activation_data","definitions":[{"text":"A pass-phrase, personal identification number (PIN), biometric data, or other mechanisms of equivalent authentication robustness used to protect access to any use of a private key, except for private keys associated with System or Device certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Private data, other than keys, that are required to access cryptographic modules (i.e., unlock private keys for signing or decryption events).","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Activation Data "}]}]},{"term":"Activation/Issuance","link":"https://csrc.nist.gov/glossary/term/activation_issuance","definitions":[{"text":"A process that includes the procurement of FIPS-approved blank PIV Cards or hardware/software tokens (for Derived PIV Credential), initializing them using appropriate software and data elements, personalization of these cards/tokens with the identity credentials of authorized subjects, and pick-up/delivery of the personalized cards/tokens to the authorized subjects, along with appropriate instructions for protection and use.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"active attack","link":"https://csrc.nist.gov/glossary/term/active_attack","definitions":[{"text":"An attack on a secure communication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man-in- the middle (MitM), impersonation, and session hijacking. [NIST SP 800-63-3, adapted]"},{"text":"An attack on a secure communication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man-in- the middle (MitM), impersonation, and session hijacking.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","note":" - adapted"}]}]},{"text":"An attack on the authentication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man-in-the-middle (MitM), impersonation, and session hijacking.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Active Attack "}]},{"text":"An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relying Party. Examples of active attacks include man-in-the-middle, impersonation, and session hijacking.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Active Attack "}]}],"seeAlso":[{"text":"passive attack","link":"passive_attack"}]},{"term":"active content","link":"https://csrc.nist.gov/glossary/term/active_content","definitions":[{"text":"Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-28","link":"https://doi.org/10.6028/NIST.SP.800-28"}]},{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Active Content "}]}]},{"term":"active cyber defense","link":"https://csrc.nist.gov/glossary/term/active_cyber_defense","abbrSyn":[{"text":"ACD","link":"https://csrc.nist.gov/glossary/term/acd"}],"definitions":[{"text":"Synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DSOC 2011"}]}]}]},{"term":"Active Directory","link":"https://csrc.nist.gov/glossary/term/active_directory","abbrSyn":[{"text":"AD","link":"https://csrc.nist.gov/glossary/term/ad"}],"definitions":[{"text":"A Microsoft directory service for the management of identities in Windows domain networks.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Active Directory Authentication Library","link":"https://csrc.nist.gov/glossary/term/active_directory_authentication_library","abbrSyn":[{"text":"ADAL","link":"https://csrc.nist.gov/glossary/term/adal"}],"definitions":null},{"term":"Active Directory Certificate Services","link":"https://csrc.nist.gov/glossary/term/active_directory_certificate_services","abbrSyn":[{"text":"ADCS","link":"https://csrc.nist.gov/glossary/term/acds"}],"definitions":null},{"term":"Active Directory Federation Services","link":"https://csrc.nist.gov/glossary/term/active_directory_federation_services","abbrSyn":[{"text":"AD FS","link":"https://csrc.nist.gov/glossary/term/ad_fs"},{"text":"ADFS","link":"https://csrc.nist.gov/glossary/term/adfs"}],"definitions":null},{"term":"Active Directory Forest Recovery","link":"https://csrc.nist.gov/glossary/term/active_directory_forest_recovery","abbrSyn":[{"text":"ADFR","link":"https://csrc.nist.gov/glossary/term/adfr"}],"definitions":null},{"term":"Active Directory Services","link":"https://csrc.nist.gov/glossary/term/active_directory_services","abbrSyn":[{"text":"ADS","link":"https://csrc.nist.gov/glossary/term/ads"}],"definitions":null},{"term":"Active Directory/Domain Name System","link":"https://csrc.nist.gov/glossary/term/active_directory_domain_name_system","abbrSyn":[{"text":"AD/DNS","link":"https://csrc.nist.gov/glossary/term/ad_dns"}],"definitions":null},{"term":"Active Security Testing","link":"https://csrc.nist.gov/glossary/term/active_security_testing","definitions":[{"text":"Security testing that involves direct interaction with a target, such as sending packets to a target.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Active Server Pages","link":"https://csrc.nist.gov/glossary/term/active_server_pages","abbrSyn":[{"text":"ASP","link":"https://csrc.nist.gov/glossary/term/asp"}],"definitions":null},{"term":"Active state","link":"https://csrc.nist.gov/glossary/term/active_state","definitions":[{"text":"A lifecycle state for a key in which the key may be used to cryptographically protect information (e.g., encrypt plaintext or generate a digital signature), to cryptographically process previously protected information (e.g., decrypt ciphertext or verify a digital signature) or both.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The key state in which the key may be used to cryptographically protect information (e.g., encrypt plaintext or generate a digital signature), cryptographically process previously protected information (e.g., decrypt ciphertext or verify a digital signature), or both.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Active Tag","link":"https://csrc.nist.gov/glossary/term/active_tag","definitions":[{"text":"A tag that relies on a battery for power.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Activities","link":"https://csrc.nist.gov/glossary/term/activities","definitions":[{"text":"An assessment object that includes specific protection-related pursuits or actions supporting a system that involves people (e.g., conducting system backup operations, monitoring network traffic).","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"An assessment object that includes specific protection-related pursuits or actions supporting an information system that involve people (e.g., conducting system backup operations, monitoring network traffic).","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]}]},{"term":"activity","link":"https://csrc.nist.gov/glossary/term/activity","definitions":[{"text":"Set of cohesive tasks of a process.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Actor","link":"https://csrc.nist.gov/glossary/term/actor","abbrSyn":[{"text":"threat actor","link":"https://csrc.nist.gov/glossary/term/threat_actor"}],"definitions":[{"text":"The source of risk that can result in harmful impact.","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under threat actor "}]},{"text":"See threat actor.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"term":"ACTS","link":"https://csrc.nist.gov/glossary/term/acts","abbrSyn":[{"text":"Automated Combinatorial Testing for Software","link":"https://csrc.nist.gov/glossary/term/automated_combinatorial_testing_for_software"}],"definitions":null},{"term":"Actual Residual Risk","link":"https://csrc.nist.gov/glossary/term/actual_residual_risk","definitions":[{"text":"The risk remaining after management has taken action to alter its severity.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"COSO Enterprise Risk Management","link":"https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf"}]}]}]},{"term":"Actual State","link":"https://csrc.nist.gov/glossary/term/actual_state","definitions":[{"text":"The observable state or behavior of an assessment object (device, software, person, credential, account, etc.) at the point in time when the collector generates security-related information. In particular, the actual state includes the states or behaviors that might indicate the presence of security defects.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Actuating Capability","link":"https://csrc.nist.gov/glossary/term/actuating_capability","definitions":[{"text":"The ability to change something in the physical world.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"ACVP","link":"https://csrc.nist.gov/glossary/term/acvp","abbrSyn":[{"text":"Automated Cryptographic Validation Protocol","link":"https://csrc.nist.gov/glossary/term/automated_cryptographic_validation_protocol"}],"definitions":null},{"term":"ACVTS","link":"https://csrc.nist.gov/glossary/term/acvts","abbrSyn":[{"text":"Automated Cryptographic Validation Test System","link":"https://csrc.nist.gov/glossary/term/automated_cryptographic_validation_test_system"}],"definitions":null},{"term":"AD","link":"https://csrc.nist.gov/glossary/term/ad","abbrSyn":[{"text":"Active Directory","link":"https://csrc.nist.gov/glossary/term/active_directory"},{"text":"Associated Data","link":"https://csrc.nist.gov/glossary/term/associated_data"},{"text":"Authenticated Data","link":"https://csrc.nist.gov/glossary/term/authenticated_data"}],"definitions":[{"text":"Input data to the CCM generation-encryption process that is authenticated but not encrypted.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Associated Data "}]},{"text":"A Microsoft directory service for the management of identities in Windows domain networks.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Active Directory "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Active Directory "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Active Directory "}]}]},{"term":"AD DS","link":"https://csrc.nist.gov/glossary/term/ad_ds","abbrSyn":[{"text":"Active Directory Domain Services"}],"definitions":null},{"term":"AD FS","link":"https://csrc.nist.gov/glossary/term/ad_fs","abbrSyn":[{"text":"Active Directory Federation Services","link":"https://csrc.nist.gov/glossary/term/active_directory_federation_services"}],"definitions":null},{"term":"Ad Hoc HIEs","link":"https://csrc.nist.gov/glossary/term/ad_hoc_hies","definitions":[{"text":"An Ad Hoc HIE occurs when two healthcare organizations exchange health information, usually under the precondition of familiarity and trust, using existing and usual office infrastructure such as mail, fax, e-mail and phone calls.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"Ad Hoc Network","link":"https://csrc.nist.gov/glossary/term/ad_hoc_network","definitions":[{"text":"A wireless network that dynamically connects wireless client devices to each other without the use of an infrastructure device, such as an access point or a base station.","sources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]},{"text":"A wireless network that allows easy connection establishment between wireless client devices in the same physical area without the use of an infrastructure device, such as an access point or a base station.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"}]}]},{"term":"AD/DNS","link":"https://csrc.nist.gov/glossary/term/ad_dns","abbrSyn":[{"text":"Active Directory/Domain Name System","link":"https://csrc.nist.gov/glossary/term/active_directory_domain_name_system"}],"definitions":null},{"term":"ADAL","link":"https://csrc.nist.gov/glossary/term/adal","abbrSyn":[{"text":"Active Directory Authentication Library","link":"https://csrc.nist.gov/glossary/term/active_directory_authentication_library"}],"definitions":null},{"term":"adaptability","link":"https://csrc.nist.gov/glossary/term/adaptability","definitions":[{"text":"The property of an architecture, design, and implementation that can accommodate changes to the threat model, mission or business functions, systems, and technologies without major programmatic impacts.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"The property of an architecture, design, and implementation which can accommodate changes to the threat model, mission or business functions, systems, and technologies without major programmatic impacts.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"Adaptive Network Control","link":"https://csrc.nist.gov/glossary/term/adaptive_network_control","abbrSyn":[{"text":"ANC","link":"https://csrc.nist.gov/glossary/term/anc"}],"definitions":null},{"term":"Adaptive Security Appliance","link":"https://csrc.nist.gov/glossary/term/adaptive_security_appliance","abbrSyn":[{"text":"ASA","link":"https://csrc.nist.gov/glossary/term/asa"}],"definitions":null},{"term":"ADC","link":"https://csrc.nist.gov/glossary/term/adc","abbrSyn":[{"text":"application delivery controller","link":"https://csrc.nist.gov/glossary/term/application_delivery_controller"}],"definitions":null},{"term":"ADCS","link":"https://csrc.nist.gov/glossary/term/acds","abbrSyn":[{"text":"Active Directory Certificate Services","link":"https://csrc.nist.gov/glossary/term/active_directory_certificate_services"}],"definitions":null},{"term":"Additional Authenticated Data","link":"https://csrc.nist.gov/glossary/term/additional_authenticated_data","abbrSyn":[{"text":"AAD","link":"https://csrc.nist.gov/glossary/term/aad"}],"definitions":[{"text":"The input data to the authenticated encryption function that is authenticated but not encrypted.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Additional input","link":"https://csrc.nist.gov/glossary/term/additional_input","definitions":[{"text":"Information known by two parties that is cryptographically bound to the secret keying material being protected using the encryption operation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Information known by two parties that is cryptographically bound to the keying material being protected using the encryption operation.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Addition-Rotation-XOR","link":"https://csrc.nist.gov/glossary/term/addition_rotation_xor","abbrSyn":[{"text":"ARX","link":"https://csrc.nist.gov/glossary/term/arx"}],"definitions":null},{"term":"add-on security","link":"https://csrc.nist.gov/glossary/term/add_on_security","note":"(C.F.D.)","definitions":[{"text":"Incorporation of new or additional hardware, software, or firmware safeguards in an operational information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Address","link":"https://csrc.nist.gov/glossary/term/address","abbrSyn":[{"text":"A","link":"https://csrc.nist.gov/glossary/term/a_uppercase"}],"definitions":[{"text":"The associated data string.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under A "}]},{"text":"The additional authenticated data","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under A "}]},{"text":"Additional input that is bound to the secret keying material; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under A "}]},{"text":"A short, alphanumeric string derived from a user’s public key using a hash function, with additional data to detect errors. Addresses are used to send and receive digital assets.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"text":"Additional input that is bound to keying material; a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under A "}]}]},{"term":"Address of Record","link":"https://csrc.nist.gov/glossary/term/address_of_record","definitions":[{"text":"The validated and verified location (physical or digital) where an individual can receive communications using approved mechanisms.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The official location where an individual can be found. The address of record always includes the residential street address of an individual and may also include the mailing address of the individual. In very limited circumstances, an Army Post Office box number, Fleet Post Office box number or the street address of next of kin or of another contact individual can be used when a residential street address for the individual is not available.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Address Resolution Protocol (ARP)","link":"https://csrc.nist.gov/glossary/term/address_resolution_protocol","abbrSyn":[{"text":"ARP","link":"https://csrc.nist.gov/glossary/term/arp"}],"definitions":[{"text":"A protocol used to obtain a node’s physical address. A client station broadcasts an ARP request onto the network with the Internet Protocol (IP) address of the target node with which it wishes to communicate, and with that address the node responds by sending back its physical address so that packets can be transmitted to it.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"A protocol used to obtain a node’s physical address. A client station broadcasts an ARP request onto the network with the Internet Protocol (IP) address of the target node it wishes to communicate with, and the node with that address responds by sending back its physical address so that packets can be transmitted to it.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Address Space IDentifier","link":"https://csrc.nist.gov/glossary/term/address_space_identifier","abbrSyn":[{"text":"ASID","link":"https://csrc.nist.gov/glossary/term/asid"}],"definitions":null},{"term":"Address Space Layout Randomization","link":"https://csrc.nist.gov/glossary/term/address_space_layout_randomization","abbrSyn":[{"text":"ASLR","link":"https://csrc.nist.gov/glossary/term/aslr"}],"definitions":null},{"term":"addressable","link":"https://csrc.nist.gov/glossary/term/addressable","definitions":[{"text":"To meet the addressable implementation specifications, a covered entity or business associate must (i) assess whether each implementation specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the electronic protected health information; and (ii) as applicable to the covered entity or business associate - (A) Implement the implementation specification if reasonable and appropriate; or (B) if implementing the implementation specification is not reasonable and appropriate—(1) document why it would not be reasonable and appropriate to implement the implementation specification; and (2) implement an equivalent alternative measure if reasonable and appropriate.","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §164.306(d)(3)"}]}]},{"text":"Describing 21 of the HIPAA Security Rule’s 42 implementation specifications. To meet the addressable implementation specifications, a covered entity must (i) assess whether each implementation specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting the entity's electronic protected health information; and (ii) as applicable to the entity - (A) Implement the implementation specification if reasonable and appropriate; or (B) if implementing the implementation specification is not reasonable and appropriate—(1) document why it would not be reasonable and appropriate to implement the implementation specification; and (2) implement an equivalent alternative measure if reasonable and appropriate.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Addressable ","refSources":[{"text":"45 C.F.R., Sec. 164.306(d)(3)","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]}],"seeAlso":[{"text":"required","link":"required"}]},{"term":"ADDS","link":"https://csrc.nist.gov/glossary/term/adds","abbrSyn":[{"text":"Active Directory Domain Service"},{"text":"Active Directory Domain Services"}],"definitions":null},{"term":"adequate security","link":"https://csrc.nist.gov/glossary/term/adequate_security","definitions":[{"text":"Meets minimum tolerable levels of security as determined by analysis, experience, or a combination of both and is as secure as reasonably practicable (i.e., incremental improvement in security would require an intolerable or disproportionate deterioration of meeting other system objectives, such as those for system performance, or would violate system constraints).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under adequate security (systems) "}]},{"text":"Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under ADEQUATE SECURITY ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]},{"text":"Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]},{"text":"Security commensurate with the risk resulting from the loss, misuse, or unauthorized access to or modification of information.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III","note":" - Adapted"}]}]},{"text":"security commensurate with the risk and magnitude of the harmresulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, acquisition, development, installation, operational, and technical controls.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Adequate Security "}]},{"text":"Security protections commensurate with the risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information. This includes ensuring that information hosted on behalf of an agency and information systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability protections through the application of cost-effective security controls.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Adequate Security ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]}]},{"term":"ADFR","link":"https://csrc.nist.gov/glossary/term/adfr","abbrSyn":[{"text":"Active Directory Forest Recovery","link":"https://csrc.nist.gov/glossary/term/active_directory_forest_recovery"}],"definitions":null},{"term":"ADFS","link":"https://csrc.nist.gov/glossary/term/adfs","abbrSyn":[{"text":"Active Directory Federation Services","link":"https://csrc.nist.gov/glossary/term/active_directory_federation_services"}],"definitions":null},{"term":"ADFSL","link":"https://csrc.nist.gov/glossary/term/adfsl","abbrSyn":[{"text":"Annual Conference on Digital Forensics, Security and Law","link":"https://csrc.nist.gov/glossary/term/annual_conference_on_digital_forensics_security_and_law"}],"definitions":null},{"term":"adj-RIB-In","link":"https://csrc.nist.gov/glossary/term/adj_rib_in","definitions":[{"text":"Routes learned from inbound update messages from BGP peers.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"adj-RIB-Out","link":"https://csrc.nist.gov/glossary/term/adj_rib_out","definitions":[{"text":"Routes that the BGP router will advertise, based on its local policy, to its peers.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Adjudicative Entity","link":"https://csrc.nist.gov/glossary/term/adjudicative_entity","definitions":[{"text":"An agency authorized by law, Executive Order, designation by the Security Executive Agent, or delegation by the Suitability & Credentialing Executive Agent to make an adjudication. Adjudication has the meaning provided in [Executive Order 13764], “(a) ‘Adjudication’ means the evaluation of pertinent data in a background investigation, as well as any other available information that is relevant and reliable, to determine whether a covered individual is: (i) suitable for Government employment; (ii) eligible for logical and physical access; (iii) eligible for access to classified information; (iv) eligible to hold a sensitive position; or (v) fit to perform work for or on behalf of the Government as a Federal employee, contractor, or non-appropriated fund employee.”","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"ADK","link":"https://csrc.nist.gov/glossary/term/adk","abbrSyn":[{"text":"Assessment and Deployment Kit","link":"https://csrc.nist.gov/glossary/term/assessment_and_deployment_kit"}],"definitions":null},{"term":"Administration Control Center","link":"https://csrc.nist.gov/glossary/term/administration_control_center","abbrSyn":[{"text":"ACC","link":"https://csrc.nist.gov/glossary/term/acc"}],"definitions":null},{"term":"Administrative domain","link":"https://csrc.nist.gov/glossary/term/administrative_domain","definitions":[{"text":"A logical collection of hosts and network resources (e.g., department, building, company, organization) governed by common policies.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"administrative incident (COMSEC)","link":"https://csrc.nist.gov/glossary/term/administrative_incident","definitions":[{"text":"A violation of procedures or practices dangerous to security that is not serious enough to jeopardize the integrity of a controlled cryptographic item (CCI), but requires corrective action to ensure the violation does not recur or possibly lead to a reportable COMSEC incident.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4001","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"ADP","link":"https://csrc.nist.gov/glossary/term/adp","abbrSyn":[{"text":"Authorized Data Publisher","link":"https://csrc.nist.gov/glossary/term/authorized_data_publisher"},{"text":"Automatic Data Processing","link":"https://csrc.nist.gov/glossary/term/automatic_data_processing"}],"definitions":null},{"term":"ADS","link":"https://csrc.nist.gov/glossary/term/ads","abbrSyn":[{"text":"Active Directory Services","link":"https://csrc.nist.gov/glossary/term/active_directory_services"},{"text":"Alternate Data Stream","link":"https://csrc.nist.gov/glossary/term/alternate_data_stream"}],"definitions":null},{"term":"Advanced Configuration and Power Interface","link":"https://csrc.nist.gov/glossary/term/advanced_configuration_and_power_interface","abbrSyn":[{"text":"ACPI","link":"https://csrc.nist.gov/glossary/term/acpi"}],"definitions":null},{"term":"advanced cyber threat","link":"https://csrc.nist.gov/glossary/term/advanced_cyber_threat","definitions":[{"text":"See advanced persistent threat.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"Advanced Encryption Standard","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard","abbrSyn":[{"text":"AES","link":"https://csrc.nist.gov/glossary/term/aes"}],"definitions":[{"text":"A U.S. Government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under advanced encryption standard ","refSources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1"}]}]},{"text":"Advanced Encryption Standard.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under AES "}]},{"text":"Advanced Encryption Standard (as specified in FIPS 197).","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under AES "}]},{"text":"Advanced Encryption Standard specified in [FIPS 197].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under AES "}]}]},{"term":"Advanced Encryption Standard-Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_cipher_block_chaining","abbrSyn":[{"text":"AES-CBC","link":"https://csrc.nist.gov/glossary/term/aes_cbc"}],"definitions":null},{"term":"Advanced Encryption Standard-Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_cipher_based_message_authentication_code","abbrSyn":[{"text":"AES-CMAC","link":"https://csrc.nist.gov/glossary/term/aes_cmac"}],"definitions":null},{"term":"Advanced Encryption Standard-Counter Mode","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_counter_mode","abbrSyn":[{"text":"AES-CTR","link":"https://csrc.nist.gov/glossary/term/aes_ctr"}],"definitions":null},{"term":"Advanced Encryption Standard–Counter with CBC-MAC","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_counter_with_cbc_mac","abbrSyn":[{"text":"AES-CCM","link":"https://csrc.nist.gov/glossary/term/aes_ccm"}],"definitions":null},{"term":"Advanced Encryption Standard-eXtended Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_extended_cipher_block_chaining","abbrSyn":[{"text":"AES-XCBC","link":"https://csrc.nist.gov/glossary/term/aes_xcbc"}],"definitions":null},{"term":"Advanced Encryption Standard-Galois Counter Mode","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_galois_counter_mode","abbrSyn":[{"text":"AES-GCM","link":"https://csrc.nist.gov/glossary/term/aes_gcm"}],"definitions":null},{"term":"Advanced Encryption Standard-Galois Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_galois_message_authentication_code","abbrSyn":[{"text":"AES-GMAC","link":"https://csrc.nist.gov/glossary/term/aes_gmac"}],"definitions":null},{"term":"advanced key processor","link":"https://csrc.nist.gov/glossary/term/advanced_key_processor","abbrSyn":[{"text":"AKP","link":"https://csrc.nist.gov/glossary/term/akp"}],"definitions":[{"text":"A cryptographic device that performs all cryptographic functions for a management client node and contains the interfaces to 1) exchange information with a client platform, 2) interact with fill devices, and 3) connect a client platform securely to the primary services node (PRSN).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Advanced Malware Protection","link":"https://csrc.nist.gov/glossary/term/advanced_malware_protection","abbrSyn":[{"text":"AMP","link":"https://csrc.nist.gov/glossary/term/amp"}],"definitions":null},{"term":"Advanced Multi-Layered Unification Filesystem","link":"https://csrc.nist.gov/glossary/term/advanced_multi_layered_unification_filesystem","abbrSyn":[{"text":"AUFS","link":"https://csrc.nist.gov/glossary/term/aufs"}],"definitions":null},{"term":"Advanced Network Technologies Division","link":"https://csrc.nist.gov/glossary/term/advanced_network_technologies_division","abbrSyn":[{"text":"ANTD","link":"https://csrc.nist.gov/glossary/term/antd"}],"definitions":null},{"term":"advanced persistent threat","link":"https://csrc.nist.gov/glossary/term/advanced_persistent_threat","abbrSyn":[{"text":"APT","link":"https://csrc.nist.gov/glossary/term/apt"}],"definitions":[{"text":"An adversary that possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives by using multiple attack vectors including, for example, cyber, physical, and deception. These objectives typically include establishing and extending footholds within the IT infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization, or positioning itself to carry out these objectives in the future. The advanced persistent threat pursues its objectives repeatedly over an extended period; adapts to defenders’ efforts to resist it; and is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders' efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception), to generate opportunities to achieve its objectives which are typically to establish and extend its presence within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Advanced Persistent Threat ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors including, for example, cyber, physical, and deception. These objectives typically include establishing and extending footholds within the IT infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat pursues its objectives repeatedly over an extended period; adapts to defenders’ efforts to resist it; and is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Advanced Persistent Threat "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Advanced Persistent Threat "}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors including, for example, cyber, physical, and deception. These objectives typically include establishing and extending footholds within the IT infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization, or positioning itself to carry out these objectives in the future. The advanced persistent threat pursues its objectives repeatedly over an extended period; adapts to defenders’ efforts to resist it; and is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors, including cyber, physical, and deception. These objectives typically include establishing and extending footholds within the IT infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat pursues its objectives repeatedly over an extended period; adapts to defenders’ efforts to resist it; and is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"Advanced Persistent Threats","link":"https://csrc.nist.gov/glossary/term/advanced_persistent_threats","definitions":[{"text":"An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception) to generate opportunities to achieve its objectives, which are typically to establish and extend footholds within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"Advanced Reduced Instruction Set Computing (RISC) Machine","link":"https://csrc.nist.gov/glossary/term/risc_machine","abbrSyn":[{"text":"ARM","link":"https://csrc.nist.gov/glossary/term/arm"}],"definitions":null},{"term":"Advanced Research Project Agency","link":"https://csrc.nist.gov/glossary/term/advanced_research_project_agency","abbrSyn":[{"text":"ARPA","link":"https://csrc.nist.gov/glossary/term/arpa"}],"definitions":null},{"term":"Advanced Satellite Multimedia Systems Conference","link":"https://csrc.nist.gov/glossary/term/advanced_satellite_multimedia_systems_conference","abbrSyn":[{"text":"ASMS","link":"https://csrc.nist.gov/glossary/term/asms"}],"definitions":null},{"term":"Advanced Technology Academic Research Center","link":"https://csrc.nist.gov/glossary/term/advanced_technology_academic_research_center","abbrSyn":[{"text":"ATARC","link":"https://csrc.nist.gov/glossary/term/atarc"}],"definitions":null},{"term":"Advanced Technology Attachment","link":"https://csrc.nist.gov/glossary/term/advanced_technology_attachment","abbrSyn":[{"text":"ATA","link":"https://csrc.nist.gov/glossary/term/ata"}],"definitions":[{"text":"Magnetic media interface specification. Also known as “IDE” –IntegratedDrive Electronics.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under ATA "}]}]},{"term":"Advanced Threat Protection","link":"https://csrc.nist.gov/glossary/term/advanced_threat_protection","abbrSyn":[{"text":"ATP","link":"https://csrc.nist.gov/glossary/term/atp"}],"definitions":null},{"term":"Advanced Threat Protection: Network","link":"https://csrc.nist.gov/glossary/term/advanced_threat_protection_network","abbrSyn":[{"text":"ATP:N","link":"https://csrc.nist.gov/glossary/term/atp_n"}],"definitions":null},{"term":"Advancement of Medical Instrumentation","link":"https://csrc.nist.gov/glossary/term/advancement_of_medical_instrumentation","abbrSyn":[{"text":"AAMI","link":"https://csrc.nist.gov/glossary/term/aami"}],"definitions":null},{"term":"Adversarial Machine Learning","link":"https://csrc.nist.gov/glossary/term/adversarial_machine_learning","abbrSyn":[{"text":"AML","link":"https://csrc.nist.gov/glossary/term/aml"}],"definitions":null},{"term":"Adversarial Tactics, Techniques & Common Knowledge","link":"https://csrc.nist.gov/glossary/term/adversarial_tactics_techniques_and_common_knowledge","abbrSyn":[{"text":"ATT&CK","link":"https://csrc.nist.gov/glossary/term/attandck"}],"definitions":null},{"term":"adversary","link":"https://csrc.nist.gov/glossary/term/adversary","definitions":[{"text":"A malicious entity whose goal is to determine, to guess, or to influence the output of an RBG.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]},{"text":"Person, group, organization, or government that conducts or has the intent to conduct detrimental activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Adversary ","refSources":[{"text":"DHS Risk Lexicon","link":"https://www.dhs.gov/dhs-risk-lexicon"}]}]},{"text":"An entity that is not authorized to access or modify information, or who works to defeat any protections afforded the information.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Adversary "}]}]},{"term":"adverse consequence","link":"https://csrc.nist.gov/glossary/term/adverse_consequence","definitions":[{"text":"An undesirable consequence associated with a loss.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 15026"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 15026-1:2019"}]}]}]},{"term":"adversity","link":"https://csrc.nist.gov/glossary/term/adversity","definitions":[{"text":"The conditions that can cause a loss of assets (e.g., threats, attacks, vulnerabilities, hazards, disruptions, and exposures).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Adverse conditions, stresses, attacks, or compromises.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"advisory","link":"https://csrc.nist.gov/glossary/term/advisory","definitions":[{"text":"Notification of significant new trends or developments regarding the threat to the information systems of an organization. This notification may include analytical insights into trends, intentions, technologies, or tactics of an adversary targeting information systems. \nRationale: General definition of a commonly understood term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A feature or function that mav be desired by a typical commercial or government organization. An Advisory represents a goal to be achieved. An Advisory may be reclassified as a Requirement at some future date. An advisory contains the word should and is identified by the letter \"A.\"","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under Advisory "}]}]},{"term":"AE","link":"https://csrc.nist.gov/glossary/term/ae","abbrSyn":[{"text":"Authenticated Encryption","link":"https://csrc.nist.gov/glossary/term/authenticated_encryption"}],"definitions":[{"text":"The function of GCM in which the plaintext is encrypted into the ciphertext, and an authentication tag is generated on the AAD and the ciphertext.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Authenticated Encryption "}]}]},{"term":"AE Title","link":"https://csrc.nist.gov/glossary/term/ae_title","abbrSyn":[{"text":"Application Entity Title","link":"https://csrc.nist.gov/glossary/term/application_entity_title"}],"definitions":null},{"term":"AEAD","link":"https://csrc.nist.gov/glossary/term/aead","abbrSyn":[{"text":"authenticated encryption with associated data","link":"https://csrc.nist.gov/glossary/term/authenticated_encryption_with_associated_data"},{"text":"Authenticated Encryption with Associated Data"}],"definitions":null},{"term":"AES","link":"https://csrc.nist.gov/glossary/term/aes","abbrSyn":[{"text":"Advanced Encryption Standard","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard"},{"text":"Advanced Encryption Standard (algorithm)"}],"definitions":[{"text":"Advanced Encryption Standard.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"Advanced Encryption Standard (as specified in FIPS 197).","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"Advanced Encryption Standard specified in [FIPS 197].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]}]},{"term":"AES Key Wrap","link":"https://csrc.nist.gov/glossary/term/aes_key_wrap","abbrSyn":[{"text":"KW","link":"https://csrc.nist.gov/glossary/term/kw"}],"definitions":null},{"term":"AES Key Wrap with Padding","link":"https://csrc.nist.gov/glossary/term/aes_key_wrap_with_padding","abbrSyn":[{"text":"KWP","link":"https://csrc.nist.gov/glossary/term/kwp"}],"definitions":null},{"term":"AES New Instructions","link":"https://csrc.nist.gov/glossary/term/aes_new_instructions","abbrSyn":[{"text":"AES-NI","link":"https://csrc.nist.gov/glossary/term/aes_ni"}],"definitions":null},{"term":"AES-CBC","link":"https://csrc.nist.gov/glossary/term/aes_cbc","abbrSyn":[{"text":"Advanced Encryption Standard-Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_cipher_block_chaining"},{"text":"AES-Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/aes_cipher_block_chaining"}],"definitions":null},{"term":"AES-CCM","link":"https://csrc.nist.gov/glossary/term/aes_ccm","abbrSyn":[{"text":"Advanced Encryption Standard-Counter with CBC-MAC"},{"text":"Advanced Encryption Standard–Counter with CBC-MAC","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_counter_with_cbc_mac"}],"definitions":null},{"term":"AES-CMAC","link":"https://csrc.nist.gov/glossary/term/aes_cmac","abbrSyn":[{"text":"Advanced Encryption Standard-Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_cipher_based_message_authentication_code"},{"text":"Advanced Encryption Standard-Cipher-Based Message Authentication Code"}],"definitions":null},{"term":"AES-CTR","link":"https://csrc.nist.gov/glossary/term/aes_ctr","abbrSyn":[{"text":"Advanced Encryption Standard-Counter Mode","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_counter_mode"},{"text":"AES-Counter Mode","link":"https://csrc.nist.gov/glossary/term/aes_counter_mode"}],"definitions":null},{"term":"AES-GCM","link":"https://csrc.nist.gov/glossary/term/aes_gcm","abbrSyn":[{"text":"Advanced Encryption Standard-Galois Counter Mode","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_galois_counter_mode"}],"definitions":null},{"term":"AES-GMAC","link":"https://csrc.nist.gov/glossary/term/aes_gmac","abbrSyn":[{"text":"Advanced Encryption Standard-Galois Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_galois_message_authentication_code"}],"definitions":null},{"term":"AES-NI","link":"https://csrc.nist.gov/glossary/term/aes_ni","abbrSyn":[{"text":"AES New Instructions","link":"https://csrc.nist.gov/glossary/term/aes_new_instructions"}],"definitions":null},{"term":"AES-XCBC","link":"https://csrc.nist.gov/glossary/term/aes_xcbc","abbrSyn":[{"text":"Advanced Encryption Standard-eXtended Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/advanced_encryption_standard_extended_cipher_block_chaining"}],"definitions":null},{"term":"AF","link":"https://csrc.nist.gov/glossary/term/af","abbrSyn":[{"text":"Alternate Facility","link":"https://csrc.nist.gov/glossary/term/alternate_facility"},{"text":"Asset Framework","link":"https://csrc.nist.gov/glossary/term/asset_framework"}],"definitions":null},{"term":"Affine Transformation","link":"https://csrc.nist.gov/glossary/term/affine_transformation","definitions":[{"text":"A transformation consisting of multiplication by a matrix followed by the addition of a vector.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"AFPM","link":"https://csrc.nist.gov/glossary/term/afpm","abbrSyn":[{"text":"American Fuel and Petrochemical Manufacturers","link":"https://csrc.nist.gov/glossary/term/american_fuel_and_petrochemical_manufacturers"}],"definitions":null},{"term":"AFR","link":"https://csrc.nist.gov/glossary/term/afr","abbrSyn":[{"text":"Agency Financial Report","link":"https://csrc.nist.gov/glossary/term/agency_financial_report"}],"definitions":null},{"term":"AFRL","link":"https://csrc.nist.gov/glossary/term/afrl","abbrSyn":[{"text":"Air Force Research Laboratory","link":"https://csrc.nist.gov/glossary/term/air_force_research_laboratory"}],"definitions":null},{"term":"After Action Report","link":"https://csrc.nist.gov/glossary/term/after_action_report","abbrSyn":[{"text":"AAR","link":"https://csrc.nist.gov/glossary/term/aar"}],"definitions":[{"text":"A document containing findings and recommendations from an exercise or a test.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"AFW","link":"https://csrc.nist.gov/glossary/term/afw","abbrSyn":[{"text":"Android for Work","link":"https://csrc.nist.gov/glossary/term/android_for_work"}],"definitions":null},{"term":"AGA","link":"https://csrc.nist.gov/glossary/term/aga","abbrSyn":[{"text":"American Gas Association","link":"https://csrc.nist.gov/glossary/term/american_gas_association"}],"definitions":null},{"term":"agency","link":"https://csrc.nist.gov/glossary/term/agency","abbrSyn":[{"text":"executive agency","link":"https://csrc.nist.gov/glossary/term/executive_agency"},{"text":"Executive Agency"},{"text":"FEDERAL AGENCY"}],"definitions":[{"text":"Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include: (i) the Government Accountability Office; (ii) the Federal Election Commission; (iii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (iv) government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under AGENCY ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"See Agency.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under FEDERAL AGENCY "}]},{"text":"Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include - \n(i) the General Accounting Office; \n(ii) Federal Election Commission; \n(iii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or \n(iv) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities. \nSee also executive agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government-controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An executive department specified in 5 U.S.C. Sec. 101; a military department specified in 5 U.S.C. Sec. 102; an independent establishment as defined in 5 U.S.C. Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under executive agency "}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government- controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An executive Department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any department, subordinate element of a department, or independent organizational entity that is statutorily or constitutionally recognized as being part of the Executive Branch of the Federal Government.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Agency "}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Agency "}]},{"text":"See executive agency.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Agency "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Agency "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Agency "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Agency "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Agency "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under executive agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President) or any independent regulatory agency, but does not include: 1) the General Accounting Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States and their various subdivisions; or 4) government-owned, contractor-operated facilities, including laboratories engaged in national defense research and production activities. Also referred to as Federal Agency.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Agency ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec.102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Section 101; a military department specified in 5 U.S.C., Section 102; an independent establishment as defined in 5 U.S.C., Section 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"The term 'agency' means any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include ­\n(a) the General Accounting Office;\n(b) Federal Election Commission;\n(c) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or\n(d) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Agency ","refSources":[{"text":"44 U.S.C., Sec. 3502 (1)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government-controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency. See executive agency.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"See Executive Agency","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Agency "}]},{"text":"An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 105; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under executive agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]}],"seeAlso":[{"text":"executive agency","link":"executive_agency"}]},{"term":"Agency Dashboard","link":"https://csrc.nist.gov/glossary/term/agency_dashboard","abbrSyn":[{"text":"Dashboard","link":"https://csrc.nist.gov/glossary/term/dashboard"}],"definitions":[{"text":"An organizational-level dashboard that: a) collects data from a collection system; and b) shows detailed assessment object-level data and assessment object-level defects to organizationally authorized personnel.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Agency Dashboard and Federal Dashboard.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Dashboard "}]}]},{"term":"Agency Financial Report","link":"https://csrc.nist.gov/glossary/term/agency_financial_report","abbrSyn":[{"text":"AFR","link":"https://csrc.nist.gov/glossary/term/afr"}],"definitions":null},{"term":"Agency for Healthcare Research and Quality","link":"https://csrc.nist.gov/glossary/term/agency_for_healthcare_research_and_quality","abbrSyn":[{"text":"AHRQ","link":"https://csrc.nist.gov/glossary/term/ahrq"}],"definitions":null},{"term":"Agency-Wide Adaptive Risk Enumeration","link":"https://csrc.nist.gov/glossary/term/agency_wide_adaptive_risk_enumeration","abbrSyn":[{"text":"AWARE","link":"https://csrc.nist.gov/glossary/term/aware"}],"definitions":null},{"term":"Agent","link":"https://csrc.nist.gov/glossary/term/agent","definitions":[{"text":"A program acting on behalf of a person or organization.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"A host-based IPS program that monitors and analyzes activity and performs preventive actions; OR a program or plug-in that enables an SSL VPN to access non-Web-based applications and services.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]},{"text":"A host-based intrusion prevention system program that monitors and analyzes activity and performs preventive actions; OR a program or plug-in that enables an SSL VPN to access non-Web-based applications and services.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]}]},{"term":"Aggregate","link":"https://csrc.nist.gov/glossary/term/aggregate","definitions":[{"text":"To combine several more-specific prefixes into a less-specific prefix.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Aggregated Information","link":"https://csrc.nist.gov/glossary/term/aggregated_information","definitions":[{"text":"Information elements collated on a number of individuals, typically used for the purposes of making comparisons or identifying patterns.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]},{"term":"Aggregation","link":"https://csrc.nist.gov/glossary/term/aggregation","abbrSyn":[{"text":"Event Aggregation","link":"https://csrc.nist.gov/glossary/term/event_aggregation"}],"definitions":[{"text":"See “Event Aggregation”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Event Aggregation "}]},{"text":"The consolidation of similar or related information.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"agility","link":"https://csrc.nist.gov/glossary/term/agility","definitions":[{"text":"The property of a system or an infrastructure that can be reconfigured, in which resources can be reallocated, and in which components can be reused or repurposed so that cyber defenders can define, select, and tailor cyber courses of action for a broad range of disruptions or malicious cyber activities.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"text":"The property of a system or an infrastructure which can be reconfigured, in which resources can be reallocated, and in which components can be reused or repurposed, so that cyber defenders can define, select, and tailor cyber courses of action for a broad range of disruptions or malicious cyber activities.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"agreement","link":"https://csrc.nist.gov/glossary/term/agreement","definitions":[{"text":"Mutual acknowledgement of terms and conditions under which a working relationship is conducted, or goods are transferred between parties. EXAMPLE: contract, memorandum, or agreement","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"Mutual acknowledgement of terms and conditions under which a working relationship is conducted (e.g., memorandum of agreement or contract).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"Mutual acknowledgement of terms and conditions under which a working relationship is conducted.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"AH","link":"https://csrc.nist.gov/glossary/term/ah","abbrSyn":[{"text":"Authentication Header"}],"definitions":null},{"term":"AHA","link":"https://csrc.nist.gov/glossary/term/aha","abbrSyn":[{"text":"American Hospital Association","link":"https://csrc.nist.gov/glossary/term/american_hospital_association"}],"definitions":null},{"term":"AHRQ","link":"https://csrc.nist.gov/glossary/term/ahrq","abbrSyn":[{"text":"Agency for Healthcare Research and Quality","link":"https://csrc.nist.gov/glossary/term/agency_for_healthcare_research_and_quality"}],"definitions":null},{"term":"AI","link":"https://csrc.nist.gov/glossary/term/ai","abbrSyn":[{"text":"Artificial Intelligence"},{"text":"Asset Identification"}],"definitions":[{"text":"SCAP constructs to uniquely identify assets (components) based on known identifiers and/or known information about the assets.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Asset Identification "}]},{"text":"The use of attributes and methods to uniquely identify an asset.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Asset Identification "}]},{"text":"The attributes and methods necessary for uniquely identifying a given asset. A full explanation of asset identification is provided in [NISTIR 7693].","sources":[{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694","underTerm":" under Asset Identification "}]}]},{"term":"AI/ML","link":"https://csrc.nist.gov/glossary/term/ai_ml","abbrSyn":[{"text":"artificial intelligence and machine learning"}],"definitions":null},{"term":"AIA","link":"https://csrc.nist.gov/glossary/term/aia","abbrSyn":[{"text":"Authority Information Access","link":"https://csrc.nist.gov/glossary/term/authority_information_access"}],"definitions":null},{"term":"AIAA","link":"https://csrc.nist.gov/glossary/term/aiaa","abbrSyn":[{"text":"American Institute of Aeronautics and Astronautics","link":"https://csrc.nist.gov/glossary/term/american_institute_of_aeronautics_and_astronautics"}],"definitions":null},{"term":"AIC","link":"https://csrc.nist.gov/glossary/term/aic","abbrSyn":[{"text":"Architecture and Infrastructure Committee","link":"https://csrc.nist.gov/glossary/term/architecture_and_infrastructure_committee"},{"text":"Attestation Identity Credential","link":"https://csrc.nist.gov/glossary/term/attestation_identity_credential"}],"definitions":null},{"term":"AID","link":"https://csrc.nist.gov/glossary/term/aid","abbrSyn":[{"text":"Application Identifier","link":"https://csrc.nist.gov/glossary/term/application_identifier"}],"definitions":[{"text":"A globally unique identifier of a card application as defined in ISO/IEC 7816-4.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4","underTerm":" under Application Identifier "}]}]},{"term":"AIDC","link":"https://csrc.nist.gov/glossary/term/aidc","abbrSyn":[{"text":"Automatic Identification and Data Capture","link":"https://csrc.nist.gov/glossary/term/automatic_identification_and_data_capture"}],"definitions":null},{"term":"AIK","link":"https://csrc.nist.gov/glossary/term/aik","abbrSyn":[{"text":"Attestation Identity Key","link":"https://csrc.nist.gov/glossary/term/attestation_identity_key"}],"definitions":null},{"term":"AIM","link":"https://csrc.nist.gov/glossary/term/aim","abbrSyn":[{"text":"Algorithms for Intrusion Measurement","link":"https://csrc.nist.gov/glossary/term/algorithms_for_intrusion_measurement"},{"text":"Association for Automatic Identification and Mobility","link":"https://csrc.nist.gov/glossary/term/association_for_automatic_identification_and_mobility"}],"definitions":null},{"term":"Air Force Research Laboratory","link":"https://csrc.nist.gov/glossary/term/air_force_research_laboratory","abbrSyn":[{"text":"AFRL","link":"https://csrc.nist.gov/glossary/term/afrl"}],"definitions":null},{"term":"air gap","link":"https://csrc.nist.gov/glossary/term/air_gap","definitions":[{"text":"An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred through the interface only manually, under human control).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"Air Traffic Organization","link":"https://csrc.nist.gov/glossary/term/air_traffic_organization","abbrSyn":[{"text":"ATO","link":"https://csrc.nist.gov/glossary/term/ato"}],"definitions":[{"text":"Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under ATO "}]}]},{"term":"Airdrop","link":"https://csrc.nist.gov/glossary/term/airdrop","definitions":[{"text":"A distribution of digital tokens to a list of blockchain addresses.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"AIS","link":"https://csrc.nist.gov/glossary/term/ais","abbrSyn":[{"text":"Automated Indicator Sharing","link":"https://csrc.nist.gov/glossary/term/automated_indicator_sharing"}],"definitions":null},{"term":"AIT","link":"https://csrc.nist.gov/glossary/term/ait","abbrSyn":[{"text":"Automatic Identification Technology","link":"https://csrc.nist.gov/glossary/term/automatic_identification_technology"}],"definitions":null},{"term":"AJAX","link":"https://csrc.nist.gov/glossary/term/ajax","abbrSyn":[{"text":"Asynchronous JavaScript and XML","link":"https://csrc.nist.gov/glossary/term/asynchronous_javascript_and_xml"}],"definitions":null},{"term":"AKA","link":"https://csrc.nist.gov/glossary/term/aka","abbrSyn":[{"text":"Also Known As","link":"https://csrc.nist.gov/glossary/term/also_known_as"},{"text":"Authentication and Key Agreement","link":"https://csrc.nist.gov/glossary/term/authentication_and_key_agreement"}],"definitions":null},{"term":"AKM","link":"https://csrc.nist.gov/glossary/term/akm","abbrSyn":[{"text":"Authentication and Key Management","link":"https://csrc.nist.gov/glossary/term/authentication_and_key_management"}],"definitions":null},{"term":"AKP","link":"https://csrc.nist.gov/glossary/term/akp","abbrSyn":[{"text":"Advanced Key Processor"}],"definitions":null},{"term":"Alaris System Maintenance","link":"https://csrc.nist.gov/glossary/term/alaris_system_maintenance","abbrSyn":[{"text":"ASM","link":"https://csrc.nist.gov/glossary/term/asm"}],"definitions":null},{"term":"ALC","link":"https://csrc.nist.gov/glossary/term/alc","abbrSyn":[{"text":"Accounting Legend Code"}],"definitions":null},{"term":"ALE","link":"https://csrc.nist.gov/glossary/term/ale","abbrSyn":[{"text":"Annualized Loss Expectancy","link":"https://csrc.nist.gov/glossary/term/annualized_loss_expectancy"}],"definitions":null},{"term":"alert","link":"https://csrc.nist.gov/glossary/term/alert","definitions":[{"text":"Notification that a specific attack has been directed at an organization’s information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A brief, usually human-readable, technical notification regarding current vulnerabilities, exploits, and other security issues. Also known as an advisory, bulletin, or vulnerability note.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Alert "}]}]},{"term":"ALG","link":"https://csrc.nist.gov/glossary/term/alg","abbrSyn":[{"text":"Application Layer Gateway"},{"text":"Application Layer Gateways"}],"definitions":null},{"term":"Algorithm","link":"https://csrc.nist.gov/glossary/term/algorithm","definitions":[{"text":"A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Algorithm "}]},{"text":"A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"},{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"},{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Algorithm Identifier","link":"https://csrc.nist.gov/glossary/term/algorithm_identifier","definitions":[{"text":"A PIV algorithm identifier is a one-byte identifier that specifies a cryptographic algorithm and key size. For symmetric cryptographic operations, the algorithm identifier also specifies a mode of operation (i.e., ECB).","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Algorithm originator-usage period","link":"https://csrc.nist.gov/glossary/term/algorithm_originator_usage_period","definitions":[{"text":"The period of time during which a specific cryptographic algorithm may be used by originators to apply protection to data (e.g., encrypt or generate a digital signature).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The period of time during which a specific cryptographic algorithm may be used by originators to apply protection to data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Algorithm originator- usage period "}]}]},{"term":"Algorithm security lifetime","link":"https://csrc.nist.gov/glossary/term/algorithm_security_lifetime","definitions":[{"text":"The estimated time period during which data protected by a specific cryptographic algorithm remains secure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The estimated time period during which data protected by a specific cryptographic algorithm remains secure, given that the key has not been compromised.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"algorithmic optimization","link":"https://csrc.nist.gov/glossary/term/algorithmic_optimization","definitions":[{"text":"The application of mathematical formulae to calculate the aggregate cost-benefit to the enterprise, given the estimated costs, in a purely mechanical approach.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"Algorithms for Intrusion Measurement","link":"https://csrc.nist.gov/glossary/term/algorithms_for_intrusion_measurement","abbrSyn":[{"text":"AIM","link":"https://csrc.nist.gov/glossary/term/aim"}],"definitions":null},{"term":"Allan deviation","link":"https://csrc.nist.gov/glossary/term/allan_deviation","definitions":[{"text":"[See source document for the complete definition.]","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"},{"text":"NIST SP 1065","link":"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50505","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"},{"text":"NIST SP 1065","link":"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50505","note":" - adapted"}]}]}]},{"term":"Alliance for Telecommunications Industry Solutions","link":"https://csrc.nist.gov/glossary/term/alliance_for_telecommunications_industry_solutions","abbrSyn":[{"text":"ATIS","link":"https://csrc.nist.gov/glossary/term/atis"}],"definitions":null},{"term":"allied nation","link":"https://csrc.nist.gov/glossary/term/allied_nation","definitions":[{"text":"A nation allied with the U.S. in a current defense effort and with which the U.S. has certain treaties. For an authoritative list of allied nations, contact the Office of the Assistant Legal Adviser for Treaty Affairs, Office of the Legal Adviser, U.S. Department of State, or see the list of U.S. Collective Defense Arrangements at https://www.state.gov."},{"text":"A nation allied with the U.S. in a current defense effort and with which the U.S. has certain treaties. For an authoritative list of allied nations, contact the Office of the Assistant Legal Adviser for Treaty Affairs, Office of the Legal Adviser, U.S. Department of State, or see the list of U.S. Collective Defense Arrangements at www.state.gov.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"allocation","link":"https://csrc.nist.gov/glossary/term/allocation","definitions":[{"text":"The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common. \nThe process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor).","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Allocation ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Allocation "}]},{"text":"The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The process an organization employs to assign security or privacy requirements to an information system or its environment of operation; or to assign controls to specific system elements responsible for providing a security or privacy capability (e.g., router, server, remote sensor).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"allowed","link":"https://csrc.nist.gov/glossary/term/allowed","definitions":[{"text":"The algorithm and key length in a FIPS or SP is safe to use; no security risk is currently known when used in accordance with any associated guidance. The FIPS 140 Implementation Guideline may indicate additional algorithms that are acceptable for use, but not specified in a FIPS or SP.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"all-source intelligence","link":"https://csrc.nist.gov/glossary/term/all_source_intelligence","abbrSyn":[{"text":"intelligence","link":"https://csrc.nist.gov/glossary/term/intelligence"}],"definitions":[{"text":"In intelligence collection, a phrase that indicates that in the satisfaction of intelligence requirements, all collection, processing, exploitation, and reporting systems and resources are identified for possible use and those most capable are tasked."},{"text":"2. The term 'intelligence' includes foreign intelligence and counterintelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under intelligence ","refSources":[{"text":"50 U.S.C., Sec. 3003","link":"https://www.govinfo.gov/app/details/USCODE-2013-title50/USCODE-2013-title50-chap44-sec3003"}]}]},{"text":"Intelligence products and/or organizations and activities that incorporate all sources of information, most frequently human resources intelligence, imagery intelligence, measurement and signature intelligence, signals intelligence, and open source data in the production of finished intelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/","note":" - Adapted"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"1\na. The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations. \nb. The activities that result in the product. \nc. The organizations engaged in such activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under intelligence ","refSources":[{"text":"JP 2-0","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/2-0-Intelligence-Series/"}]}]},{"text":"Intelligence products and/or organizations and activities that incorporate all sources of information, most frequently including human resources intelligence, imagery intelligence, measurement and signature intelligence, signals intelligence, and open source data in the production of finished intelligence.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under All Source Intelligence ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"Intelligence products and/or organizations and activities that incorporate all sources of information, most frequently including human resources intelligence, imagery intelligence, measurement and signature intelligence, signals intelligence, and open-source data in the production of finished intelligence.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"ALM/PLM","link":"https://csrc.nist.gov/glossary/term/alm_plm","abbrSyn":[{"text":"Application Life cycle Management / Product Lifecycle Management","link":"https://csrc.nist.gov/glossary/term/application_life_cycle_management__product_lifecycle_management"}],"definitions":null},{"term":"Also Known As","link":"https://csrc.nist.gov/glossary/term/also_known_as","abbrSyn":[{"text":"AKA","link":"https://csrc.nist.gov/glossary/term/aka"}],"definitions":null},{"term":"alternate COMSEC account manager","link":"https://csrc.nist.gov/glossary/term/alternate_comsec_account_manager","definitions":[{"text":"The primary alternate COMSEC Account Manager is an individual designated by proper authority to perform the duties of the COMSEC Account Manager during the temporary authorized absence of the COMSEC Account Manager. Additional alternate COMSEC Account Managers may be appointed, as necessary, to assist the COMSEC Account Manager and maintain continuity of operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"alternate COMSEC custodian","link":"https://csrc.nist.gov/glossary/term/alternate_comsec_custodian","note":"(C.F.D.)","definitions":[{"text":"Individual designated by proper authority to perform the duties of the COMSEC custodian during the temporary absence of the COMSEC custodian.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Alternate Data Stream","link":"https://csrc.nist.gov/glossary/term/alternate_data_stream","abbrSyn":[{"text":"ADS","link":"https://csrc.nist.gov/glossary/term/ads"}],"definitions":null},{"term":"Alternate Facility","link":"https://csrc.nist.gov/glossary/term/alternate_facility","abbrSyn":[{"text":"AF","link":"https://csrc.nist.gov/glossary/term/af"}],"definitions":null},{"term":"Alternate MAC/PHY","link":"https://csrc.nist.gov/glossary/term/alternate_mac_phy","abbrSyn":[{"text":"AMP","link":"https://csrc.nist.gov/glossary/term/amp"}],"definitions":null},{"term":"Alternating Current","link":"https://csrc.nist.gov/glossary/term/alternating_current","abbrSyn":[{"text":"AC","link":"https://csrc.nist.gov/glossary/term/ac"}],"definitions":null},{"term":"AMA","link":"https://csrc.nist.gov/glossary/term/ama","abbrSyn":[{"text":"American Medical Association","link":"https://csrc.nist.gov/glossary/term/american_medical_association"}],"definitions":null},{"term":"Amazon Web Services","link":"https://csrc.nist.gov/glossary/term/amazon_web_services","abbrSyn":[{"text":"AWS","link":"https://csrc.nist.gov/glossary/term/aws"}],"definitions":null},{"term":"ambiguity rule","link":"https://csrc.nist.gov/glossary/term/ambiguity_rule","abbrSyn":[{"text":"p,q rule","link":"https://csrc.nist.gov/glossary/term/p_q_rule"}],"definitions":[{"text":"It is assumed that out of publicly available information the contribution of one individual to the cell total can be estimated to within q per cent (q=error before publication); after the publication of the statistic the value can be estimated to within p percent (p=error after publication). In the (p,q) rule the ratio p/q represents the information gain through publication. If the information gain is unacceptable, the cell is declared as confidential. The parameter values p and q are determined by the statistical authority and, thus, define the acceptable level of information gain. In some [National Statistical Organizations] the values of p and q are confidential.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under p,q rule ","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"AMD Platform Secure Boot","link":"https://csrc.nist.gov/glossary/term/amd_platform_secure_boot","abbrSyn":[{"text":"AMD PSB","link":"https://csrc.nist.gov/glossary/term/amd_psb"}],"definitions":null},{"term":"AMD PSB","link":"https://csrc.nist.gov/glossary/term/amd_psb","abbrSyn":[{"text":"AMD Platform Secure Boot","link":"https://csrc.nist.gov/glossary/term/amd_platform_secure_boot"}],"definitions":null},{"term":"AMD Security Processor","link":"https://csrc.nist.gov/glossary/term/amd_security_processor","abbrSyn":[{"text":"ASP","link":"https://csrc.nist.gov/glossary/term/asp"}],"definitions":null},{"term":"American Chemistry Council","link":"https://csrc.nist.gov/glossary/term/american_chemistry_council","abbrSyn":[{"text":"ACC","link":"https://csrc.nist.gov/glossary/term/acc"}],"definitions":null},{"term":"American Fuel and Petrochemical Manufacturers","link":"https://csrc.nist.gov/glossary/term/american_fuel_and_petrochemical_manufacturers","abbrSyn":[{"text":"AFPM","link":"https://csrc.nist.gov/glossary/term/afpm"}],"definitions":null},{"term":"American Gas Association","link":"https://csrc.nist.gov/glossary/term/american_gas_association","abbrSyn":[{"text":"AGA","link":"https://csrc.nist.gov/glossary/term/aga"}],"definitions":null},{"term":"American Hospital Association","link":"https://csrc.nist.gov/glossary/term/american_hospital_association","abbrSyn":[{"text":"AHA","link":"https://csrc.nist.gov/glossary/term/aha"}],"definitions":null},{"term":"American Hospital Association Preferred Cybersecurity Provider","link":"https://csrc.nist.gov/glossary/term/aha_preferred_cybersecurity_provider","abbrSyn":[{"text":"APCP","link":"https://csrc.nist.gov/glossary/term/apcp"}],"definitions":null},{"term":"American Institute of Aeronautics and Astronautics","link":"https://csrc.nist.gov/glossary/term/american_institute_of_aeronautics_and_astronautics","abbrSyn":[{"text":"AIAA","link":"https://csrc.nist.gov/glossary/term/aiaa"}],"definitions":null},{"term":"American Medical Association","link":"https://csrc.nist.gov/glossary/term/american_medical_association","abbrSyn":[{"text":"AMA","link":"https://csrc.nist.gov/glossary/term/ama"}],"definitions":null},{"term":"American National Standard","link":"https://csrc.nist.gov/glossary/term/american_national_standard","abbrSyn":[{"text":"ANS","link":"https://csrc.nist.gov/glossary/term/ans"}],"definitions":null},{"term":"American National Standards Institute","link":"https://csrc.nist.gov/glossary/term/american_national_standards_institute","abbrSyn":[{"text":"ANSI","link":"https://csrc.nist.gov/glossary/term/ansi"}],"definitions":null},{"term":"American National Standards Institute/International Committee for Information Technology Standards","link":"https://csrc.nist.gov/glossary/term/american_national_standards_institute_international_committee_for_information_technology_standards","abbrSyn":[{"text":"ANSI/INCITS","link":"https://csrc.nist.gov/glossary/term/ansi_incits"}],"definitions":null},{"term":"American Petroleum Institute","link":"https://csrc.nist.gov/glossary/term/american_petroleum_institute","abbrSyn":[{"text":"API","link":"https://csrc.nist.gov/glossary/term/api"}],"definitions":null},{"term":"American Public Power Association","link":"https://csrc.nist.gov/glossary/term/american_public_power_association","abbrSyn":[{"text":"APPA","link":"https://csrc.nist.gov/glossary/term/appa"}],"definitions":null},{"term":"American Registry for Internet Numbers","link":"https://csrc.nist.gov/glossary/term/american_registry_for_internet_numbers","abbrSyn":[{"text":"ARIN","link":"https://csrc.nist.gov/glossary/term/arin"}],"definitions":[{"text":"The American Registry for Internet Numbers for Canada, the United States of America, and many Caribbean and North Atlantic Islands.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"American Standard Code for Information Interchange","link":"https://csrc.nist.gov/glossary/term/american_standard_code_for_information_interchange","abbrSyn":[{"text":"ASCII","link":"https://csrc.nist.gov/glossary/term/ascii"}],"definitions":null},{"term":"American Water Works Association","link":"https://csrc.nist.gov/glossary/term/american_water_works_association","abbrSyn":[{"text":"AWWA","link":"https://csrc.nist.gov/glossary/term/awwa"}],"definitions":null},{"term":"American Association of Motor Vehicle Administrators","link":"https://csrc.nist.gov/glossary/term/american_association_of_motor_vehicle_administrators","abbrSyn":[{"text":"AAMVA","link":"https://csrc.nist.gov/glossary/term/aamva"}],"definitions":null},{"term":"American Society for Testing and Materials","link":"https://csrc.nist.gov/glossary/term/american_society_for_testing_and_materials","abbrSyn":[{"text":"ASTM","link":"https://csrc.nist.gov/glossary/term/astm"}],"definitions":null},{"term":"AMI TruE","link":"https://csrc.nist.gov/glossary/term/ami_true","abbrSyn":[{"text":"AMI Trusted Environment","link":"https://csrc.nist.gov/glossary/term/ami_trusted_environment"}],"definitions":null},{"term":"AMI Trusted Environment","link":"https://csrc.nist.gov/glossary/term/ami_trusted_environment","abbrSyn":[{"text":"AMI TruE","link":"https://csrc.nist.gov/glossary/term/ami_true"}],"definitions":null},{"term":"AML","link":"https://csrc.nist.gov/glossary/term/aml","abbrSyn":[{"text":"Adversarial Machine Learning","link":"https://csrc.nist.gov/glossary/term/adversarial_machine_learning"}],"definitions":null},{"term":"AMM","link":"https://csrc.nist.gov/glossary/term/amm","abbrSyn":[{"text":"automated market maker","link":"https://csrc.nist.gov/glossary/term/automated_market_maker"}],"definitions":null},{"term":"AMP","link":"https://csrc.nist.gov/glossary/term/amp","abbrSyn":[{"text":"Advanced Malware Protection","link":"https://csrc.nist.gov/glossary/term/advanced_malware_protection"},{"text":"Alternate MAC/PHY","link":"https://csrc.nist.gov/glossary/term/alternate_mac_phy"}],"definitions":null},{"term":"AMWA","link":"https://csrc.nist.gov/glossary/term/amwa","abbrSyn":[{"text":"Association of Metropolitan Water Agencies","link":"https://csrc.nist.gov/glossary/term/association_of_metropolitan_water_agencies"}],"definitions":null},{"term":"Analysis","link":"https://csrc.nist.gov/glossary/term/analysis","definitions":[{"text":"The examination of acquired data for its significance and probative value to the case.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"The third phase of the computer and network forensic process, which involves using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Analysis Approach","link":"https://csrc.nist.gov/glossary/term/analysis_approach","definitions":[{"text":"The approach used to define the orientation or starting point of the risk assessment, the level of detail in the assessment, and how risks due to similar threat scenarios are treated.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under analysis approach ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"term":"Analytic Systems","link":"https://csrc.nist.gov/glossary/term/analytic_systems","definitions":[{"text":"IT systems that process the information outputs produced by middleware. Analytic systems may be comprised of databases, data processing software, and Web services.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"ANC","link":"https://csrc.nist.gov/glossary/term/anc","abbrSyn":[{"text":"Adaptive Network Control","link":"https://csrc.nist.gov/glossary/term/adaptive_network_control"}],"definitions":null},{"term":"Android for Work","link":"https://csrc.nist.gov/glossary/term/android_for_work","abbrSyn":[{"text":"AFW","link":"https://csrc.nist.gov/glossary/term/afw"}],"definitions":null},{"term":"AN-ITL","link":"https://csrc.nist.gov/glossary/term/an_itl","abbrSyn":[{"text":"ANSI/NIST-ITL","link":"https://csrc.nist.gov/glossary/term/ansi_nist_itl"}],"definitions":null},{"term":"Announcement Traffic Indication Message","link":"https://csrc.nist.gov/glossary/term/announcement_traffic_indication_message","abbrSyn":[{"text":"ATIM","link":"https://csrc.nist.gov/glossary/term/atim"}],"definitions":null},{"term":"Annual Conference on Digital Forensics, Security and Law","link":"https://csrc.nist.gov/glossary/term/annual_conference_on_digital_forensics_security_and_law","abbrSyn":[{"text":"ADFSL","link":"https://csrc.nist.gov/glossary/term/adfsl"}],"definitions":null},{"term":"Annualized Loss Expectancy","link":"https://csrc.nist.gov/glossary/term/annualized_loss_expectancy","abbrSyn":[{"text":"ALE","link":"https://csrc.nist.gov/glossary/term/ale"}],"definitions":null},{"term":"Anomalous Event Response and Recovery Management","link":"https://csrc.nist.gov/glossary/term/anomalous_event_response_and_recovery_management","abbrSyn":[{"text":"Capability, Anomalous Event Response and Recovery Management","link":"https://csrc.nist.gov/glossary/term/capability_anomalous_event_response_and_recovery_management"}],"definitions":[{"text":"See Capability, Anomalous Event Response and Recovery Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"An ISCM capability that ensures that both routine and unexpected events that require a response to maintain functionality and security are responded to (once identified) within a time frame that prevents or reduces the impact (i.e., consequences) of the events to the extent possible.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Anomalous Event Response and Recovery Management "}]}]},{"term":"anomaly","link":"https://csrc.nist.gov/glossary/term/anomaly","definitions":[{"text":"Condition that deviates from expectations based on requirements specifications, design documents, user documents, or standards, or from someone’s perceptions or experiences.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]}]},{"term":"ANonce","link":"https://csrc.nist.gov/glossary/term/anonce","abbrSyn":[{"text":"Authenticator number once","link":"https://csrc.nist.gov/glossary/term/authenticator_number_once"}],"definitions":null},{"term":"anonymity","link":"https://csrc.nist.gov/glossary/term/anonymity","definitions":[{"text":"Condition in identification whereby an entity can be recognized as distinct, without sufficient identity information to establish a link to a known identity.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]},{"text":"condition in identification whereby an entity can be recognized as distinct, without sufficient identity information to establish a link to a known identity","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]}]},{"term":"anonymization","link":"https://csrc.nist.gov/glossary/term/anonymization","definitions":[{"text":"A process that removes the association between the identifying dataset and the data subject.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","refSources":[{"text":"ISO/TS 25237:2008"}]}]},{"text":"process that removes the association between the identifying dataset and the data subject","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"anonymized data","link":"https://csrc.nist.gov/glossary/term/anonymized_data","definitions":[{"text":"data from which the patient cannot be identified by the recipient of the information","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"Anonymized Information","link":"https://csrc.nist.gov/glossary/term/anonymized_information","definitions":[{"text":"Previously identifiable information that has been de-identified and for which a code or other association for re-identification no longer exists.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]},{"term":"anonymous identifier","link":"https://csrc.nist.gov/glossary/term/anonymous_identifier","definitions":[{"text":"identifier of a person which does not allow the unambiguous identification of the natural person","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"ANS","link":"https://csrc.nist.gov/glossary/term/ans","abbrSyn":[{"text":"American National Standard","link":"https://csrc.nist.gov/glossary/term/american_national_standard"}],"definitions":null},{"term":"ANSI","link":"https://csrc.nist.gov/glossary/term/ansi","abbrSyn":[{"text":"American National Standard Institute"},{"text":"American National Standards Institute","link":"https://csrc.nist.gov/glossary/term/american_national_standards_institute"}],"definitions":null},{"term":"ANSI/INCITS","link":"https://csrc.nist.gov/glossary/term/ansi_incits","abbrSyn":[{"text":"American National Standards Institute/International Committee for Information Technology Standards","link":"https://csrc.nist.gov/glossary/term/american_national_standards_institute_international_committee_for_information_technology_standards"}],"definitions":null},{"term":"ANSI/NIST-ITL","link":"https://csrc.nist.gov/glossary/term/ansi_nist_itl","abbrSyn":[{"text":"AN-ITL","link":"https://csrc.nist.gov/glossary/term/an_itl"}],"definitions":null},{"term":"Answer to Reset","link":"https://csrc.nist.gov/glossary/term/answer_to_reset","abbrSyn":[{"text":"ATR","link":"https://csrc.nist.gov/glossary/term/atr"}],"definitions":null},{"term":"ANTD","link":"https://csrc.nist.gov/glossary/term/antd","abbrSyn":[{"text":"Advanced Network Technologies Division","link":"https://csrc.nist.gov/glossary/term/advanced_network_technologies_division"},{"text":"Advanced Network Technology Division"},{"text":"ITL Advanced Network Technologies Division","link":"https://csrc.nist.gov/glossary/term/itl_advanced_network_technologies_division"}],"definitions":null},{"term":"anticipated re-identification rate","link":"https://csrc.nist.gov/glossary/term/anticipated_re_identification_rate","definitions":[{"text":"When an organization contemplates performing re-identification, the re-identification rate that the resulting de-identified data are likely to have.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Anti-Forensic","link":"https://csrc.nist.gov/glossary/term/anti_forensic","definitions":[{"text":"A technique for concealing or destroying data so that others cannot access it.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"anti-jam","link":"https://csrc.nist.gov/glossary/term/anti_jam","definitions":[{"text":"The result of measures to resist attempts to interfere with communications reception.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"anti-signal fingerprint","link":"https://csrc.nist.gov/glossary/term/anti_signal_fingerprint","definitions":[{"text":"Result of measures used to resist attempts to uniquely identify a particular transmitter based on its signal parameters.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"anti-signal spoof","link":"https://csrc.nist.gov/glossary/term/anti_signal_spoof","definitions":[{"text":"Result of measures used to resist attempts to achieve imitative or manipulative communications deception based on signal parameters.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"anti-spoof","link":"https://csrc.nist.gov/glossary/term/anti_spoof","definitions":[{"text":"Countermeasures taken to prevent the unauthorized use of legitimate identification & authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"anti-tamper","link":"https://csrc.nist.gov/glossary/term/anti_tamper","abbrSyn":[{"text":"AT","link":"https://csrc.nist.gov/glossary/term/at"}],"definitions":[{"text":"Systems engineering activities intended to prevent physical manipulation or delay exploitation of critical program information in U.S. defense systems in domestic and export configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.39","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"DoDI 5200.39","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}],"seeAlso":[{"text":"tampering","link":"tampering"}]},{"term":"Anti-tampering","link":"https://csrc.nist.gov/glossary/term/anti_tampering","abbrSyn":[{"text":"AT","link":"https://csrc.nist.gov/glossary/term/at"}],"definitions":null},{"term":"Antivirus","link":"https://csrc.nist.gov/glossary/term/antivirus","abbrSyn":[{"text":"AV","link":"https://csrc.nist.gov/glossary/term/av"}],"definitions":null},{"term":"Antivirus Software","link":"https://csrc.nist.gov/glossary/term/antivirus_software","definitions":[{"text":"A program specifically designed to detect many forms of malware and prevent them from infecting computers, as well as cleaning computers that have already been infected.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]"}]},{"text":"A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]}]},{"term":"AO","link":"https://csrc.nist.gov/glossary/term/ao","abbrSyn":[{"text":"Authorizing Official"}],"definitions":[{"text":"A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.","sources":[{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009-2010"}]}]}]},{"term":"AODR","link":"https://csrc.nist.gov/glossary/term/aodr","abbrSyn":[{"text":"Authorizing Official Designated Representative"}],"definitions":[{"text":"An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization or privacy authorization.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorizing Official Designated Representative ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]},{"text":"An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorizing Official Designated Representative "}]}]},{"term":"AP","link":"https://csrc.nist.gov/glossary/term/ap","abbrSyn":[{"text":"Access Point"},{"text":"assured pipeline","link":"https://csrc.nist.gov/glossary/term/assured_pipeline"}],"definitions":[{"text":"A set of filter processes that are arranged in a linear order using one-way inter-process communications to transfer data between processes. The linear flow is enforced with mandatory and discretionary access control mechanisms."}]},{"term":"APCO","link":"https://csrc.nist.gov/glossary/term/apco","abbrSyn":[{"text":"Association of Public Safety Communications Officials","link":"https://csrc.nist.gov/glossary/term/association_of_public_safety_communications_officials"}],"definitions":null},{"term":"APCP","link":"https://csrc.nist.gov/glossary/term/apcp","abbrSyn":[{"text":"American Hospital Association Preferred Cybersecurity Provider","link":"https://csrc.nist.gov/glossary/term/aha_preferred_cybersecurity_provider"}],"definitions":null},{"term":"APDU","link":"https://csrc.nist.gov/glossary/term/apdu","abbrSyn":[{"text":"Application Protocol Data Unit","link":"https://csrc.nist.gov/glossary/term/application_protocol_data_unit"}],"definitions":[{"text":"A part of the application layer in the Open Systems Interconnection Reference model that is used for communication between two separate device's applications. In the context of smart cards, an APDU is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by [ISO 7816-4].","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157","underTerm":" under Application Protocol Data Unit "}]}]},{"term":"APEC","link":"https://csrc.nist.gov/glossary/term/apec","abbrSyn":[{"text":"Asia-Pacific Economic Cooperation","link":"https://csrc.nist.gov/glossary/term/asia_pacific_economic_cooperation"}],"definitions":null},{"term":"Aperiodic Templates Test","link":"https://csrc.nist.gov/glossary/term/aperiodic_templates_test","definitions":[{"text":"The purpose of this test is to reject sequences that exhibit too many occurrences of a given non-periodic (aperiodic) pattern.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"API","link":"https://csrc.nist.gov/glossary/term/api","abbrSyn":[{"text":"American Petroleum Institute","link":"https://csrc.nist.gov/glossary/term/american_petroleum_institute"},{"text":"Application Interface","link":"https://csrc.nist.gov/glossary/term/application_interface"},{"text":"Application Program Interface"},{"text":"application programming interface"},{"text":"Application programming interface"},{"text":"Application Programming Interface"},{"text":"Applications Programming Interface"}],"definitions":[{"text":"A system access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Application Program Interface "}]}]},{"term":"APN","link":"https://csrc.nist.gov/glossary/term/apn","abbrSyn":[{"text":"Access Point Name","link":"https://csrc.nist.gov/glossary/term/access_point_name"},{"text":"Apple Push Notification","link":"https://csrc.nist.gov/glossary/term/apple_push_notification"}],"definitions":null},{"term":"APNIC","link":"https://csrc.nist.gov/glossary/term/apnic","abbrSyn":[{"text":"Asia Pacific Network Information Centre"},{"text":"Asia-Pacific Network Information Center"},{"text":"Asia-Pacific Network Information Centre","link":"https://csrc.nist.gov/glossary/term/asia_pacific_network_information_centre"}],"definitions":[{"text":"The Regional Internet Registry for the Asia Pacific region that allocates and registers Internet resources in its region.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Asia Pacific Network Information Centre "}]}]},{"term":"APNS","link":"https://csrc.nist.gov/glossary/term/apns","abbrSyn":[{"text":"Apple Push Notification System","link":"https://csrc.nist.gov/glossary/term/apple_push_notification_system"}],"definitions":null},{"term":"App ID","link":"https://csrc.nist.gov/glossary/term/app_id","abbrSyn":[{"text":"Application Identification","link":"https://csrc.nist.gov/glossary/term/application_identification"}],"definitions":null},{"term":"APPA","link":"https://csrc.nist.gov/glossary/term/appa","abbrSyn":[{"text":"American Public Power Association","link":"https://csrc.nist.gov/glossary/term/american_public_power_association"}],"definitions":null},{"term":"AppAuth","link":"https://csrc.nist.gov/glossary/term/appauth","abbrSyn":[{"text":"Application Authentication System","link":"https://csrc.nist.gov/glossary/term/application_authentication_system"}],"definitions":null},{"term":"Apple Push Notification","link":"https://csrc.nist.gov/glossary/term/apple_push_notification","abbrSyn":[{"text":"APN","link":"https://csrc.nist.gov/glossary/term/apn"}],"definitions":null},{"term":"Apple Push Notification System","link":"https://csrc.nist.gov/glossary/term/apple_push_notification_system","abbrSyn":[{"text":"APNS","link":"https://csrc.nist.gov/glossary/term/apns"}],"definitions":null},{"term":"Applicability Statement","link":"https://csrc.nist.gov/glossary/term/applicability_statement","definitions":[{"text":"A complex logical expression to describe an IT platform, formed out of individual CPE names and references to checks. Applicability statements are used to designate which platforms particular guidance, policies, etc. apply to.","sources":[{"text":"NISTIR 7698","link":"https://doi.org/10.6028/NIST.IR.7698"}]}]},{"term":"applicant","link":"https://csrc.nist.gov/glossary/term/applicant","definitions":[{"text":"An individual applying for a PIV Card or derived PIV credential. The applicant may be a current or prospective federal hire, a federal employee, or a contractor.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Applicant "}]},{"text":"An individual who has applied for, but has not yet been issued, a Derived PIV Credential.","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157","underTerm":" under Applicant "}]},{"text":"The subscriber is sometimes also called an \"applicant\" after applying to a certification authority for a certificate, but before the certificate issuance procedure is completed.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Applicant "}]},{"text":"A subject undergoing the processes of enrollment and identity proofing.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Applicant "}]},{"text":"An individual applying for a PIV Card.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Applicant "}]},{"text":"An individual who has applied for but has not yet been issued a Derived PIV Credential.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"An entity (organization or individual) that  requests the assignment of a name from a Registration Authority.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","refSources":[{"text":"ISO/IEC JTC1 N820"}]}]},{"text":"An individual applying for a PIV Card/credential. The Applicant may be a current or prospective Federal hire, a Federal employee, or a contractor.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Applicant "}]},{"text":"A party undergoing the processes of registration and identity proofing.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Applicant "}]}]},{"term":"application","link":"https://csrc.nist.gov/glossary/term/application","definitions":[{"text":"A hardware/software system implemented to satisfy a particular set of requirements. In this context, an application incorporates a system used to satisfy a subset of requirements related to the verification or identification of an end user’s identity so that the end user’s identifier can be used to facilitate the end user’s interaction with the system.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Application "}]},{"text":"A software program hosted by an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Application ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Application "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Application ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"the system, functional area, or problem to which information technology isapplied. The application includes related manual procedures as well as automated procedures. Payroll, accounting, and management information systems are examples of applications.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Application "}]},{"text":"The system, functional area, or problem to which information technology is applied. The application includes related manual procedures as well as automated procedures. Payroll, accounting, and management information systems are examples of applications.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application ","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"text":"A system for collecting, saving, processing, and presenting data by means of a computer. The term application is generally used when referring to a component of software that can be executed. The terms application and software application are often used synonymously.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Application ","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"A hardware/software system implemented to satisfy a particular set of requirements. In this context, an application incorporates a system used to satisfy a subset of requirements related to the verification or identification of an end user’s identity so that the end user’s identifier can be used to facilitate the end user’s interaction with the system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Application "}]}]},{"term":"application allowlisting","link":"https://csrc.nist.gov/glossary/term/application_allowlisting","abbrSyn":[{"text":"AAL","link":"https://csrc.nist.gov/glossary/term/aal"}],"definitions":[{"text":"A list of applications and application components (libraries, configuration files, etc.) that are authorized to be present or active on a host according to a well-defined baseline.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167","note":" - Under \"application whitelist\""}]}]}]},{"term":"Application Authentication System","link":"https://csrc.nist.gov/glossary/term/application_authentication_system","abbrSyn":[{"text":"AppAuth","link":"https://csrc.nist.gov/glossary/term/appauth"}],"definitions":null},{"term":"Application Binary Interface","link":"https://csrc.nist.gov/glossary/term/application_binary_interface","abbrSyn":[{"text":"ABI","link":"https://csrc.nist.gov/glossary/term/abi"}],"definitions":null},{"term":"application delivery controller","link":"https://csrc.nist.gov/glossary/term/application_delivery_controller","abbrSyn":[{"text":"ADC","link":"https://csrc.nist.gov/glossary/term/adc"}],"definitions":null},{"term":"Application Entity Title","link":"https://csrc.nist.gov/glossary/term/application_entity_title","abbrSyn":[{"text":"AE Title","link":"https://csrc.nist.gov/glossary/term/ae_title"}],"definitions":null},{"term":"Application Firewall","link":"https://csrc.nist.gov/glossary/term/application_firewall","definitions":[{"text":"A firewall that uses stateful protocol analysis to analyze network traffic for one or more applications.","sources":[{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","refSources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]},{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Application Identification","link":"https://csrc.nist.gov/glossary/term/application_identification","abbrSyn":[{"text":"App ID","link":"https://csrc.nist.gov/glossary/term/app_id"}],"definitions":null},{"term":"Application Identifier","link":"https://csrc.nist.gov/glossary/term/application_identifier","abbrSyn":[{"text":"AID","link":"https://csrc.nist.gov/glossary/term/aid"}],"definitions":[{"text":"A globally unique identifier of a card application as defined in ISO/IEC 7816-4.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"application interconnection","link":"https://csrc.nist.gov/glossary/term/application_interconnection","definitions":[{"text":"A logical communications link between two or more applications operated by different organizations or within the same organization but within different authorization boundaries used to exchange information or provide information services (e.g., authentication, logging). ","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"Application Interface Capability","link":"https://csrc.nist.gov/glossary/term/application_interface_capability","definitions":[{"text":"The ability for other computing devices to communicate with an IoT device through an IoT device application.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Application Layer","link":"https://csrc.nist.gov/glossary/term/application_layer","definitions":[{"text":"Layer of the TCP/IP protocol stack that sends and receives data for particular applications such as DNS, HTTP, and SMTP.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]}]},{"term":"Application Level Gateway (ALG)","link":"https://csrc.nist.gov/glossary/term/application_level_gateway","abbrSyn":[{"text":"ALG","link":"https://csrc.nist.gov/glossary/term/alg"}],"definitions":[{"text":"Application Level Gateways (ALGs) are application specific translation agents that allow an application (like VOIP) on a host in one address realm to connect to its counterpart running on a host in different realm transparently. An ALG may interact with NAT to set up state, use NAT state information, modify application specific payload and perform whatever else is necessary to get the application running across disparate address realms.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"Application Life cycle Management / Product Lifecycle Management","link":"https://csrc.nist.gov/glossary/term/application_life_cycle_management__product_lifecycle_management","abbrSyn":[{"text":"ALM/PLM","link":"https://csrc.nist.gov/glossary/term/alm_plm"}],"definitions":null},{"term":"Application Programming Interface (API)","link":"https://csrc.nist.gov/glossary/term/application_programming_interface","abbrSyn":[{"text":"API","link":"https://csrc.nist.gov/glossary/term/api"}],"definitions":[{"text":"A system access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Application Program Interface (API) ","refSources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"},{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Application Program Interface "}]}]},{"term":"Application Protocol Data Unit","link":"https://csrc.nist.gov/glossary/term/application_protocol_data_unit","abbrSyn":[{"text":"APDU","link":"https://csrc.nist.gov/glossary/term/apdu"}],"definitions":[{"text":"A part of the application layer in the Open Systems Interconnection Reference model that is used for communication between two separate device's applications. In the context of smart cards, an APDU is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by [ISO 7816-4].","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157"}]}]},{"term":"application security testing","link":"https://csrc.nist.gov/glossary/term/application_security_testing","abbrSyn":[{"text":"AST","link":"https://csrc.nist.gov/glossary/term/ast"}],"definitions":null},{"term":"Application Session","link":"https://csrc.nist.gov/glossary/term/application_session","definitions":[{"text":"The period of time within a card session between when a card application is selected and a different card application is selected or the card session ends.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Application Specific Integrated Circuit","link":"https://csrc.nist.gov/glossary/term/application_specific_integrated_circuit","abbrSyn":[{"text":"ASIC","link":"https://csrc.nist.gov/glossary/term/asic"}],"definitions":null},{"term":"Application Translation","link":"https://csrc.nist.gov/glossary/term/application_translation","definitions":[{"text":"A function that converts information from one protocol to another.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"Application virtualization","link":"https://csrc.nist.gov/glossary/term/application_virtualization","definitions":[{"text":"A virtual implementation of the application programming interface (API) that a running application expects to use.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","underTerm":" under Application virtusalization "}]},{"text":"A form of virtualization that exposes a single shared operating system kernel to multiple discrete application instances, each of which is kept isolated from all others on the host.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"Application-Proxy Gateway","link":"https://csrc.nist.gov/glossary/term/application_proxy_gateway","definitions":[{"text":"A firewall capability that combines lower-layer access control with upper layer-functionality, and includes a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"application-specific integrated circuits (ASICs)","link":"https://csrc.nist.gov/glossary/term/application_specific_integrated_circuits","abbrSyn":[{"text":"ARP","link":"https://csrc.nist.gov/glossary/term/arp"},{"text":"ASIC","link":"https://csrc.nist.gov/glossary/term/asic"}],"definitions":[{"text":"A digital or analog circuit, custom-designed and/or custom-manufactured to perform a specific function. An ASIC is not reconfigurable and cannot contain additional instructions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 505","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"Application-Specific Key Derivation Functions","link":"https://csrc.nist.gov/glossary/term/application_specific_key_derivation_functions","abbrSyn":[{"text":"ASKDF","link":"https://csrc.nist.gov/glossary/term/askdf"}],"definitions":null},{"term":"Applied Cybersecurity Division","link":"https://csrc.nist.gov/glossary/term/applied_cybersecurity_division","abbrSyn":[{"text":"ACD","link":"https://csrc.nist.gov/glossary/term/acd"}],"definitions":null},{"term":"apply cryptographic protection","link":"https://csrc.nist.gov/glossary/term/apply_cryptographic_protection","definitions":[{"text":"Depending on the algorithm, to encrypt or sign data, generate a hash function or Message Authentication Code (MAC), or establish keys (including wrapping and deriving keys).","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"approach","link":"https://csrc.nist.gov/glossary/term/approach","definitions":[{"text":"See cyber resiliency implementation approach.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"approval status","link":"https://csrc.nist.gov/glossary/term/approval_status","definitions":[{"text":"Used to designate usage by the U.S. Federal Government.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Approval to Connect","link":"https://csrc.nist.gov/glossary/term/approval_to_connect","abbrSyn":[{"text":"ATC","link":"https://csrc.nist.gov/glossary/term/atc"}],"definitions":null},{"term":"approval to operate","link":"https://csrc.nist.gov/glossary/term/approval_to_operate","abbrSyn":[{"text":"ATO","link":"https://csrc.nist.gov/glossary/term/ato"},{"text":"authorization to operate","link":"https://csrc.nist.gov/glossary/term/authorization_to_operate"},{"text":"Certification and Accreditation"}],"definitions":[{"text":"The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"seeCertificationandAccreditation.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Approval to Operate "}]},{"text":"Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under ATO "}]},{"text":"The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]}]},{"term":"approved","link":"https://csrc.nist.gov/glossary/term/approved","definitions":[{"text":"An algorithm or technique for a specific cryptographic use that is specified in a FIPS or NIST Recommendation, adopted in a FIPS or NIST Recommendation, or specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"An algorithm or technique that is either 1) specified in a Federal Information Processing Standard (FIPS) or NIST Recommendation, 2) adopted in a FIPS or NIST Recommendation, or 3) specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation or 3) specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Approved "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended. An algorithm or technique that is either: \n1) Specified in a FIPS or NIST Recommendation, \n2) Adopted in a FIPS or NIST Recommendation, or \n3) Specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, 2) adopted in a FIPS or NIST Recommendation or 3) specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Approved "},{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Approved "}]},{"text":"FIPS approved or NIST Recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation or 3) specified in a list of NIST Approved security functions.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Approved "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Approved "}]},{"text":"FIPS-approved or NIST-Recommended.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Approved "}]},{"text":"FIPS approved or NIST recommended: an algorithm or technique that is either 1) specified in a FIPS or a NIST Recommendation, or 2) adopted in a FIPS or a NIST Recommendation.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Approved "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Approved "}]},{"text":"FIPS approved or NIST recommended: an algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Approved "}]},{"text":"FIPS-approved or NIST-recommended: an algorithm or technique that is either 1) specified in a FIPS or a NIST Recommendation, or 2) adopted in a FIPS or a NIST Recommendation.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"FIPS-approved or NIST-Recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation and specified either (a) in an appendix to the FIPS or NIST Recommendation, or (b) in a document referenced by the FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Approved "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Approved "}]},{"text":"FIPS approved or NIST Recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation or 3) specified in a list of NIST-approved security functions.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"FIPS-approved or NIST-recommended: an algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Approved "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"FIPS-Approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation and specified in an appendix to the FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Approved "}]},{"text":"FIPS-approved, NIST-Recommended and/or validated by the Cryptographic Algorithm Validation Program (CAVP).","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) specified elsewhere and adopted by reference in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Approved "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Approved "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"FIPS-Approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation and specified either in an appendix to the FIPS or NIST Recommendation, or in a document referenced by the FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"FIPS-Approved and/or NIST-recommended. An algorithm or technique that is either: 1) specified in a FIPS or NIST Recommendation or 2) specified elsewhere and adopted by reference in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Approved "}]},{"text":"FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation or 2) specified elsewhere and adopted by reference in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Approved "}]},{"text":"FIPS-approved or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation or 2) adopted in a FIPS or NIST Recommendation and specified either (a) in an appendix to the FIPS or NIST Recommendation or (b) in a document referenced by the FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"},{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]},{"text":"FIPS approved or NIST recommended. An algorithm or technique that is either (1) specified in a FIPS or a NIST recommendation or (2) adopted in a FIPS or NIST recommendation.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Approved "}]},{"text":"Federal Information Processing Standards (FIPS)-approved or NIST-recommended. An algorithm or technique that meets at least one of the following: 1) is specified in a FIPS or NIST Recommendation, 2) is adopted in a FIPS or NIST Recommendation or 3) is specified in a list of NIST-approved security functions (e.g., specified as approved in the annexes of [FIPS 140]).","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Approved "}]},{"text":"Federal Information Processing Standard (FIPS) approved or NIST recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Approved "}]}]},{"term":"Approved entropy source","link":"https://csrc.nist.gov/glossary/term/approved_entropy_source","definitions":[{"text":"An entropy source that has been validated as conforming to [NIST SP 800-90B].","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Approved hash algorithms","link":"https://csrc.nist.gov/glossary/term/approved_hash_algorithms","definitions":[{"text":"Hash algorithms specified in FIPS 180-4.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"Cryptographic hash algorithms specified in [FIPS 180-3].","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"Approved security function","link":"https://csrc.nist.gov/glossary/term/approved_security_function","definitions":[{"text":"A security function (e.g., cryptographic algorithm, cryptographic key management technique, or authentication technique) that is either \na) Specified in an Approved standard, \nb) Adopted in an Approved standard and specified either in an appendix of the Approved standard or in a document referenced by the Approved standard, or \nc) Specified in the list of Approved security functions.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Approximate Entropy Test","link":"https://csrc.nist.gov/glossary/term/approximate_entropy_test","definitions":[{"text":"The purpose of the test is to compare the frequency of overlapping blocks of two consecutive/adjacent lengths (m and m+1) against the expected result for a normally distributed sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"APS","link":"https://csrc.nist.gov/glossary/term/aps","abbrSyn":[{"text":"Attribute Practice Statement","link":"https://csrc.nist.gov/glossary/term/attribute_practice_statement"}],"definitions":null},{"term":"APT","link":"https://csrc.nist.gov/glossary/term/apt","abbrSyn":[{"text":"Advanced Persistent Threat"}],"definitions":[{"text":"An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception), to generate opportunities to achieve its objectives which are typically to establish and extend its presence within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Advanced Persistent Threat ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Advanced Persistent Threat "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Advanced Persistent Threat "}]}]},{"term":"APU","link":"https://csrc.nist.gov/glossary/term/apu","abbrSyn":[{"text":"Auxiliary Power Unit","link":"https://csrc.nist.gov/glossary/term/auxiliary_power_unit"}],"definitions":null},{"term":"AQL","link":"https://csrc.nist.gov/glossary/term/aql","abbrSyn":[{"text":"Ariel Query Language","link":"https://csrc.nist.gov/glossary/term/ariel_query_language"}],"definitions":null},{"term":"architecture","link":"https://csrc.nist.gov/glossary/term/architecture","abbrSyn":[{"text":"security architecture","link":"https://csrc.nist.gov/glossary/term/security_architecture"}],"definitions":[{"text":"A highly structured specification of an acceptable approach within a framework for solving a specific problem. An architecture contains descriptions of all the components of a selected, acceptable solution while allowing certain details of specific components to be variable to satisfy related constraints (e.g., costs, local environment, user acceptability).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Architecture "}]},{"text":"Fundamental concepts or properties related to a system in its environment embodied in its elements, relationships, and in the principles of its design and evolution.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under security architecture "}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected. Note: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interaction between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security architecture ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans. See information security architecture.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security architecture ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"A highly structured specification of an acceptable approach within a framework for solving a specific problem. An architecture contains descriptions of all the components of a selected, acceptable solution while allowing certain details of specific components to be variable to satisfy related constraints (e.g., costs, local environment, user acceptability).","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Architecture ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Architecture "},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Architecture ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]}]},{"text":"A highly structured specification of an acceptable approach within a framework for solving a specific problem. An architecture contains descriptions of all the components of a selected, acceptable solution, while allowing certain details of specific components to be variable to satisfy related constraints (e.g., costs, local environment, user acceptability).","sources":[{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Architecture ","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]}]},{"text":"The design of the network of the hotel environment and the components that are used to construct it.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Architecture "}]},{"text":"the design of the network of the hotel environment and the components that are used to construct it","sources":[{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Architecture "}]},{"text":"complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Fundamental concepts or properties of a system in its environment embodied in its elements, relationships, and in the principles of its design and evolution.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under architecture (system) ","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under architecture (system) ","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]},{"text":"A set of related physical and logical representations (i.e., views) of a system or a solution. The architecture conveys information about system/solution elements, interconnections, relationships, and behavior at different levels of abstractions and with different scopes. \nRefer to security architecture.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected. \nNote: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interactions between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security architecture "}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected.\nNote: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interactions between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security architecture "}]}],"seeAlso":[{"text":"security architecture","link":"security_architecture"}]},{"term":"Architecture and Infrastructure Committee","link":"https://csrc.nist.gov/glossary/term/architecture_and_infrastructure_committee","abbrSyn":[{"text":"AIC","link":"https://csrc.nist.gov/glossary/term/aic"}],"definitions":null},{"term":"Architecture Constructs","link":"https://csrc.nist.gov/glossary/term/architecture_constructs","definitions":[{"text":"Design structures that can serve as the basic building blocks for a Notional Architecture.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"architecture description","link":"https://csrc.nist.gov/glossary/term/architecture_description","definitions":[{"text":"A work product used to express an architecture.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"Architecture Design Principles","link":"https://csrc.nist.gov/glossary/term/architecture_design_principles","definitions":[{"text":"Best practices derived from large-scale information-sharing implementations that serve as the overall guidance for building security and privacy services for HIEs.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"architecture framework","link":"https://csrc.nist.gov/glossary/term/architecture_framework","definitions":[{"text":"Conventions, principles, and practices for the description of architectures established within a specific domain of application and/or community of stakeholders.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"architecture view","link":"https://csrc.nist.gov/glossary/term/architecture_view","definitions":[{"text":"A work product expressing the architecture of a system from the perspective of specific system concerns.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"architecture viewpoint","link":"https://csrc.nist.gov/glossary/term/architecture_viewpoint","definitions":[{"text":"A work product establishing the conventions for the construction, interpretation, and use of architecture views to frame specific system concerns.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"Archive","link":"https://csrc.nist.gov/glossary/term/archive","abbrSyn":[{"text":"Archive facility","link":"https://csrc.nist.gov/glossary/term/archive_facility"},{"text":"Key management archive","link":"https://csrc.nist.gov/glossary/term/key_management_archive"}],"definitions":[{"text":"Noun: See Archive facility.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"Verb: To place a cryptographic key and/or metadata into long-term storage that will be maintained even if the storage technology changes.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A facility used for long-term key and/or metadata storage.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Archive facility "}]},{"text":"Long-term, physically separate storage.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]},{"text":"1. To place information into long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"2. A location or media used for long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"See Key management archive.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"1. To place information into long-term storage. 2. A locat ion or media ussed for long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"To place information into long-term storage. Also, see Key management archive.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A function in the lifecycle of keying material; a repository for the long- term storage of keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key management archive "}]}]},{"term":"Archive facility","link":"https://csrc.nist.gov/glossary/term/archive_facility","abbrSyn":[{"text":"Archive","link":"https://csrc.nist.gov/glossary/term/archive"}],"definitions":[{"text":"Noun: See Archive facility.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Archive "}]},{"text":"Verb: To place a cryptographic key and/or metadata into long-term storage that will be maintained even if the storage technology changes.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Archive "}]},{"text":"A facility used for long-term key and/or metadata storage.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"Long-term, physically separate storage.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Archive "}]},{"text":"1. To place information into long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Archive "}]},{"text":"2. A location or media used for long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Archive "}]},{"text":"See Key management archive.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Archive "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Archive "}]},{"text":"1. To place information into long-term storage. 2. A locat ion or media ussed for long-term storage.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Archive "}]},{"text":"To place information into long-term storage. Also, see Key management archive.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Archive "}]}]},{"term":"ARF","link":"https://csrc.nist.gov/glossary/term/arf","abbrSyn":[{"text":"Asset Reporting Format"}],"definitions":null},{"term":"Ariel Query Language","link":"https://csrc.nist.gov/glossary/term/ariel_query_language","abbrSyn":[{"text":"AQL","link":"https://csrc.nist.gov/glossary/term/aql"}],"definitions":null},{"term":"ARIN","link":"https://csrc.nist.gov/glossary/term/arin","abbrSyn":[{"text":"American Registry for Internet Numbers","link":"https://csrc.nist.gov/glossary/term/american_registry_for_internet_numbers"}],"definitions":[{"text":"The American Registry for Internet Numbers for Canada, the United States of America, and many Caribbean and North Atlantic Islands.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under American Registry for Internet Numbers "}]}]},{"term":"ARM","link":"https://csrc.nist.gov/glossary/term/arm","abbrSyn":[{"text":"Access Rights Management","link":"https://csrc.nist.gov/glossary/term/access_rights_management"},{"text":"Advanced Reduced Instruction Set Computing (RISC) Machine","link":"https://csrc.nist.gov/glossary/term/risc_machine"},{"text":"Advanced RISC Machines","link":"https://csrc.nist.gov/glossary/term/advanced_risc_machines"}],"definitions":null},{"term":"ARMP","link":"https://csrc.nist.gov/glossary/term/armp","abbrSyn":[{"text":"Average Record Matching Probability","link":"https://csrc.nist.gov/glossary/term/average_record_matching_probability"}],"definitions":null},{"term":"ARP","link":"https://csrc.nist.gov/glossary/term/arp","abbrSyn":[{"text":"Address Resolution Protocol"},{"text":"Application-Specific Integrated Circuit"}],"definitions":null},{"term":"ARPA","link":"https://csrc.nist.gov/glossary/term/arpa","abbrSyn":[{"text":"Advanced Research Project Agency","link":"https://csrc.nist.gov/glossary/term/advanced_research_project_agency"}],"definitions":null},{"term":"Array","link":"https://csrc.nist.gov/glossary/term/array","definitions":[{"text":"A fixed-size data structure that stores a collection of elements, where each element is identified by its integer index or indices.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]},{"text":"A fixed-length data structure that stores a collection of elements, where each element is identified by its integer index.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"ARX","link":"https://csrc.nist.gov/glossary/term/arx","abbrSyn":[{"text":"Addition-Rotation-XOR","link":"https://csrc.nist.gov/glossary/term/addition_rotation_xor"}],"definitions":null},{"term":"AS","link":"https://csrc.nist.gov/glossary/term/as","abbrSyn":[{"text":"Access Strum","link":"https://csrc.nist.gov/glossary/term/access_strum"},{"text":"Attestation Service","link":"https://csrc.nist.gov/glossary/term/attestation_service"},{"text":"Authentication Server","link":"https://csrc.nist.gov/glossary/term/authentication_server"},{"text":"Authorization Server","link":"https://csrc.nist.gov/glossary/term/authorization_server"},{"text":"Autonomous System"}],"definitions":[{"text":"An Autonomous System specifies a network, mostly an organization that can own or announce network addresses to the Internet.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Autonomous System "}]}]},{"term":"As Secure As Reasonably Practicable","link":"https://csrc.nist.gov/glossary/term/as_secure_as_reasonably_practicable","abbrSyn":[{"text":"ASARP","link":"https://csrc.nist.gov/glossary/term/asarp"}],"definitions":null},{"term":"AS&W","link":"https://csrc.nist.gov/glossary/term/asandw","abbrSyn":[{"text":"Attack Sensing and Warning","link":"https://csrc.nist.gov/glossary/term/asw2"}],"definitions":null},{"term":"ASA","link":"https://csrc.nist.gov/glossary/term/asa","abbrSyn":[{"text":"Adaptive Security Appliance","link":"https://csrc.nist.gov/glossary/term/adaptive_security_appliance"}],"definitions":null},{"term":"ASARP","link":"https://csrc.nist.gov/glossary/term/asarp","abbrSyn":[{"text":"As Secure As Reasonably Practicable","link":"https://csrc.nist.gov/glossary/term/as_secure_as_reasonably_practicable"}],"definitions":null},{"term":"ASC","link":"https://csrc.nist.gov/glossary/term/asc","abbrSyn":[{"text":"Accredited Standards Committee","link":"https://csrc.nist.gov/glossary/term/accredited_standards_committee"},{"text":"The Accredited Standards Committee of the American National Standards Institute (ANSI)"},{"text":"The American National Standards Institute (ANSI) Accredited Standards Committee"}],"definitions":null},{"term":"ASCII","link":"https://csrc.nist.gov/glossary/term/ascii","abbrSyn":[{"text":"American Standard Code for Information Interchange","link":"https://csrc.nist.gov/glossary/term/american_standard_code_for_information_interchange"},{"text":"American Standard Code of Information Interchange"}],"definitions":null},{"term":"ASDSO","link":"https://csrc.nist.gov/glossary/term/asdso","abbrSyn":[{"text":"Association of State Dam Safety Officials","link":"https://csrc.nist.gov/glossary/term/association_of_state_dam_safety_officials"}],"definitions":null},{"term":"Asia-Pacific Economic Cooperation","link":"https://csrc.nist.gov/glossary/term/asia_pacific_economic_cooperation","abbrSyn":[{"text":"APEC","link":"https://csrc.nist.gov/glossary/term/apec"}],"definitions":null},{"term":"Asia-Pacific Network Information Centre","link":"https://csrc.nist.gov/glossary/term/asia_pacific_network_information_centre","abbrSyn":[{"text":"APNIC","link":"https://csrc.nist.gov/glossary/term/apnic"}],"definitions":[{"text":"The Regional Internet Registry for the Asia Pacific region that allocates and registers Internet resources in its region.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Asia Pacific Network Information Centre "}]}]},{"term":"ASIC","link":"https://csrc.nist.gov/glossary/term/asic","abbrSyn":[{"text":"Application Specific Integrated Circuit","link":"https://csrc.nist.gov/glossary/term/application_specific_integrated_circuit"},{"text":"Application-Specific Integrated Circuit"}],"definitions":null},{"term":"ASID","link":"https://csrc.nist.gov/glossary/term/asid","abbrSyn":[{"text":"Address Space IDentifier","link":"https://csrc.nist.gov/glossary/term/address_space_identifier"}],"definitions":null},{"term":"ASKDF","link":"https://csrc.nist.gov/glossary/term/askdf","abbrSyn":[{"text":"Application-Specific Key Derivation Functions","link":"https://csrc.nist.gov/glossary/term/application_specific_key_derivation_functions"}],"definitions":null},{"term":"ASLR","link":"https://csrc.nist.gov/glossary/term/aslr","abbrSyn":[{"text":"Address Space Layout Randomization","link":"https://csrc.nist.gov/glossary/term/address_space_layout_randomization"}],"definitions":null},{"term":"ASM","link":"https://csrc.nist.gov/glossary/term/asm","abbrSyn":[{"text":"Alaris System Maintenance","link":"https://csrc.nist.gov/glossary/term/alaris_system_maintenance"},{"text":"Authenticator-Specific Module","link":"https://csrc.nist.gov/glossary/term/authenticator_specific_module"}],"definitions":null},{"term":"ASMS","link":"https://csrc.nist.gov/glossary/term/asms","abbrSyn":[{"text":"Advanced Satellite Multimedia Systems Conference","link":"https://csrc.nist.gov/glossary/term/advanced_satellite_multimedia_systems_conference"}],"definitions":null},{"term":"ASN","link":"https://csrc.nist.gov/glossary/term/asn","abbrSyn":[{"text":"Autonomous System Number"}],"definitions":null},{"term":"ASN.1","link":"https://csrc.nist.gov/glossary/term/asn_1","abbrSyn":[{"text":"Abstract Syntax Notation One"}],"definitions":null},{"term":"ASP","link":"https://csrc.nist.gov/glossary/term/asp","abbrSyn":[{"text":"Active Server Pages","link":"https://csrc.nist.gov/glossary/term/active_server_pages"},{"text":"AMD Security Processor","link":"https://csrc.nist.gov/glossary/term/amd_security_processor"}],"definitions":null},{"term":"aspect","link":"https://csrc.nist.gov/glossary/term/aspect","definitions":[{"text":"The parts, features, and characteristics used to describe, consider, interpret, or assess something.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The subject or topic of an assessment element that is associated with a portion of the ISCM program under assessment.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"assembly","link":"https://csrc.nist.gov/glossary/term/assembly","definitions":[{"text":"An item forming a portion of an equipment, that can be provisioned and replaced as an entity and which normally incorporates replaceable parts and groups of parts.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD 4140.1-R","link":"https://www.esd.whs.mil/DD/"},{"text":"CNSSI 4033","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Assertion Reference","link":"https://csrc.nist.gov/glossary/term/assertion_reference","definitions":[{"text":"A data object, created in conjunction with an assertion, which identifies the Verifier and includes a pointer to the full assertion held by the Verifier.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"assessment","link":"https://csrc.nist.gov/glossary/term/assessment","abbrSyn":[{"text":"control assessment","link":"https://csrc.nist.gov/glossary/term/control_assessment"},{"text":"Privacy Control Assessment"},{"text":"risk assessment","link":"https://csrc.nist.gov/glossary/term/risk_assessment"},{"text":"Risk Assessment"},{"text":"security control assessment","link":"https://csrc.nist.gov/glossary/term/security_control_assessment"},{"text":"Security Control Assessment"}],"definitions":[{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. A part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - adapted"}]}]},{"text":"An evidence-based evaluation and judgement on the nature, characteristics, quality, effectiveness, intent, impact, or capabilities of an item, organization, group, policy, activity, or person."},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - adapted"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, images, and reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under risk assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Risk Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security control assessment ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessment "}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessment "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Overall process of risk identification, risk analysis, and risk evaluation.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under risk assessment "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \r\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"See Security Control Assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessment "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessment "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"See risk analysis","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under risk assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Assessment "}]},{"text":"See Security Control Assessment or Privacy Control Assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment "}]},{"text":"The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Risk Assessment "},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Risk Assessment "}]},{"text":"Assessment in this context means a formal process of assessing the implementation and reliable use of issuer controls using various methods of assessment (e.g., interviews, document reviews, observations) that support the assertion that an issuer is reliably meeting the requirements of [FIPS 201-2].","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessment (as applied to an issuer) "}]},{"text":"An evaluation of the amount of entropy provided by a (digitized) noise source and/or the entropy source that employs it.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Assessment (of entropy) "}]},{"text":"See control assessment or risk assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The testing or evaluation of the controls in an information system or an organization to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security or privacy requirements for the system or the organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under control assessment "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under control assessment ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under control assessment ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"See security control assessment or risk assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Risk Assessment "},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The testing or evaluation of privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements for an information system or organization.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Privacy Control Assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"The vehicle or template or worksheet that is used for each evaluation.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"The process of identifying risks to organizational operations\n(including mission, functions, image, reputation), organizational\nassets, individuals, other organizations, and the Nation, resulting\nfrom the operation of an information system. Part of risk\nmanagement, incorporates threat and vulnerability analyses,\nand considers mitigations provided by security controls planned\nor in place.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - Adapted"}]}]},{"text":"Risk management includes threat and vulnerability analyses as well as analyses of adverse effects on individuals arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under risk assessment ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under risk assessment ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses and analyses of privacy problems arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.","sources":[{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 1800-11B","link":"https://doi.org/10.6028/NIST.SP.1800-11","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 1800-30B","link":"https://doi.org/10.6028/NIST.SP.1800-30","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 1800-34B","link":"https://doi.org/10.6028/NIST.SP.1800-34","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact.\nPart of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"See risk analysis.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under risk assessment "}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under security control assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"Assessment and Authorization","link":"https://csrc.nist.gov/glossary/term/assessment_and_authorization","abbrSyn":[{"text":"A&A","link":"https://csrc.nist.gov/glossary/term/aanda"}],"definitions":null},{"term":"Assessment and Deployment Kit","link":"https://csrc.nist.gov/glossary/term/assessment_and_deployment_kit","abbrSyn":[{"text":"ADK","link":"https://csrc.nist.gov/glossary/term/adk"}],"definitions":null},{"term":"assessment approach","link":"https://csrc.nist.gov/glossary/term/assessment_approach","definitions":[{"text":"The approach used to assess risk and its contributing risk factors, including quantitatively, qualitatively, or semi-quantitatively.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessment Approach "}]}]},{"term":"Assessment Boundary","link":"https://csrc.nist.gov/glossary/term/assessment_boundary","definitions":[{"text":"The scope of (assessment objects included in) an organization’s ISCM implementation to which assessment of objects is applied. Typically, assessment boundary includes an entire network to its outside perimeter.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Assessment Completeness","link":"https://csrc.nist.gov/glossary/term/assessment_completeness","definitions":[{"text":"The degree to which the continuous monitoring-generated, security-related information is collected on all assessment objects for all applicable defect checks within a defined period of time.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Assessment Criterion/Criteria","link":"https://csrc.nist.gov/glossary/term/assessment_criterion","definitions":[{"text":"A rule (or rules) of logic to allow the automated or manual detection of defects. Typically, the assessment criterion in ISCM defines what in the desired state specification is compared to what in the actual state and the conditions that indicate a defect.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"assessment element","link":"https://csrc.nist.gov/glossary/term/assessment_element","definitions":[{"text":"A specific ISCM concept to be evaluated in the context of a specific ISCM Process Step.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"},{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"assessment element attribute","link":"https://csrc.nist.gov/glossary/term/assessment_element_attribute","definitions":[{"text":"An item of information that is specifically applicable to an assessment element, such as the source for the assessment element or risk management level to which the element applies.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"assessment element text","link":"https://csrc.nist.gov/glossary/term/assessment_element_text","definitions":[{"text":"A statement that should be true for a well-implemented ISCM program. This statement is the evaluation criteria part of an assessment element.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"assessment findings","link":"https://csrc.nist.gov/glossary/term/assessment_findings","definitions":[{"text":"Assessment results produced by the application of an assessment procedure to a security control or control enhancement to achieve an assessment objective; the execution of a determination statement within an assessment procedure by an assessor that results in either a satisfied or other than satisfied condition.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Findings ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"Assessment results produced by the application of an assessment procedure to a security control, privacy control, or control enhancement to achieve an assessment objective; the execution of a determination statement within an assessment procedure by an assessor that results in either a satisfied or other than satisfied condition.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Findings "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessment Findings "}]}]},{"term":"assessment method","link":"https://csrc.nist.gov/glossary/term/assessment_method","definitions":[{"text":"One of three types of actions (i.e., examine, interview, test) taken by assessors in obtaining evidence during an assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Method "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessment Method "}]},{"text":"One of three types of actions (examine, interview, test) taken by assessors in obtaining evidence during an assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Method ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"A focused activity or action employed by an Assessor for evaluating a particular issuer control.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessment Method "}]}]},{"term":"assessment object","link":"https://csrc.nist.gov/glossary/term/assessment_object","abbrSyn":[{"text":"Object, Assessment","link":"https://csrc.nist.gov/glossary/term/object_assessment"}],"definitions":[{"text":"The item (i.e., specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Object "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The item (specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Object ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"See Object, Assessment.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Assessment Object "}]},{"text":"Assessment objects identify the specific items being assessed, and as such, can have one or more security defects. Assessment objects include specifications, mechanisms, activities, and individuals which in turn may include, but are not limited to, devices, software products, software executables, credentials, accounts, account-privileges, things to which privileges are granted (including data and physical facilities), etc. See SP 800-53A.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Object, Assessment "}]}]},{"term":"assessment objective","link":"https://csrc.nist.gov/glossary/term/assessment_objective","definitions":[{"text":"A set of determination statements that expresses the desired outcome for the assessment of a security control or control enhancement.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Objective ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"A set of determination statements that expresses the desired outcome for the assessment of a security control, privacy control, or control enhancement.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Objective "},{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessment Objective "}]}]},{"term":"assessment plan","link":"https://csrc.nist.gov/glossary/term/assessment_plan","definitions":[{"text":"The objectives for the control assessments and a detailed roadmap of how to conduct such assessments.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"assessment procedure","link":"https://csrc.nist.gov/glossary/term/assessment_procedure","definitions":[{"text":"A set of assessment objectives and an associated set of assessment methods and assessment objects.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Procedure ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Procedure "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessment Procedure "}]},{"text":"A set of activities or actions employed by an Assessor to determine the extent that an issuer control is implemented.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessment Procedure "}]}]},{"term":"Assessment Timeliness","link":"https://csrc.nist.gov/glossary/term/assessment_timeliness","definitions":[{"text":"The degree to which the continuous monitoring-generated, security-related information is collected within the specified period of time (or frequency).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"assessor","link":"https://csrc.nist.gov/glossary/term/assessor","abbrSyn":[{"text":"Privacy Control Assessor","link":"https://csrc.nist.gov/glossary/term/privacy_control_assessor"},{"text":"risk assessor","link":"https://csrc.nist.gov/glossary/term/risk_assessor"},{"text":"Risk Assessor"},{"text":"security control assessor"},{"text":"Security Control Assessor"}],"definitions":[{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a risk assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under risk assessor ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Assessor ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"The individual, group, or organization responsible for conducting a security control assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessor ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessor "}]},{"text":"See Security Control Assessor.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"See Security Control Assessor or Privacy Control Assessor.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Privacy Control Assessor "}]},{"text":"The individual responsible for conducting assessment activities under the guidance and direction of a Designated Authorizing Official. The Assessor is a 3rd party.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"See security control assessor or risk assessor.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}],"seeAlso":[{"text":"control assessor","link":"control_assessor"}]},{"term":"asset","link":"https://csrc.nist.gov/glossary/term/asset","definitions":[{"text":"

A distinguishable entity that provides a service or capability. Assets are people, physical entities, or information located either within or outside the United States and employed, owned, or operated by domestic, 

foreign, public, or private sector organizations.

"},{"text":"Anything that has value to a person or organization.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An item of value to stakeholders. An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation). The value of an asset is determined by stakeholders in consideration of loss concerns across the entire system life cycle. Such concerns include but are not limited to business or mission concerns.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Anything that has value to an organization, including, but not limited to, another organization, person, computing device, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards).","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Asset "},{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694","underTerm":" under Asset "}]},{"text":"Resources of value that an organization possesses or employs.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Asset "}]},{"text":"Anything that can be transferred.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Assets "}]},{"text":"The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Assets ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"An item of value to achievement of organizational mission/business objectives. \nNote 1: Assets have interrelated characteristics that include value, criticality, and the degree to which they are relied upon to achieve organizational mission/business objectives. From these characteristics, appropriate protections are to be engineered into solutions employed by the organization. \nNote 2: An asset may be tangible (e.g., physical item such as hardware, software, firmware, computing platform, network device, or other technology components) or intangible (e.g., information, data, trademark, copyright, patent, intellectual property, image, or reputation).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"An item of value to achievement of organizational mission/business objectives.\nNote 1: Assets have interrelated characteristics that include value, criticality, and the degree to which they are relied upon to achieve organizational mission/business objectives. From these characteristics, appropriate protections are to be engineered into solutions employed by the organization.\nNote 2: An asset may be tangible (e.g., physical item such as hardware, software, firmware, computing platform, network device, or other technology components) or intangible (e.g., information, data, trademark, copyright, patent, intellectual property, image, or reputation).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Asset Framework","link":"https://csrc.nist.gov/glossary/term/asset_framework","abbrSyn":[{"text":"AF","link":"https://csrc.nist.gov/glossary/term/af"}],"definitions":null},{"term":"asset identification","link":"https://csrc.nist.gov/glossary/term/asset_identification","abbrSyn":[{"text":"AI","link":"https://csrc.nist.gov/glossary/term/ai"}],"definitions":[{"text":"SCAP constructs to uniquely identify assets (components) based on known identifiers and/or known information about the assets.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Asset Identification "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"The use of attributes and methods to uniquely identify an asset.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Asset Identification "}]},{"text":"The attributes and methods necessary for uniquely identifying a given asset. A full explanation of asset identification is provided in [NISTIR 7693].","sources":[{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694","underTerm":" under Asset Identification "}]}]},{"term":"Asset Identification Element","link":"https://csrc.nist.gov/glossary/term/asset_identification_element","definitions":[{"text":"A complete, bound expression of an asset identification using the constructs defined in this specification.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Asset Report","link":"https://csrc.nist.gov/glossary/term/asset_report","definitions":[{"text":"A collection of content (or link to content) about an asset.","sources":[{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694"}]}]},{"term":"Asset Report Request","link":"https://csrc.nist.gov/glossary/term/asset_report_request","definitions":[{"text":"A collection of structured information used as input to generate an asset report. An asset report request may be of any format and may have different contexts depending on the nature of the request. For instance, the request may be written in a control language that dictates how the request is to be propagated and executed. The request may also be written as a formal definition without reference to how the request is to be executed. The request may also be a prose description that must be interpreted and executed by a person. These examples are not exhaustive.","sources":[{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694"}]}]},{"term":"asset reporting format","link":"https://csrc.nist.gov/glossary/term/asset_reporting_format","abbrSyn":[{"text":"ARF","link":"https://csrc.nist.gov/glossary/term/arf"}],"definitions":[{"text":"SCAP data model for expressing the transport format of information about assets (components) and the relationships between assets and reports.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A format for expressing the transport format of information about assets and the relationships between assets and reports.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]}]},{"term":"Asset Reporting Format Report","link":"https://csrc.nist.gov/glossary/term/asset_reporting_format_report","definitions":[{"text":"The collection of all assets, report requests, reports, and relationships for a given instance of ARF.","sources":[{"text":"NISTIR 7694","link":"https://doi.org/10.6028/NIST.IR.7694"}]}]},{"term":"Asset Tag","link":"https://csrc.nist.gov/glossary/term/asset_tag","definitions":[{"text":"Simple key value attributes that are associated with a platform (e.g., location, company name, division, or department).","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"assignment operation","link":"https://csrc.nist.gov/glossary/term/assignment_operation","definitions":[{"text":"See organization-defined parameters and selection operation.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A control parameter that allows an organization to assign a specific, organization-defined value to the control or control enhancement (e.g., assigning a list of roles to be notified or a value for the frequency of testing).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"See organization-defined control parameters and selection operation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"term":"assignment statement","link":"https://csrc.nist.gov/glossary/term/assignment_statement","definitions":[{"text":"A control parameter that allows an organization to assign a specific, organization-defined value to the control or control enhancement (e.g., assigning a list of roles to be notified or a value for the frequency of testing). See organization-defined control parameters and selection statement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Associated Data","link":"https://csrc.nist.gov/glossary/term/associated_data","abbrSyn":[{"text":"AD","link":"https://csrc.nist.gov/glossary/term/ad"}],"definitions":[{"text":"Input data to the CCM generation-encryption process that is authenticated but not encrypted.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Association","link":"https://csrc.nist.gov/glossary/term/association","definitions":[{"text":"A relationship for a particular purpose. For example, a key is associated with the application or process for which it will be used.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A relationship for a particular purpose; for example, a key is associated with the application or process for which it will be used.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Association for Advancing Automation","link":"https://csrc.nist.gov/glossary/term/association_for_advancing_automation","abbrSyn":[{"text":"A3","link":"https://csrc.nist.gov/glossary/term/a3"}],"definitions":null},{"term":"Association for Automatic Identification and Mobility","link":"https://csrc.nist.gov/glossary/term/association_for_automatic_identification_and_mobility","abbrSyn":[{"text":"AIM","link":"https://csrc.nist.gov/glossary/term/aim"}],"definitions":null},{"term":"Association for the Advancement of Medical Instrumentation","link":"https://csrc.nist.gov/glossary/term/association_for_the_advancement_of_medical_instrumentation","abbrSyn":[{"text":"AAMI","link":"https://csrc.nist.gov/glossary/term/aami"}],"definitions":null},{"term":"Association of Metropolitan Water Agencies","link":"https://csrc.nist.gov/glossary/term/association_of_metropolitan_water_agencies","abbrSyn":[{"text":"AMWA","link":"https://csrc.nist.gov/glossary/term/amwa"}],"definitions":null},{"term":"Association of Public Safety Communications Officials","link":"https://csrc.nist.gov/glossary/term/association_of_public_safety_communications_officials","abbrSyn":[{"text":"APCO","link":"https://csrc.nist.gov/glossary/term/apco"}],"definitions":null},{"term":"Association of State Dam Safety Officials","link":"https://csrc.nist.gov/glossary/term/association_of_state_dam_safety_officials","abbrSyn":[{"text":"ASDSO","link":"https://csrc.nist.gov/glossary/term/asdso"}],"definitions":null},{"term":"Assumption","link":"https://csrc.nist.gov/glossary/term/assumption","definitions":[{"text":"This term is used to indicate the conditions that are required to be true when an approved key-establishment scheme is executed in accordance with this Recommendation.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Used to indicate the conditions that are required to be true when an approved key-establishment scheme is executed in accordance with this Recommendation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"assurance","link":"https://csrc.nist.gov/glossary/term/assurance","abbrSyn":[{"text":"Security Assurance","link":"https://csrc.nist.gov/glossary/term/security_assurance"}],"definitions":[{"text":"Grounds for justified confidence that a [security or privacy] claim has been or will be achieved.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assurance ","refSources":[{"text":"ISO/IEC 15026-1:2019","note":" - Adapted"}]}]},{"text":"Grounds for justified confidence that a claim has been or will be achieved.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 15026-1:2019"}]}]},{"text":"Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assurance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assurance ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The grounds for confidence that the set of intended security controls in an information system are effective in their application.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" - Adapted"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assurance ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assurance "}]},{"text":"Grounds for confidence that the set of intended security controls in an information system are effective in their application.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assurance ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Assurance ","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Grounds for confidence that the other four security objectives (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"See Assurance.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Assurance "}]},{"text":"The grounds for confidence that the set of intended security controls or privacy controls in an information system or organization are effective in their application.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assurance "}]},{"text":"Grounds for justified confidence that a [security or privacy] claim has been or will be achieved.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"ISO/IEC 15026-1:2019","note":" - adapted"}]}]},{"text":"Grounds for justified confidence that a [security or privacy] claim has been or will be achieved. Note 1: Assurance is typically obtained relative to a set of specific claims. The scope and focus of such claims may vary (e.g., security claims, safety claims) and the claims themselves may be interrelated. Note 2: Assurance is obtained through techniques and methods that generate credible evidence to substantiate claims.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"ISO/IEC 15026-1:2019","note":" - Adapted"}]}]},{"text":"Grounds for justified confidence that a [security or privacy] claim has been or will be achieved. Note 1: Assurance is typically obtained relative to a set of specific claims. The scope and focus of such claims may vary (e.g., security claims, safety claims), and the claims themselves may be interrelated. Note 2: Assurance is obtained through techniques and methods that generate credible evidence to substantiate claims.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"The grounds for confidence that an entity meets its security objectives.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Assurance "}]},{"text":"In the context of OMB M-04-04 and this document, assurance is defined as 1) the degree of confidence in the vetting process used to establish the identity of an individual to whom the credential was issued, and 2) the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Assurance "}]},{"text":"Grounds for justified confidence that a claim has been or will be achieved. \nNote 1: Assurance is typically obtained relative to a set of specific claims. The scope and focus of such claims may vary (e.g., security claims, safety claims) and the claims themselves may be interrelated. \nNote 2: Assurance is obtained through techniques and methods that generate credible evidence to substantiate claims.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 15026"}]}]},{"text":"Grounds for justified confidence that a claim has been or will be achieved.\nNote 1: Assurance is typically obtained relative to a set of specific claims. The scope and focus of such claims may vary (e.g., security claims, safety claims) and the claims themselves may be interrelated.\nNote 2: Assurance is obtained through techniques and methods that generate credible evidence to substantiate claims.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 15026"}]}]}]},{"term":"assurance case","link":"https://csrc.nist.gov/glossary/term/assurance_case","definitions":[{"text":"A structured set of arguments and a body of evidence showing that a system satisfies specific claims with respect to a given quality attribute.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"SEI Arguing Security","link":"https://resources.sei.cmu.edu/asset_files/WhitePaper/2013_019_001_293637.pdf"}]}]},{"text":"A structured set of arguments and a body of evidence showing that an information system satisfies specific claims with respect to a given quality attribute.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assurance Case ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assurance Case ","refSources":[{"text":"Software Engineering Institute, Carnegie Mellon University","link":"https://www.sei.cmu.edu/"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assurance Case ","refSources":[{"text":"Software Engineering Institute, Carnegie Mellon University","link":"https://www.sei.cmu.edu/"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assurance Case ","refSources":[{"text":"Software Engineering Institute, Carnegie Mellon University","link":"https://www.sei.cmu.edu/"}]}]},{"text":"A reasoned, auditable artifact created that supports the contention that its top-level claim (or set of claims), is satisfied, including systematic argumentation and its underlying evidence and explicit assumptions that support the claim(s).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 15026"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 15026-1:2019"}]}]}]},{"term":"assurance evidence","link":"https://csrc.nist.gov/glossary/term/assurance_evidence","definitions":[{"text":"The information upon which decisions regarding assurance, trustworthiness, and risk of the solution are substantiated.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The information upon which decisions regarding assurance, trustworthiness, and risk of the solution are substantiated. \nNote: Assurance evidence is specific to an agreed-to set of claims. The security perspective focuses on assurance evidence for security-relevant claims whereas other engineering disciplines may have their own focus (e.g., safety).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"The information upon which decisions regarding assurance, trustworthiness, and risk of the solution are substantiated.\nNote: Assurance evidence is specific to an agreed-to set of claims. The security perspective focuses on assurance evidence for security-relevant claims whereas other engineering disciplines may have their own focus (e.g., safety).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Assurance message","link":"https://csrc.nist.gov/glossary/term/assurance_message","abbrSyn":[{"text":"private-key-possession assurance message","link":"https://csrc.nist.gov/glossary/term/private_key_possession_assurance_message"}],"definitions":[{"text":"See private-key-possession assurance message.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Assurance of domain parameter validity","link":"https://csrc.nist.gov/glossary/term/assurance_of_domain_parameter_validity","definitions":[{"text":"Confidence that the domain parameters are arithmetically correct.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"Assurance of the arithmetic validity of the domain parameters.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"assurance of integrity","link":"https://csrc.nist.gov/glossary/term/assurance_of_integrity","abbrSyn":[{"text":"integrity","link":"https://csrc.nist.gov/glossary/term/integrity"}],"definitions":[{"text":"Quality of being complete and unaltered.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under integrity ","refSources":[{"text":"ISO 13008:2012","link":"https://www.iso.org/standard/52326.html"}]}]},{"text":"A measure of the trust that can be placed in the correctness of the information supplied by a PNT service provider. Integrity includes the ability of the system to provide timely warnings to users when the PNT data should not be used.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under integrity ","refSources":[{"text":"USG FRP (2019)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under integrity ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]},{"text":"A measure of the trust that can be placed in the correctness of the information supplied by an HSN service provider. Integrity includes the ability of the system to provide timely warnings to users when the HSN data should not be used.","sources":[{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under integrity ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]},{"text":"The property that data or information have not been altered or destroyed in an unauthorized manner.","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","underTerm":" under integrity ","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §164.304"}]}]},{"text":"Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"The property that protected data has not been modified or deleted in an unauthorized and undetected manner.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under integrity "}]},{"text":"Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under integrity ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under integrity ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under integrity ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under integrity ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"The security objective that generates the requirement for protection against either intentional or accidental attempts to violate data integrity (the property that data has not been altered in an unauthorized manner) or system integrity (the quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation).","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under integrity "}]},{"text":"The security goal that generates the requirement for protection against either intentional or accidental attempts to violate data integrity (the property that data has not been altered in an unauthorized manner) or system integrity (the quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation).","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under integrity "}]}]},{"term":"Assurance of possession","link":"https://csrc.nist.gov/glossary/term/assurance_of_possession","definitions":[{"text":"Confidence that an entity possesses a private key and any associated keying material.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"Assurance that the owner or claimed signatory actually possesses the private signature key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Assurance of public key validity","link":"https://csrc.nist.gov/glossary/term/assurance_of_public_key_validity","definitions":[{"text":"Confidence that the public key is arithmetically correct.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"Assurance of the arithmetic validity of the public key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Assurance of validity","link":"https://csrc.nist.gov/glossary/term/assurance_of_validity","definitions":[{"text":"Confidence that either a key or a set of domain parameters is arithmetically correct.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Confidence that a public key or domain parameter is arithmetically correct.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"Confidence that an RSA key pair is arithmetically correct.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Confidence that either a key or a key pair is arithmetically correct.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Assurance- signature","link":"https://csrc.nist.gov/glossary/term/assurance__signature","definitions":[{"text":"A digital signature on a private-key-possession assurance message.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"assurance_time","link":"https://csrc.nist.gov/glossary/term/assurance_time","definitions":[{"text":"The time at which assurance of possession is obtained.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"assured information sharing","link":"https://csrc.nist.gov/glossary/term/assured_information_sharing","definitions":[{"text":"The ability to confidently share information with those who need it, when and where they need it, as determined by operational need and an acceptable level of security risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"assured software","link":"https://csrc.nist.gov/glossary/term/assured_software","definitions":[{"text":"Computer application that has been designed, developed, analyzed and tested using processes, tools, and techniques that establish a level of confidence in it.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"AST","link":"https://csrc.nist.gov/glossary/term/ast","abbrSyn":[{"text":"application security testing","link":"https://csrc.nist.gov/glossary/term/application_security_testing"},{"text":"Office of Commercial Space Transportation","link":"https://csrc.nist.gov/glossary/term/office_of_commercial_space_transportation"}],"definitions":null},{"term":"ASTM","link":"https://csrc.nist.gov/glossary/term/astm","abbrSyn":[{"text":"American Society for Testing and Materials","link":"https://csrc.nist.gov/glossary/term/american_society_for_testing_and_materials"}],"definitions":null},{"term":"asymmetric cryptography","link":"https://csrc.nist.gov/glossary/term/asymmetric_cryptography","abbrSyn":[{"text":"public key cryptography (PKC)","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography"}],"definitions":[{"text":"Encryption system that uses a public-private key pair for encryption and/or digital signature.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under public key cryptography (PKC) "}]},{"text":"See public key cryptography (PKC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Cryptography that uses separate keys for encryption and decryption; also known as public key cryptography.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Asymmetric Cryptography "}]},{"text":"Cryptography that uses two separate keys to exchange data, one to encrypt or digitally sign the data and one for decrypting the data or verifying the digital signature. Also known as public key cryptography.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1","underTerm":" under Asymmetric Cryptography "}]}]},{"term":"Asymmetric-key cryptography","link":"https://csrc.nist.gov/glossary/term/asymmetric_key_cryptography","abbrSyn":[{"text":"Public key cryptography"}],"definitions":[{"text":"A cryptographic system where users have a private key that is kept secret and used to generate a public key (which is freely provided to others). Users can digitally sign data with their private key and the resulting signature can be verified by anyone using the corresponding public key. Also known as a Public-key cryptography.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"See Asymmetric-key cryptography.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Public key cryptography "}]}]},{"term":"Asymptotic Analysis","link":"https://csrc.nist.gov/glossary/term/asymptotic_analysis","definitions":[{"text":"A statistical technique that derives limiting approximations for functions of interest.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Asymptotic Distribution","link":"https://csrc.nist.gov/glossary/term/asymptotic_distribution","definitions":[{"text":"The limiting distribution of a test statistic arising when n approaches infinity.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Asynchronous Connection-Less","link":"https://csrc.nist.gov/glossary/term/asynchronous_connection_less","abbrSyn":[{"text":"ACL","link":"https://csrc.nist.gov/glossary/term/acl"}],"definitions":null},{"term":"Asynchronous JavaScript and XML","link":"https://csrc.nist.gov/glossary/term/asynchronous_javascript_and_xml","abbrSyn":[{"text":"AJAX","link":"https://csrc.nist.gov/glossary/term/ajax"}],"definitions":null},{"term":"Asynchronous Transfer Mode","link":"https://csrc.nist.gov/glossary/term/asynchronous_transfer_mode","abbrSyn":[{"text":"ATM","link":"https://csrc.nist.gov/glossary/term/atm"}],"definitions":null},{"term":"AT","link":"https://csrc.nist.gov/glossary/term/at","abbrSyn":[{"text":"anti-tamper","link":"https://csrc.nist.gov/glossary/term/anti_tamper"},{"text":"Anti-tampering","link":"https://csrc.nist.gov/glossary/term/anti_tampering"},{"text":"Awareness and Training","link":"https://csrc.nist.gov/glossary/term/awareness_and_training"}],"definitions":[{"text":"Systems engineering activities intended to prevent physical manipulation or delay exploitation of critical program information in U.S. defense systems in domestic and export configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under anti-tamper ","refSources":[{"text":"DoDI 5200.39","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under anti-tamper ","refSources":[{"text":"DoDI 5200.39","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"ATA","link":"https://csrc.nist.gov/glossary/term/ata","abbrSyn":[{"text":"Advanced Technology Attachment","link":"https://csrc.nist.gov/glossary/term/advanced_technology_attachment"}],"definitions":[{"text":"Magnetic media interface specification. Also known as “IDE” –IntegratedDrive Electronics.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"ATARC","link":"https://csrc.nist.gov/glossary/term/atarc","abbrSyn":[{"text":"Advanced Technology Academic Research Center","link":"https://csrc.nist.gov/glossary/term/advanced_technology_academic_research_center"}],"definitions":null},{"term":"ATC","link":"https://csrc.nist.gov/glossary/term/atc","abbrSyn":[{"text":"Approval to Connect","link":"https://csrc.nist.gov/glossary/term/approval_to_connect"}],"definitions":null},{"term":"ATIM","link":"https://csrc.nist.gov/glossary/term/atim","abbrSyn":[{"text":"Announcement Traffic Indication Message","link":"https://csrc.nist.gov/glossary/term/announcement_traffic_indication_message"}],"definitions":null},{"term":"ATIS","link":"https://csrc.nist.gov/glossary/term/atis","abbrSyn":[{"text":"Alliance for Telecommunications Industry Solutions","link":"https://csrc.nist.gov/glossary/term/alliance_for_telecommunications_industry_solutions"}],"definitions":null},{"term":"ATM","link":"https://csrc.nist.gov/glossary/term/atm","abbrSyn":[{"text":"Asynchronous Transfer Mode","link":"https://csrc.nist.gov/glossary/term/asynchronous_transfer_mode"}],"definitions":null},{"term":"ATO","link":"https://csrc.nist.gov/glossary/term/ato","abbrSyn":[{"text":"Air Traffic Organization","link":"https://csrc.nist.gov/glossary/term/air_traffic_organization"},{"text":"approval to operate","link":"https://csrc.nist.gov/glossary/term/approval_to_operate"},{"text":"Approval to Operate"},{"text":"Authority to Operate","link":"https://csrc.nist.gov/glossary/term/authority_to_operate"},{"text":"Authorization to Operate"}],"definitions":[{"text":"The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under approval to operate "}]},{"text":"seeCertificationandAccreditation.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Approval to Operate "}]},{"text":"Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"atomic clock","link":"https://csrc.nist.gov/glossary/term/atomic_clock","definitions":[{"text":"A clock referenced to an atomic oscillator. Only clocks with an internal atomic oscillator qualify as atomic clocks.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"atomic oscillator","link":"https://csrc.nist.gov/glossary/term/atomic_oscillator","definitions":[{"text":"An oscillator that uses the quantized energy levels in atoms or molecules as the source of its resonance. The laws of quantum mechanics dictate that the energies of a bound system, such as an atom, have certain discrete values. An electromagnetic field at a particular frequency can boost an atom from one energy level to a higher one, or an atom at a high energy level can drop to a lower level by emitting energy. The resonance frequency, fo, of an atomic oscillator is the difference between the two energy levels divided by Planck’s constant, h.\n\nThe principle underlying the atomic oscillator is that since all atoms of a specific element are identical, they should produce exactly the same frequency when they absorb or release energy. In theory, the atom is a perfect “pendulum” whose oscillations are counted to measure a time interval. The national frequency standards developed by NIST and other laboratories derive their resonance frequency from the cesium atom and typically use cesium fountain technology. Rubidium oscillators are the lowest priced and most common atomic oscillators, but cesium beam and hydrogen maser atomic oscillators are also sold commercially in much smaller quantities.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Atomic Swap","link":"https://csrc.nist.gov/glossary/term/atomic_swap","definitions":[{"text":"An exchange of tokens that does not involve the intervention of any trusted intermediary and automatically reverts if all of the provisions are not met.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"ATP","link":"https://csrc.nist.gov/glossary/term/atp","abbrSyn":[{"text":"Advanced Threat Protection","link":"https://csrc.nist.gov/glossary/term/advanced_threat_protection"}],"definitions":null},{"term":"ATP:N","link":"https://csrc.nist.gov/glossary/term/atp_n","abbrSyn":[{"text":"Advanced Threat Protection: Network","link":"https://csrc.nist.gov/glossary/term/advanced_threat_protection_network"}],"definitions":null},{"term":"ATR","link":"https://csrc.nist.gov/glossary/term/atr","abbrSyn":[{"text":"Answer to Reset","link":"https://csrc.nist.gov/glossary/term/answer_to_reset"}],"definitions":null},{"term":"ATT","link":"https://csrc.nist.gov/glossary/term/att","abbrSyn":[{"text":"Attribute Protocol","link":"https://csrc.nist.gov/glossary/term/attribute_protocol"}],"definitions":null},{"term":"ATT&CK","link":"https://csrc.nist.gov/glossary/term/attandck","abbrSyn":[{"text":"Adversarial Tactics, Techniques & Common Knowledge","link":"https://csrc.nist.gov/glossary/term/adversarial_tactics_techniques_and_common_knowledge"},{"text":"Adversarial Tactics, Techniques, and Common Knowledge"}],"definitions":null},{"term":"Attack Sensing and Warning","link":"https://csrc.nist.gov/glossary/term/asw2","abbrSyn":[{"text":"AS&W","link":"https://csrc.nist.gov/glossary/term/asandw"}],"definitions":null},{"term":"attack sensing and warning","link":"https://csrc.nist.gov/glossary/term/attack_sensing_and_warning1","definitions":[{"text":"Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"attack signature","link":"https://csrc.nist.gov/glossary/term/attack_signature","definitions":[{"text":"A specific sequence of events indicative of an unauthorized access attempt.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-12","link":"https://doi.org/10.6028/NIST.SP.800-12"}]}]}],"seeAlso":[{"text":"signature","link":"signature"}]},{"term":"attack surface","link":"https://csrc.nist.gov/glossary/term/attack_surface","definitions":[{"text":"The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"GAO-19-128","link":"https://www.gao.gov/assets/700/694913.pdf","note":" - Adapted, based on SP 800-53"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"GAO-19-128","link":"https://www.gao.gov/assets/700/694913.pdf"}]}]},{"text":"The set of points on the boundary of a system, a system component, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, component, or environment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"attack tree","link":"https://csrc.nist.gov/glossary/term/attack_tree","definitions":[{"text":"A branching, hierarchical data structure that represents a set of potential approaches to achieving an event in which system security is penetrated or compromised in a specified way.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"attacker","link":"https://csrc.nist.gov/glossary/term/attacker","definitions":[{"text":"A person who seeks to exploit potential vulnerabilities of a system.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"A party, including an insider, who acts with malicious intent to compromise a system.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Attacker "}]},{"text":"person seeking to exploit potential vulnerabilities of a system","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]},{"text":"A party who acts with malicious intent to compromise an information system.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Attacker "}]}]},{"term":"attended","link":"https://csrc.nist.gov/glossary/term/attended","definitions":[{"text":"Under continuous positive control of personnel authorized for access or use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - NSA/CSS Manual Number 3-16 (COMSEC) "}]}]}]},{"term":"attestation","link":"https://csrc.nist.gov/glossary/term/attestation","definitions":[{"text":"The issue of a statement, based on a decision, that fulfillment of specified requirements has been demonstrated.","sources":[{"text":"Software Supply Chain Security Guidance EO 14028","link":"https://www.nist.gov/system/files/documents/2022/02/04/software-supply-chain-security-guidance-under-EO-14028-section-4e.pdf","refSources":[{"text":"ISO/IEC 17000:2020","link":"https://www.iso.org/standard/73029.html"}]}]},{"text":"The process of providing a digital signature for a set of measurements securely stored in hardware, and then having the requester validate the signature and the set of measurements.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19","underTerm":" under Attestation "}]}]},{"term":"Attestation Certificate Authority","link":"https://csrc.nist.gov/glossary/term/attestation_certificate_authority","abbrSyn":[{"text":"ACA","link":"https://csrc.nist.gov/glossary/term/aca"}],"definitions":null},{"term":"Attestation Identity Credential","link":"https://csrc.nist.gov/glossary/term/attestation_identity_credential","abbrSyn":[{"text":"AIC","link":"https://csrc.nist.gov/glossary/term/aic"}],"definitions":null},{"term":"Attestation Identity Key","link":"https://csrc.nist.gov/glossary/term/attestation_identity_key","abbrSyn":[{"text":"AIK","link":"https://csrc.nist.gov/glossary/term/aik"}],"definitions":null},{"term":"Attestation Service","link":"https://csrc.nist.gov/glossary/term/attestation_service","abbrSyn":[{"text":"AS","link":"https://csrc.nist.gov/glossary/term/as"}],"definitions":null},{"term":"attribute","link":"https://csrc.nist.gov/glossary/term/attribute","abbrSyn":[{"text":"Key attribute","link":"https://csrc.nist.gov/glossary/term/key_attribute"}],"definitions":[{"text":"Characteristic or property of an entity that can be used to describe its state, appearance, or other aspect.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]},{"text":"An attribute is any distinctive feature, characteristic, or property of an object that can be identified or isolated quantitatively or qualitatively by either human or automated means.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 27000"}]}]},{"text":"A distinct characteristic of an object often specified in terms of their physical traits, such as size, shape, weight, and color, etc., for real -world objects. Objects in cyberspace might have attributes describing size, type of encoding, network address, etc.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Attribute ","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"A quality or characteristic ascribed to someone or something.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Attribute "}]},{"text":"characteristic or property of an entity that can be used to describe its state, appearance, or other aspect","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]},{"text":"A property or characteristic of a computing product. CPE 2.2 commonly used the term “component” instead of “attribute”. CPE 2.3 uses the term “attribute” to clarify the distinction between CPE:2.2 name “components” and computing components, such as software modules. Examples of CPE:2.3 attributes are part, vendor, product, and version. CPE attributes and their value constraints are defined in the CPE Naming specification [CPE23-N:5.2, 5.3].","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696","underTerm":" under Attribute "}]},{"text":"Information associated with a key that is not used in cryptographic algorithms, but is required to implement applications and applications protocols.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Attribute "}]},{"text":"See Attribute","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key attribute "}]},{"text":"A claim of a named quality or characteristic inherent in or ascribed to someone or something. (See term in [ICAM] for more information.)","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Attribute "}]}]},{"term":"Attribute Administration Point","link":"https://csrc.nist.gov/glossary/term/attribute_administration_point","abbrSyn":[{"text":"AAP","link":"https://csrc.nist.gov/glossary/term/aap"}],"definitions":null},{"term":"Attribute and Authorization Services Committee","link":"https://csrc.nist.gov/glossary/term/attribute_and_authorization_services_committee","abbrSyn":[{"text":"AASC","link":"https://csrc.nist.gov/glossary/term/aasc"}],"definitions":null},{"term":"Attribute Authority","link":"https://csrc.nist.gov/glossary/term/attribute_authority","abbrSyn":[{"text":"AA","link":"https://csrc.nist.gov/glossary/term/aa"}],"definitions":[{"text":"An entity, recognized by the Federal PKI Policy Authority or comparable Agency body as having the authority to verify the association of attributes to an identity.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]}]},{"term":"Attribute Bundle","link":"https://csrc.nist.gov/glossary/term/attribute_bundle","definitions":[{"text":"A packaged set of attributes, usually contained within an assertion. Attribute bundles offer RPs a simple way to retrieve the most relevant attributes they need from IdPs. Attribute bundles are synonymous with OpenID Connect scopes [OpenID Connect Core 1.0].","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Attribute Practice Statement","link":"https://csrc.nist.gov/glossary/term/attribute_practice_statement","abbrSyn":[{"text":"APS","link":"https://csrc.nist.gov/glossary/term/aps"}],"definitions":null},{"term":"Attribute Protocol","link":"https://csrc.nist.gov/glossary/term/attribute_protocol","abbrSyn":[{"text":"ATT","link":"https://csrc.nist.gov/glossary/term/att"}],"definitions":null},{"term":"Attribute Reference","link":"https://csrc.nist.gov/glossary/term/attribute_reference","definitions":[{"text":"A statement asserting a property of a subscriber without necessarily containing identity information, independent of format. For example, for the attribute “birthday,” a reference could be “older than 18” or “born in December.”","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]}]},{"term":"Attribute Value","link":"https://csrc.nist.gov/glossary/term/attribute_value","definitions":[{"text":"A complete statement asserting a property of a subscriber, independent of format. For example, for the attribute “birthday,” a value could be “12/1/1980” or “December 1, 1980.”","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]}]},{"term":"attribute-based access control (ABAC)","link":"https://csrc.nist.gov/glossary/term/attribute_based_access_control","abbrSyn":[{"text":"ABAC","link":"https://csrc.nist.gov/glossary/term/abac"}],"definitions":[{"text":"An access control approach in which access is mediated based on attributes associated with subjects (requesters) and the objects to be accessed. Each object and subject has a set of associated attributes, such as location, time of creation, access rights, etc. Access to an object is authorized or denied depending upon whether the required (e.g., policy-defined) correlation can be made between the attributes of that object and of the requesting subject.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Attribute Based Access Control ","refSources":[{"text":"Common Criteria v2.3, Part 2","link":"https://www.commoncriteriaportal.org/cc/"}]}]},{"text":"Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which an access may take place. \nSee also identity, credential, and access management (ICAM).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under ABAC "}]}],"seeAlso":[{"text":"identity, credential, and access management (ICAM)"},{"text":"Identity, Credential, and Access Management (ICAM)","link":"identity_credential_and_access_management"}]},{"term":"attribute-based authorization","link":"https://csrc.nist.gov/glossary/term/attribute_based_authorization","definitions":[{"text":"A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/attribute_based_encryption","abbrSyn":[{"text":"ABE","link":"https://csrc.nist.gov/glossary/term/abe"}],"definitions":null},{"term":"Attribute-Value Pair","link":"https://csrc.nist.gov/glossary/term/attribute_value_pair","abbrSyn":[{"text":"AVP","link":"https://csrc.nist.gov/glossary/term/avp"}],"definitions":[{"text":"A tuple a=v in which a (the attribute) is an alphanumeric label representing a property or state, and v (the value) is the value assigned to the attribute.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"AU","link":"https://csrc.nist.gov/glossary/term/au","abbrSyn":[{"text":"Audit and Accountability","link":"https://csrc.nist.gov/glossary/term/audit_and_accountability"}],"definitions":null},{"term":"AuC","link":"https://csrc.nist.gov/glossary/term/auc","abbrSyn":[{"text":"Authentication Center","link":"https://csrc.nist.gov/glossary/term/authentication_center"}],"definitions":null},{"term":"Audience","link":"https://csrc.nist.gov/glossary/term/audience","definitions":[{"text":"The intended audience that should be able to install, test, and use the checklist, including suggested minimum skills and knowledge required to correctly use the checklist.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"audit","link":"https://csrc.nist.gov/glossary/term/audit","definitions":[{"text":"Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled."},{"text":"Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Audit ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Audit ","refSources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Audit ","refSources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Audit ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"Independent review and examination of records and activities to assess the adequacy of system controls and ensure compliance with established policies and operational procedures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Audit ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Audit ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An audit trail, which supports accountability, is required for a NE. Users should be prevented from modifying audit information.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under AUDIT "}]},{"text":"The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures and to recommend any indicated changes in controls, policy, or procedures.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Audit "}]}]},{"term":"Audit administrator","link":"https://csrc.nist.gov/glossary/term/audit_administrator","abbrSyn":[{"text":"Auditor","link":"https://csrc.nist.gov/glossary/term/auditor"}],"definitions":[{"text":"An FCKMS role that is responsible for establishing and reviewing an audit log, assuring that the log is reviewed periodically and after any security-compromise-relevant event, and providing audit reports to FCKMS managers.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"See Audit administrator.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Auditor "}]},{"text":"A member of the organization who inspects reports and risk assessments from one or more analyzers as well as organization-specific criteria to ensure that an app meets the security requirements of the organization.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Auditor "}]}]},{"term":"Audit and Accountability","link":"https://csrc.nist.gov/glossary/term/audit_and_accountability","abbrSyn":[{"text":"AU","link":"https://csrc.nist.gov/glossary/term/au"}],"definitions":null},{"term":"audit log","link":"https://csrc.nist.gov/glossary/term/audit_log","definitions":[{"text":"A chronological record of information system activities, including records of system accesses and operations performed in a given period.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Audit Log ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A chronological record of system activities. Includes records of system accesses and operations performed in a given period.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A record providing documentary evidence of specific events.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Audit log "}]},{"text":"A chronological record of system activities, including records of system accesses and operations performed in a given period.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"audit record","link":"https://csrc.nist.gov/glossary/term/audit_record","definitions":[{"text":"An individual entry in an audit log related to an audited event.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Audit Record "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"audit record reduction","link":"https://csrc.nist.gov/glossary/term/audit_record_reduction","definitions":[{"text":"A process that manipulates collected audit information and organizes it into a summary format that is more meaningful to analysts.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"audit reduction tools","link":"https://csrc.nist.gov/glossary/term/audit_reduction_tools","definitions":[{"text":"Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Audit Reduction Tools ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specific classes of events, such as records generated by nightly backups.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-12","link":"https://doi.org/10.6028/NIST.SP.800-12"}]}]}]},{"term":"audit trail","link":"https://csrc.nist.gov/glossary/term/audit_trail","definitions":[{"text":"A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security-relevant transaction from inception to final result.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Audit Trail ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A record showing who has accessed an information technology (IT) system and what operations the user has performed during a given period.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]},{"text":"A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A record showing who has accessed an IT system and what operations the user has performed during a given period.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Audit Trail "}]},{"text":"A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security-relevant transaction from inception to result.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of events and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to results.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Audit Trail "}]}]},{"term":"Auditor","link":"https://csrc.nist.gov/glossary/term/auditor","abbrSyn":[{"text":"Audit administrator","link":"https://csrc.nist.gov/glossary/term/audit_administrator"}],"definitions":[{"text":"An FCKMS role that is responsible for establishing and reviewing an audit log, assuring that the log is reviewed periodically and after any security-compromise-relevant event, and providing audit reports to FCKMS managers.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Audit administrator "}]},{"text":"See Audit administrator.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A member of the organization who inspects reports and risk assessments from one or more analyzers as well as organization-specific criteria to ensure that an app meets the security requirements of the organization.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]"}]}]},{"term":"AUFS","link":"https://csrc.nist.gov/glossary/term/aufs","abbrSyn":[{"text":"Advanced Multi-Layered Unification Filesystem","link":"https://csrc.nist.gov/glossary/term/advanced_multi_layered_unification_filesystem"}],"definitions":null},{"term":"Authenticable Entity","link":"https://csrc.nist.gov/glossary/term/authenticable_entity","definitions":[{"text":"An entity that can successfully participate in an authentication protocol with a card application.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"authenticate","link":"https://csrc.nist.gov/glossary/term/authenticate","abbrSyn":[{"text":"Authentication"}],"definitions":[{"text":"The process of establishing confidence of authenticity; in this case, the validity of a person’s identity and an authenticator (e.g., PIV Card or derived PIV credential).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Authentication "}]},{"text":"measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864","underTerm":" under Authentication "},{"text":"NISTIR 7946","link":"https://doi.org/10.6028/NIST.IR.7946","underTerm":" under Authentication "}]},{"text":"The corroboration that a person is the one claimed.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Authentication ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"Security measures designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of\ninformation.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Authentication ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Authentication "}]},{"text":"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authentication "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Authentication ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Authenticate "},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"To confirm the identity of an entity when that identity is presented.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Authenticate "}]},{"text":"Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Authentication ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"The process a VPN uses to limit access to protected services by forcing users to identify themselves.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Authentication "}]},{"text":"For the purposes of this guide, the process of verifying the identity claimed by a WiMAX device. User authentication is also an option supported by IEEE 802.16e-2005.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Authentication "}]},{"text":"Authentication is the process of verifying the claimed identity of a session requestor.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under Authentication "}]},{"text":"The process of verifying the authorization of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Authentication "}]},{"text":"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Authentication "}]},{"text":"A process that establishes the origin of information, or determines an entity’s identity. In a general information security context: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Authentication "}]},{"text":"See Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticate "}]},{"text":"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authentication "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authentication "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Authentication ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Authentication ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Authentication ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"Provides assurance of the authenticity and, therefore, the integrity of data.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Authentication "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Authentication "}]},{"text":"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data or that provides assurance of the identity of an entity interacting with a system.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Authentication "}]},{"text":"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authentication "}]},{"text":"A process that provides assurance of the source and integrity of information that is communicated or stored or the identity of an entity interacting with a system.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Authentication "}]},{"text":"Note that in common practice, the term \"authentication\" is used to mean either source or identity authentication only. This document will differentiate the multiple uses of the word by the terms source authentication, identity authentication, or integrity authentication, where appropriate.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Authentication "}]},{"text":"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data or that provides assurance of the identity of an entity interacting with a system. See Source authentication, Identity authentication, and Integrity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Authentication "}]},{"text":"The process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The process of establishing confidence in the identity of users or information systems.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Authentication ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Authentication "}]},{"text":"The process of verifying a claimed identity of a user, device, or other entity in a computer system","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Authentication "}]},{"text":"the process of verifying the integrity of data that has been stored, transmitted, or otherwise exposed to possible unauthorized access.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Authentication "}]},{"text":"The process of proving the claimed identity of an individual user, machine, software component or any other entity.  Typical authentication mechanisms include conventional password schemes, biometrics devices, cryptographic methods, and onetime passwords (usually implemented with token based cards.)","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Authentication "}]},{"text":"The process of establishing confidence in the claimed identity of a user or system","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Authentication "}]},{"text":"Verifying the identity of a user, process, or device, often as a prerequisite for allowing access to resources in an information system.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Authentication ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The process of establishing confidence of authenticity; in this case, in the validity of a person’s identity and the PIV Card.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Authentication "}]},{"text":"A process that establishes the source of information, provides assurance of an entity’s identity or provides assurance of the integrity of communications sessions, messages, documents or stored data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Authentication "}]}]},{"term":"Authenticated Ciphering Offset","link":"https://csrc.nist.gov/glossary/term/authenticated_ciphering_offset","abbrSyn":[{"text":"ACO","link":"https://csrc.nist.gov/glossary/term/aco"}],"definitions":null},{"term":"Authenticated Code Module","link":"https://csrc.nist.gov/glossary/term/authenticated_code_module","abbrSyn":[{"text":"ACM","link":"https://csrc.nist.gov/glossary/term/acm"}],"definitions":null},{"term":"Authenticated Code Random Access Memory","link":"https://csrc.nist.gov/glossary/term/authenticated_code_random_access_memory","abbrSyn":[{"text":"AC RAM","link":"https://csrc.nist.gov/glossary/term/ac_ram"}],"definitions":null},{"term":"Authenticated Configuration Scanner","link":"https://csrc.nist.gov/glossary/term/authenticated_configuration_scanner","definitions":[{"text":"A product that runs with administrative or root privileges on a target system to conduct its assessment.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Authenticated Data","link":"https://csrc.nist.gov/glossary/term/authenticated_data","abbrSyn":[{"text":"AD","link":"https://csrc.nist.gov/glossary/term/ad"}],"definitions":null},{"term":"Authenticated Decryption","link":"https://csrc.nist.gov/glossary/term/authenticated_decryption","definitions":[{"text":"The function of GCM in which the ciphertext is decrypted into the plaintext, and the authenticity of the ciphertext and the AAD is verified.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Authenticated Encryption","link":"https://csrc.nist.gov/glossary/term/authenticated_encryption","abbrSyn":[{"text":"AE","link":"https://csrc.nist.gov/glossary/term/ae"}],"definitions":[{"text":"The function of GCM in which the plaintext is encrypted into the ciphertext, and an authentication tag is generated on the AAD and the ciphertext.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"authenticated- encryption function","link":"https://csrc.nist.gov/glossary/term/authenticated__encryption_function","definitions":[{"text":"A function that encrypts plaintext into ciphertext and provides a means for the associated authenticated-decryption function to verify the authenticity and, therefore, the integrity of the data.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"authenticated encryption with associated data","link":"https://csrc.nist.gov/glossary/term/authenticated_encryption_with_associated_data","abbrSyn":[{"text":"AEAD","link":"https://csrc.nist.gov/glossary/term/aead"}],"definitions":null},{"term":"authenticated protected channel","link":"https://csrc.nist.gov/glossary/term/authenticated_protected_channel","definitions":[{"text":"An encrypted communication channel that uses approved cryptography where the connection initiator (client) has authenticated the recipient (server). Authenticated protected channels provide confidentiality and MitM protection and are frequently used in the user authentication process. Transport Layer Security (TLS) [BCP 195] is an example of an authenticated protected channel where the certificate presented by the recipient is verified by the initiator. Unless otherwise specified, authenticated protected channels do not require the server to authenticate the client. Authentication of the server is often accomplished through a certificate chain leading to a trusted root rather than individually with each server.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticated Protected Channel "}]},{"text":"An encrypted channel that uses approved cryptography where the connection initiator (client) has authenticated the recipient (server).","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Authenticated RFID","link":"https://csrc.nist.gov/glossary/term/authenticated_rfid","definitions":[{"text":"The use of digital signature technology to provide evidence of the authenticity of a tag and possibly chain of custody events.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"authenticated-decryption function","link":"https://csrc.nist.gov/glossary/term/authenticated_decryption_function","definitions":[{"text":"A function that decrypts purported ciphertext into corresponding plaintext and verifies the authenticity and, therefore, the integrity of the data. The output is either the plaintext or an indication that the plaintext is not authentic.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Authentication and Authorization Service","link":"https://csrc.nist.gov/glossary/term/authentication_and_authorization_service","abbrSyn":[{"text":"AAS","link":"https://csrc.nist.gov/glossary/term/aas"}],"definitions":null},{"term":"Authentication and Key Agreement","link":"https://csrc.nist.gov/glossary/term/authentication_and_key_agreement","abbrSyn":[{"text":"AKA","link":"https://csrc.nist.gov/glossary/term/aka"}],"definitions":null},{"term":"Authentication and Key Management","link":"https://csrc.nist.gov/glossary/term/authentication_and_key_management","abbrSyn":[{"text":"AKM","link":"https://csrc.nist.gov/glossary/term/akm"}],"definitions":null},{"term":"Authentication Center","link":"https://csrc.nist.gov/glossary/term/authentication_center","abbrSyn":[{"text":"AuC","link":"https://csrc.nist.gov/glossary/term/auc"}],"definitions":null},{"term":"Authentication code","link":"https://csrc.nist.gov/glossary/term/authentication_code","definitions":[{"text":"A keyed cryptographic checksum based on an approved security function (also known as a Message Authentication Code).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A cryptographic checksum based on an approved security function (also known as a Message Authentication Code).","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A keyed cryptographic checksum based on an approved security function; also known as a Message Authentication Code.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Authentication Factor","link":"https://csrc.nist.gov/glossary/term/authentication_factor","definitions":[{"text":"The three types of authentication factors aresomething you know,something you have, andsomething you are. Every authenticator has one or more authentication factors.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The three types of authentication factors are something you know, something you have, and something you are. Every authenticator has one or more authentication factors.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Authentication Header (AH)","link":"https://csrc.nist.gov/glossary/term/authentication_header","abbrSyn":[{"text":"AH","link":"https://csrc.nist.gov/glossary/term/ah"}],"definitions":[{"text":"A deprecated IPsec security protocol that provides integrity protection (but not confidentiality) for packet headers and data.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Authentication Information","link":"https://csrc.nist.gov/glossary/term/authentication_information","definitions":[{"text":"Information used to establish the validity of a claimed identity.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","refSources":[{"text":"ISO DIS 10181-2"}]}]}]},{"term":"Authentication Intent","link":"https://csrc.nist.gov/glossary/term/authentication_intent","definitions":[{"text":"The process of confirming the claimant’s intent to authenticate or re-authenticate by including a process requiring user intervention in the authentication flow. Some authenticators (e.g., OTP devices) establish authentication intent as part of their operation, others require a specific step, such as pressing a button, to establish intent. Authentication intent is a countermeasure against use by malware of the endpoint as a proxy for authenticating an attacker without the subscriber’s knowledge.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Authentication Key","link":"https://csrc.nist.gov/glossary/term/authentication_key","definitions":[{"text":"A public key that a DNSSEC-aware resolver has verified and can therefore use to authenticate data. A DNSSEC-aware resolver can obtain authentication keys in three ways. First, the resolver generally is configured to know about at least one public key; this configured data usually is either the public key itself or a hash of the public key as found in the DS RR (see “trust anchor”). Second, the resolver may use an authenticated public key to verify a DS RR and the DNSKEY RR to which the DS RR refers. Third, the resolver may be able to determine that a new public key has been signed by the private key corresponding to another public key that the resolver has verified. Note that the resolver must always be guided by local policy in deciding whether to authenticate a new public key, even if the local policy is simply to authenticate any new public key for which the resolver is able verify the signature.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}],"seeAlso":[{"text":"trust anchor","link":"trust_anchor"}]},{"term":"authentication mechanism","link":"https://csrc.nist.gov/glossary/term/authentication_mechanism","definitions":[{"text":"Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Authentication Mechanism "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Authentication Mechanism "}]}]},{"term":"authentication period","link":"https://csrc.nist.gov/glossary/term/authentication_period","definitions":[{"text":"The period between any initial authentication process and subsequent re-authentication processes during a single terminal session or during the period data is being accessed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"authentication protocol","link":"https://csrc.nist.gov/glossary/term/authentication_protocol","definitions":[{"text":"2. A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"1. A well specified message exchange process between a claimant and a verifier that enables the verifier to confirm the claimant’s identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A defined sequence of messages between a claimant and a verifier that demonstrates that the claimant has possession and control of one or more valid authenticators to establish their identity, and, optionally, demonstrates that the claimant is communicating with the intended verifier.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authentication Protocol "}]},{"text":"A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Authentication Protocol "}]}]},{"term":"Authentication Protocol Run","link":"https://csrc.nist.gov/glossary/term/authentication_protocol_run","definitions":[{"text":"An exchange of messages between a Claimant and a Verifier that results in authentication (or authentication failure) between the two parties.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Authentication Secret","link":"https://csrc.nist.gov/glossary/term/authentication_secret","definitions":[{"text":"A generic term for any secret value that an attacker could use to impersonate the subscriber in an authentication protocol.\nThese are further divided into short-term authentication secrets, which are only useful to an attacker for a limited period of time, and long-term authentication secrets, which allow an attacker to impersonate the subscriber until they are manually reset. The authenticator secret is the canonical example of a long-term authentication secret, while the authenticator output, if it is different from the authenticator secret, is usually a short-term authentication secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A generic term for any secret value that an attacker could use to impersonate the subscriber in an authentication protocol. \nThese are further divided into short-term authentication secrets, which are only useful to an attacker for a limited period of time, and long-term authentication secrets, which allow an attacker to impersonate the subscriber until they are manually reset. The authenticator secret is the canonical example of a long-term authentication secret, while the authenticator output, if it is different from the authenticator secret, is usually a short-term authentication secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A generic term for any secret value that could be used by an Attacker to impersonate the Subscriber in an authentication protocol. \nThese are further divided into short-term authentication secrets, which are only useful to an Attacker for a limited period of time, and long-term authentication secrets, which allow an Attacker to impersonate the Subscriber until they are manually reset. The token secret is the canonical example of a long term authentication secret, while the token authenticator, if it is different from the token secret, is usually a short term authentication secret.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Authentication Server","link":"https://csrc.nist.gov/glossary/term/authentication_server","abbrSyn":[{"text":"AS","link":"https://csrc.nist.gov/glossary/term/as"}],"definitions":null},{"term":"Authentication Tag","link":"https://csrc.nist.gov/glossary/term/authentication_tag","definitions":[{"text":"A cryptographic checksum on data that is designed to reveal both accidental errors and the intentional modification of the data.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Authentication Token","link":"https://csrc.nist.gov/glossary/term/authentication_token","abbrSyn":[{"text":"AUTN","link":"https://csrc.nist.gov/glossary/term/autn"}],"definitions":null},{"term":"Authentication, Authorization, and Accounting","link":"https://csrc.nist.gov/glossary/term/authentication_authorization_and_accounting","abbrSyn":[{"text":"AAA","link":"https://csrc.nist.gov/glossary/term/aaa"},{"text":"AAA "}],"definitions":null},{"term":"Authentication, Authorization, and Accounting Key","link":"https://csrc.nist.gov/glossary/term/authentication_authorization_and_accounting_key","abbrSyn":[{"text":"AAAK","link":"https://csrc.nist.gov/glossary/term/aaak"}],"definitions":null},{"term":"authenticator","link":"https://csrc.nist.gov/glossary/term/authenticator","abbrSyn":[{"text":"multifactor authentication"},{"text":"token","link":"https://csrc.nist.gov/glossary/term/token"},{"text":"Token"}],"definitions":[{"text":"Something the cardholder possesses and controls (e.g., PIV Card or derived PIV credential) that is used to authenticate the cardholder’s identity.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Authenticator "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric).","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under multifactor authentication "}]},{"text":"An entity that facilitates authentication of other entities attached to the same LAN using a public key certificate."},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The means used to confirm the identity of a user, process, or device (e.g., user password or token).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under multifactor authentication ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Something that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See cryptographic token.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under token ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" - Adapted"}]}]},{"text":"Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Token ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"The means used to confirm the identity of a user, processor, or device (e.g., user password or token).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authenticator "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as atoken.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator "}]},{"text":"See Authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Token "}]},{"text":"A portable, user-controlled, physical device (e.g., smart card or memory stick) used to store cryptographic information and possibly also perform cryptographic functions.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Token "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator "}]},{"text":"See Authenticator","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Token "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Token "}]},{"text":"Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under multifactor authentication "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as a token.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See authenticator.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under multifactor authentication "}]},{"text":"Something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A physical object a user possesses and controls that is used to authenticate the user’s identity.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Token "}]},{"text":"A representation of a particular asset that typically relies on a blockchain or other types of distributed ledgers.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Token ","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]},{"text":"Something that the Claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the Claimant’s identity.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Token "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See also Authenticator.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under multifactor authentication "}]}],"seeAlso":[{"text":"multifactor authentication"},{"text":"Multifactor Authentication"}]},{"term":"Authenticator Assurance Level (AAL)","link":"https://csrc.nist.gov/glossary/term/authenticator_assurance_level","abbrSyn":[{"text":"AAL","link":"https://csrc.nist.gov/glossary/term/aal"}],"definitions":[{"text":"A measure of the strength of an authentication mechanism and, therefore, the confidence in it, as defined in [NIST SP 800-63-3] in terms of three levels: AAL1 (Some confidence), AAL2 (High confidence), AAL3 (Very high confidence).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A category describing the strength of the authentication process.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator Assurance Level "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Authenticator number once","link":"https://csrc.nist.gov/glossary/term/authenticator_number_once","abbrSyn":[{"text":"ANonce","link":"https://csrc.nist.gov/glossary/term/anonce"}],"definitions":null},{"term":"Authenticator Output","link":"https://csrc.nist.gov/glossary/term/authenticator_output","abbrSyn":[{"text":"Token Authenticator","link":"https://csrc.nist.gov/glossary/term/token_authenticator"}],"definitions":[{"text":"The output value generated by an authenticator. The ability to generate valid authenticator outputs on demand proves that the claimant possesses and controls the authenticator. Protocol messages sent to the verifier are dependent upon the authenticator output, but they may or may not explicitly contain it.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"See Authenticator Output.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Token Authenticator "}]},{"text":"The output value generated by a token. The ability to generate valid token authenticators on demand proves that the Claimant possesses and controls the token. Protocol messages sent to the Verifier are dependent upon the token authenticator, but they may or may not explicitly contain it.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Token Authenticator "}]}]},{"term":"Authenticator Secret","link":"https://csrc.nist.gov/glossary/term/authenticator_secret","abbrSyn":[{"text":"Token Secret","link":"https://csrc.nist.gov/glossary/term/token_secret"}],"definitions":[{"text":"The secret value contained within an authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"See Authenticator Secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Token Secret "}]},{"text":"The secret value, contained within a token, which is used to derive token authenticators.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Token Secret "}]}]},{"term":"Authenticator Type","link":"https://csrc.nist.gov/glossary/term/authenticator_type","definitions":[{"text":"A category of authenticators with common characteristics. Some authenticator types provide one authentication factor, others provide two.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Authenticator-Specific Module","link":"https://csrc.nist.gov/glossary/term/authenticator_specific_module","abbrSyn":[{"text":"ASM","link":"https://csrc.nist.gov/glossary/term/asm"}],"definitions":null},{"term":"authenticity","link":"https://csrc.nist.gov/glossary/term/authenticity","definitions":[{"text":"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authenticity ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"The property that data originated from its purported source.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Authenticity "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Authenticity "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Authenticity "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticity "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Authenticity "}]},{"text":"The property that data originated from its purported source. In the context of a key-wrap algorithm, the source of authentic data is an entity with access to an implementation of the authenticated-encryption function with the KEK.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authenticity ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authenticity "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authenticity "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authenticity "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authenticity "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Authenticity "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Authenticity "}]},{"text":"The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, message, or message originator. See authentication.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}],"seeAlso":[{"text":"authentication","link":"authentication"},{"text":"Authentication"}]},{"term":"Author","link":"https://csrc.nist.gov/glossary/term/author","definitions":[{"text":"The organization responsible for creating the checklist in its current format. In most cases an organization will represent both the author and authority of a checklist, but this is not always true. For example, if an organization produces validated SCAP content for a NIST publication, the organization that created the SCAP content will be listed as the Author, but NIST will remain the Authority.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Authoritative RRSet","link":"https://csrc.nist.gov/glossary/term/authoritative_rrset","definitions":[{"text":"Within the context of a particular zone, an RRSet (RRs with the same name, class, and type) is authoritative if and only if the owner name of the RRSet lies within the subset of the name space that is at or below the zone apex and at or above the cuts that separate the zone from its children, if any. RRs of type NSEC, RRSIG and DS are examples of RRSets at a cut that are authoritative at the parent side of the zone cut, and not the delegated child side.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"Authoritative Source","link":"https://csrc.nist.gov/glossary/term/authoritative_source","definitions":[{"text":"An entity that has access to, or verified copies of, accurate information from an issuing source such that a CSP can confirm the validity of the identity evidence supplied by an applicant during identity proofing. An issuing source may also be an authoritative source. Often, authoritative sources are determined by a policy decision of the agency or CSP before they can be used in the identity proofing validation phase.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"authority","link":"https://csrc.nist.gov/glossary/term/authority","definitions":[{"text":"Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A privacy principle (FIPP) that limits an organization's creation, collection, use, processing, storage, maintaining, disseminating, or disclosing of PII to activities for which they have authority to do so, and identify this authority in appropriate notices."},{"text":"The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Authority "}]},{"text":"The organization responsible for producing the original security configuration guidance represented by the checklist.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4","underTerm":" under Authority "}]}]},{"term":"Authority Information Access","link":"https://csrc.nist.gov/glossary/term/authority_information_access","abbrSyn":[{"text":"AIA","link":"https://csrc.nist.gov/glossary/term/aia"}],"definitions":null},{"term":"Authority to Operate","link":"https://csrc.nist.gov/glossary/term/authority_to_operate","abbrSyn":[{"text":"ATO","link":"https://csrc.nist.gov/glossary/term/ato"}],"definitions":[{"text":"Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under ATO "}]}]},{"term":"Authority Type","link":"https://csrc.nist.gov/glossary/term/authority_type","definitions":[{"text":"The type of organization that is the authority for the checklist. The three types are Governmental Authority, Software Vendor, and Third Party (e.g., security organizations).","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Type of organization that lends its authority to the checklist. The three types are Governmental Authority, Software Vendor, and Third Party (e.g., security organizations).","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"authorization boundary","link":"https://csrc.nist.gov/glossary/term/authorization_boundary","abbrSyn":[{"text":"information system boundary","link":"https://csrc.nist.gov/glossary/term/information_system_boundary"},{"text":"Information System Boundary"},{"text":"Information System Component"},{"text":"Security Authorization Boundary","link":"https://csrc.nist.gov/glossary/term/security_authorization_boundary"},{"text":"system boundary","link":"https://csrc.nist.gov/glossary/term/system_boundary"}],"definitions":[{"text":"All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorization Boundary ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"A discrete identifiable IT asset that represents a building block of an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Component "}]},{"text":"Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Boundary "}]},{"text":"All components of an information system to be authorized for operation by an authorizing official. This excludes separately authorized systems to which the information system is connected.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"See Authorization Boundary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information system boundary ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information system boundary "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system boundary "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Authorization Boundary "}]}],"seeAlso":[{"text":"accreditation boundary","link":"accreditation_boundary"},{"text":"boundary","link":"boundary"}]},{"term":"Authorization Component","link":"https://csrc.nist.gov/glossary/term/authorization_component","definitions":[{"text":"A set of data items issued to an RP by an IdP during an identity federation transaction that grants the RP authorized access to a set of APIs (e.g., an OAuth access token). This credential can be separate from the assertion provided by the federation protocol (e.g., an OpenID Connect ID Token).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"authorization package","link":"https://csrc.nist.gov/glossary/term/authorization_package","abbrSyn":[{"text":"security authorization package","link":"https://csrc.nist.gov/glossary/term/security_authorization_package"}],"definitions":[{"text":"Documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls. \nContains: (i) the security plan; (ii) the security assessment report (SAR); and (iii) the plan of action and milestones (POA&M). \nNote: Many departments and agencies may choose to include the risk assessment report (RAR) as part of the security authorization package. Also, many organizations use system security plan in place of the security plan.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security authorization package ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See security authorization package","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The results of assessment and supporting documentation provided to the Designated Authorizing Official to be used in the authorization decision process.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Authorization Package "}]},{"text":"The essential information that an authorizing official uses to determine whether to authorize the operation of an information system or the provision of a designated set of common controls. At a minimum, the authorization package includes an executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"Authorization Server","link":"https://csrc.nist.gov/glossary/term/authorization_server","abbrSyn":[{"text":"AS","link":"https://csrc.nist.gov/glossary/term/as"}],"definitions":null},{"term":"authorization to operate","link":"https://csrc.nist.gov/glossary/term/authorization_to_operate","abbrSyn":[{"text":"accreditation","link":"https://csrc.nist.gov/glossary/term/accreditation"},{"text":"approval to operate","link":"https://csrc.nist.gov/glossary/term/approval_to_operate"},{"text":"Approval to Operate"},{"text":"ATO","link":"https://csrc.nist.gov/glossary/term/ato"},{"text":"security authorization (to operate)","link":"https://csrc.nist.gov/glossary/term/security_authorization_to_operate"},{"text":"Security Authorization (to Operate)"},{"text":"Security Authorization(to Operate)"}],"definitions":[{"text":"Formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under accreditation "}]},{"text":"Formal recognition that a laboratory is competent to carry out specific tests or calibrations or types of tests or calibrations."},{"text":"Formal recognition that a laboratory is competent to carry out specific tests or calibrations or types of tests or calibrations."},{"text":"The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under approval to operate "}]},{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See authorization to operate (ATO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security authorization (to operate) ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"seeCertificationandAccreditation.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Approval to Operate "}]},{"text":"See Authorization (to operate).","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Authorization (to Operate) "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Authorization(to Operate) "}]},{"text":"Authorization to Operate; One of three possible decisions concerning an issuer made by a Designated Authorizing Official after all assessment activities have been performed stating that the issuer is authorized to perform specific PIV Card and/or Derived Credential issuance services.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under ATO "}]},{"text":"The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls and privacy controls.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization (to operate) ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]}]},{"term":"authorization to use","link":"https://csrc.nist.gov/glossary/term/authorization_to_use","definitions":[{"text":"The official management decision given by an authorizing official to authorize the use of an information system, service, or application based on the information in an existing authorization package generated by another organization, and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of controls in the system, service, or application.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Authorize","link":"https://csrc.nist.gov/glossary/term/authorize","definitions":[{"text":"A decision to grant access, typically automated by evaluating a subject’s attributes.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"authorize processing","link":"https://csrc.nist.gov/glossary/term/authorize_processing","abbrSyn":[{"text":"Accreditation"},{"text":"authorization","link":"https://csrc.nist.gov/glossary/term/authorization"},{"text":"Authorization"}],"definitions":[{"text":"The official management decision of the Designated Authorizing Official to permit operation of an issuer after determining that the issuer’s reliability has satisfactorily been established through appropriate assessment processes.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Authorization "}]},{"text":"The right or a permission that is granted to a system entity to access a system resource.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under authorization ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"The official management decision given by a senior organizational official to authorize the operation of an information system and to explicitly accept the risk to organizational operations and assets, individuals, other organizations, and the Nation, based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under authorization "}]},{"text":"The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accreditation ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accreditation ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Accreditation ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"The right or a permission that is granted to a system entity to access a system resource.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Authorization ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Authorization ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Authorization ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"Access privileges granted to a user, program, or process or the act of granting those privileges.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Also known as authorization to operate.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Authorization "}]},{"text":"The process that takes place after authentication is complete to determine which resources/services are available to a WiMAX device.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Authorization "}]},{"text":"The process of verifying that a requested action or service is approved for a specific entity.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Authorization "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Authorization "}]},{"text":"also known as authorize processing (OMB Circular A-130, Appendix III),and approval to operate. Accreditation (or authorization to process information) is granted by a management official and provides an important quality control. By accrediting a system or application, a manager accepts the associated risk. Accreditation (authorization) must be based on a review of controls. (See Certification.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Accreditation "}]},{"text":"See Accreditation.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authorize Processing "}]},{"text":"The granting or denying of access rights to a user, program, or process.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under authorization "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Authorization "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under authorization "}]},{"text":"Formal declaration by a Designated Approving Authority that an Information System is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Accreditation "}]},{"text":"Access privileges that are granted to an entity; conveying an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Authorization "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Authorization "}]},{"text":"Access privileges granted to an entity; conveys an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Authorization "}]},{"text":"Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Authorization "}]},{"text":"See authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorize Processing "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorize Processing "}]},{"text":"Access privileges that are granted to an entity that convey an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Authorization "}]},{"text":"The process of initially establishing access privileges of an individual and subse­quently verifying the acceptability of a request for access.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Authorization "}]}]},{"term":"Authorized","link":"https://csrc.nist.gov/glossary/term/authorized","definitions":[{"text":"Entitled to a specific mode of access.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"A system entity or actor that has been granted the right, permission, or capability to access a system resource. See also “Authorization”.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}],"seeAlso":[{"text":"also Authorization","link":"also_authorization"}]},{"term":"Authorized Data Publisher","link":"https://csrc.nist.gov/glossary/term/authorized_data_publisher","abbrSyn":[{"text":"ADP","link":"https://csrc.nist.gov/glossary/term/adp"}],"definitions":null},{"term":"Authorized Entity","link":"https://csrc.nist.gov/glossary/term/authorized_entity","definitions":[{"text":"An entity that has implicitly or explicitly been granted approval to interact with a particular IoT device. The device cybersecurity capabilities in the core baseline do not specify how authorization is implemented for distinguishing authorized and unauthorized entities, but can include identity management and authentication to establish the authorization of entities. It is left to the organization to decide how each device will implement authorization. Also, an entity authorized to interact with an IoT device in one way might not be authorized to interact with the same device in another way.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"}]}]},{"term":"authorized ID","link":"https://csrc.nist.gov/glossary/term/authorized_id","definitions":[{"text":"The key management entity (KME) authorized to order against a traditional short title.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Authorized individuals, services, and other IoT product components","link":"https://csrc.nist.gov/glossary/term/authorized_individuals_services_iot_product_components","definitions":[{"text":"An entity (i.e., a person, device, service, network, domain, developer, or other party who might interact with an IoT device) that has implicitly or explicitly been granted approval to interact with a particular IoT device.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"Authorized Key","link":"https://csrc.nist.gov/glossary/term/authorized_key","definitions":[{"text":"A public key that has been configured as authorizing access to an account by anyone capable of using the corresponding private key (identity key) in the SSH protocol. An authorized key may be configured with certain restrictions, most notably a forced command and a source restriction.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Authorized Keys File","link":"https://csrc.nist.gov/glossary/term/authorized_keys_file","definitions":[{"text":"The file associated with a specific account where one or more authorized keys and optional restrictions are stored. Each account for which public key authentication is allowed on an SSH server has a unique authorized keys file.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"authorized user","link":"https://csrc.nist.gov/glossary/term/authorized_user","definitions":[{"text":"Any appropriately cleared individual with a requirement to access an information system (IS) for performing or assisting in a lawful and authorized government function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDD 8570.01","link":"https://www.esd.whs.mil/Directives/issuances/dodd/","note":" - Adapted"}]}]},{"text":"Any appropriately provisioned individual with a requirement to access an information system.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Authorized User ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"authorized vendor","link":"https://csrc.nist.gov/glossary/term/authorized_vendor","definitions":[{"text":"Manufacturer of information security (INFOSEC) equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"authorizing official","link":"https://csrc.nist.gov/glossary/term/authorizing_official","abbrSyn":[{"text":"Accrediting Authority"},{"text":"AO","link":"https://csrc.nist.gov/glossary/term/ao"}],"definitions":[{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under AUTHORIZING OFFICIAL "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Authorizing Official ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorizing Official "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authorizing Official (AO) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Senior federal official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Authorizing Official (AO) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"Senior (federal) official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorizing Official ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Authorizing Official ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A senior (federal) official or executive with the authority to formally assume responsibility for operating a system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Authorizing Official (AO) ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"A senior Federal official or executive with the authority to authorize (i.e., assume responsibility for) operation of an information system or the use of a designated set of common controls at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"See Authorizing Official.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accrediting Authority "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accrediting Authority "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Accrediting Authority "}]},{"text":"A senior Federal official or executive with the authority to authorize (i.e., assume responsibility for) the operation of an information system or the use of a designated set of common controls at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]}],"seeAlso":[{"text":"accrediting authority","link":"accrediting_authority"}]},{"term":"authorizing official designated representative","link":"https://csrc.nist.gov/glossary/term/authorizing_official_designated_representative","abbrSyn":[{"text":"AODR","link":"https://csrc.nist.gov/glossary/term/aodr"}],"definitions":[{"text":"An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization or privacy authorization.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorizing Official Designated Representative ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]},{"text":"An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorizing official designated ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"DoDI 8510","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorizing Official Designated Representative "}]},{"text":"An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with the authorization process.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"AUTN","link":"https://csrc.nist.gov/glossary/term/autn","abbrSyn":[{"text":"Authentication Token","link":"https://csrc.nist.gov/glossary/term/authentication_token"}],"definitions":null},{"term":"AUTO-ISAC","link":"https://csrc.nist.gov/glossary/term/auto_isac","abbrSyn":[{"text":"Automotive Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/automotive_information_sharing_and_analysis_center"}],"definitions":null},{"term":"Automated Access","link":"https://csrc.nist.gov/glossary/term/automated_access","definitions":[{"text":"Access to a computer by an automated process without an interactive user, generally machine-to-machine access. Automated access is often triggered from scripts or schedulers, e.g., by executing an SSH client or a file transfer application. Many programs may also use automated access using SSH internally, including many privileged access management systems and systems management tools.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Automated Certificate","link":"https://csrc.nist.gov/glossary/term/automated_certificate","definitions":[{"text":"A protocol defined in IETF RFC 8555 that provides for the automated enrollment of certificates.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Automated Certificate Management Environment","link":"https://csrc.nist.gov/glossary/term/automated_certificate_management_environment","abbrSyn":[{"text":"ACME","link":"https://csrc.nist.gov/glossary/term/acme"}],"definitions":[{"text":"A protocol defined in IETF RFC 8555 that provides for the automated enrollment of certificates.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Automated Checklist","link":"https://csrc.nist.gov/glossary/term/automated_checklist","definitions":[{"text":"A checklist that is used through one or more tools that automatically alter or verify settings based on the contents of the checklist. Automated checklists document their security settings in a machine-readable format, either standard or proprietary.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Automated Combinatorial Testing","link":"https://csrc.nist.gov/glossary/term/automated_combinatorial_testing","abbrSyn":[{"text":"ACT","link":"https://csrc.nist.gov/glossary/term/act"}],"definitions":null},{"term":"Automated Combinatorial Testing for Software","link":"https://csrc.nist.gov/glossary/term/automated_combinatorial_testing_for_software","abbrSyn":[{"text":"ACTS","link":"https://csrc.nist.gov/glossary/term/acts"}],"definitions":null},{"term":"Automated Cryptographic Validation Protocol","link":"https://csrc.nist.gov/glossary/term/automated_cryptographic_validation_protocol","abbrSyn":[{"text":"ACVP","link":"https://csrc.nist.gov/glossary/term/acvp"}],"definitions":null},{"term":"Automated Cryptographic Validation Test System","link":"https://csrc.nist.gov/glossary/term/automated_cryptographic_validation_test_system","abbrSyn":[{"text":"ACVTS","link":"https://csrc.nist.gov/glossary/term/acvts"}],"definitions":null},{"term":"Automated Indicator Sharing","link":"https://csrc.nist.gov/glossary/term/automated_indicator_sharing","abbrSyn":[{"text":"AIS","link":"https://csrc.nist.gov/glossary/term/ais"}],"definitions":null},{"term":"Automated Information System Security","link":"https://csrc.nist.gov/glossary/term/automated_information_system_security","definitions":null},{"term":"Automated Information System Security Program","link":"https://csrc.nist.gov/glossary/term/automated_information_system_security_program","definitions":[{"text":"synonymous withIT Security Program.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"automated market maker","link":"https://csrc.nist.gov/glossary/term/automated_market_maker","abbrSyn":[{"text":"AMM","link":"https://csrc.nist.gov/glossary/term/amm"}],"definitions":null},{"term":"Automated Process","link":"https://csrc.nist.gov/glossary/term/automated_process","definitions":[{"text":"An application, script, or management system that leverages SSH to execute commands or transfer data to/from another system.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"automated security monitoring","link":"https://csrc.nist.gov/glossary/term/automated_security_monitoring","abbrSyn":[{"text":"continuous monitoring","link":"https://csrc.nist.gov/glossary/term/continuous_monitoring"},{"text":"information security continuous monitoring"}],"definitions":[{"text":"Maintaining ongoing awareness to support organizational risk decisions. \nSee information security continuous monitoring, risk monitoring, and status monitoring","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under continuous monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Maintaining ongoing awareness to support organizational risk decisions.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under continuous monitoring "},{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under continuous monitoring ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under continuous monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under continuous monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]}],"seeAlso":[{"text":"information security continuous monitoring"},{"text":"information security continuous monitoring (ISCM)","link":"information_security_continuous_monitoring"}]},{"term":"Automatic Data Processing","link":"https://csrc.nist.gov/glossary/term/automatic_data_processing","abbrSyn":[{"text":"ADP","link":"https://csrc.nist.gov/glossary/term/adp"}],"definitions":null},{"term":"Automatic Identification and Data Capture","link":"https://csrc.nist.gov/glossary/term/automatic_identification_and_data_capture","abbrSyn":[{"text":"AIDC","link":"https://csrc.nist.gov/glossary/term/aidc"}],"definitions":null},{"term":"Automatic Identification Technology","link":"https://csrc.nist.gov/glossary/term/automatic_identification_technology","abbrSyn":[{"text":"AIT","link":"https://csrc.nist.gov/glossary/term/ait"}],"definitions":null},{"term":"automatic remote rekeying","link":"https://csrc.nist.gov/glossary/term/automatic_remote_rekeying","definitions":[{"text":"Procedure to rekey distant cryptographic equipment electronically without specific actions by the receiving terminal operator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"manual remote rekeying","link":"manual_remote_rekeying"},{"text":"remote rekeying","link":"remote_rekeying"}]},{"term":"Automotive Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/automotive_information_sharing_and_analysis_center","abbrSyn":[{"text":"AUTO-ISAC","link":"https://csrc.nist.gov/glossary/term/auto_isac"}],"definitions":null},{"term":"Autonomous System (AS)","link":"https://csrc.nist.gov/glossary/term/autonomous_system","abbrSyn":[{"text":"AS","link":"https://csrc.nist.gov/glossary/term/as"}],"definitions":[{"text":"An Autonomous System specifies a network, mostly an organization that can own or announce network addresses to the Internet.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Autonomous System "}]},{"text":"One or more routers under a single administration operating the same routing policy.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Autonomous System Number (ASN)","link":"https://csrc.nist.gov/glossary/term/autonomous_system_number","abbrSyn":[{"text":"ASN","link":"https://csrc.nist.gov/glossary/term/asn"}],"definitions":[{"text":"A two-byte number that identifies an AS.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Auxiliary Power Unit","link":"https://csrc.nist.gov/glossary/term/auxiliary_power_unit","abbrSyn":[{"text":"APU","link":"https://csrc.nist.gov/glossary/term/apu"}],"definitions":null},{"term":"AV","link":"https://csrc.nist.gov/glossary/term/av","abbrSyn":[{"text":"Antivirus","link":"https://csrc.nist.gov/glossary/term/antivirus"},{"text":"Anti-Virus"}],"definitions":null},{"term":"availability","link":"https://csrc.nist.gov/glossary/term/availability","definitions":[{"text":"measures an attacker’s ability to disrupt or prevent access to services or data. Vulnerabilities that impact availability can affect hardware, software, and network resources, such as flooding network bandwidth, consuming large amounts of memory, CPU cycles, or unnecessary power consumption.","sources":[{"text":"NISTIR 7946","link":"https://doi.org/10.6028/NIST.IR.7946","underTerm":" under Availability "}]},{"text":"Property of being accessible and usable on demand by an authorized entity.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 7498-2:1989"}]}]},{"text":"The property that data or information is accessible and usable upon demand by an authorized person.","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §164.304"}]}]},{"text":"Ensuring timely and reliable access to and use of information.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under AVAILABILITY ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Availability ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"1. Ensuring timely and reliable access to and use of information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"As defined in FISMA, the term 'availability' means ensuring timely and reliable access to and use of information.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Availability ","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(1)(C) ","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"The property that data or information is accessible and usable upon demand by an authorized person.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Availability ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"2. Timely, reliable access to data and information services for authorized users.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"The ability for authorized users to access systems as needed.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Availability "}]},{"text":"Timely, reliable access to information or a service.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Availability "}]},{"text":"the timely, reliable access to data and information services for authorized users.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Availability "}]},{"text":"The security objective that generates the requirement for protection against intentional or accidental attempts to (1) perform unauthorized deletion of data or (2) otherwise cause a denial of service or data.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"Timely, reliable access to information by authorized entities.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Availability "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Availability "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Availability "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Availability "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Availability "}]},{"text":"The state that exists when data can be accessed or a requested service provided within an acceptable period of time.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Availability "}]},{"text":"The security goal that generates the requirement for protection against intentional or accidental attempts to (1) perform unauthorized deletion of data or (2) otherwise cause a denial of service or data.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Timely, reliable access to data and information services for authorized users.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]","underTerm":" under Availability "}]},{"text":"Ensuring timely and reliable access to and use of information. \nNote: Mission/business resiliency objectives extend the concept of availability to refer to a point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"EGovAct","link":"https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf"}]}]},{"text":"Ensuring timely and reliable access to and use of information.\nNote: Mission/business resiliency objectives extend the concept of availability to refer to a point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"EGovAct","link":"https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf"}]}]}]},{"term":"availability (PNT)","link":"https://csrc.nist.gov/glossary/term/availability_pnt","definitions":[{"text":"The availability of a PNT system is the percentage of time that the services of the system are usable. Availability is an indication of the ability of the system to provide usable service within the specified coverage area. Signal availability is the percentage of time that PNT signals transmitted from external sources are available for use. Availability is a function of both the physical characteristics of the environment and the technical capabilities of the PNT service provider.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E, Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E, adapted"}]}]}]},{"term":"Availability Impact","link":"https://csrc.nist.gov/glossary/term/availability_impact","definitions":[{"text":"measures the potential impact to availability of a successfully exploited misuse vulnerability. Availability refers to the accessibility of information resources.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Average Record Matching Probability","link":"https://csrc.nist.gov/glossary/term/average_record_matching_probability","abbrSyn":[{"text":"ARMP","link":"https://csrc.nist.gov/glossary/term/armp"}],"definitions":null},{"term":"Aviation Cyber Initiative","link":"https://csrc.nist.gov/glossary/term/aviation_cyber_initiative","abbrSyn":[{"text":"ACI","link":"https://csrc.nist.gov/glossary/term/aci"}],"definitions":null},{"term":"AVP","link":"https://csrc.nist.gov/glossary/term/avp","abbrSyn":[{"text":"Attribute-Value Pair","link":"https://csrc.nist.gov/glossary/term/attribute_value_pair"}],"definitions":[{"text":"A tuple a=v in which a (the attribute) is an alphanumeric label representing a property or state, and v (the value) is the value assigned to the attribute.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696","underTerm":" under Attribute-Value Pair "}]}]},{"term":"AWARE","link":"https://csrc.nist.gov/glossary/term/aware","abbrSyn":[{"text":"Agency-Wide Adaptive Risk Enumeration","link":"https://csrc.nist.gov/glossary/term/agency_wide_adaptive_risk_enumeration"}],"definitions":null},{"term":"Awareness","link":"https://csrc.nist.gov/glossary/term/awareness","definitions":[{"text":"Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.\n\nIn awareness activities, the learner is the recipient of information, whereas the learner in a training environment has a more active role. Awareness relies on reaching broad audiences with attractive packaging techniques. Training is more formal, having a goal of building knowledge and skills to facilitate the job performance.","sources":[{"text":"NIST SP 800-50","link":"https://doi.org/10.6028/NIST.SP.800-50","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"text":"a learning process that sets the stage for training by changing individual andorganizational attitudes to realize the importance of security and the adverse consequences of its failure.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Awareness and Training","link":"https://csrc.nist.gov/glossary/term/awareness_and_training","abbrSyn":[{"text":"AT","link":"https://csrc.nist.gov/glossary/term/at"}],"definitions":null},{"term":"Awareness, Training, and Education Controls","link":"https://csrc.nist.gov/glossary/term/awareness_training_and_education_controls","definitions":[{"text":"include (1) awareness programs whichset the stage for training by changing organizational attitudes to realize the importance of security and the adverse consequences of its failure, (2) training which teaches people the skills that will enable them to perform their jobs more effectively, and (3) education which is targeted for IT security professionals and focuses on developing the ability and vision to perform complex, multi-disciplinary activities.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"AWS","link":"https://csrc.nist.gov/glossary/term/aws","abbrSyn":[{"text":"Amazon Web Services","link":"https://csrc.nist.gov/glossary/term/amazon_web_services"}],"definitions":null},{"term":"AWWA","link":"https://csrc.nist.gov/glossary/term/awwa","abbrSyn":[{"text":"American Water Works Association","link":"https://csrc.nist.gov/glossary/term/american_water_works_association"}],"definitions":null},{"term":"AXFR","link":"https://csrc.nist.gov/glossary/term/axfr","abbrSyn":[{"text":"DNS Full Zone Transfer Query Type","link":"https://csrc.nist.gov/glossary/term/dns_full_zone_transfer_query_type"}],"definitions":null},{"term":"B2B","link":"https://csrc.nist.gov/glossary/term/b2b","abbrSyn":[{"text":"Business-To-Business","link":"https://csrc.nist.gov/glossary/term/business_to_business"}],"definitions":null},{"term":"BA","link":"https://csrc.nist.gov/glossary/term/ba","abbrSyn":[{"text":"Client Backup-Archive Client","link":"https://csrc.nist.gov/glossary/term/client_backup_archive_client"}],"definitions":null},{"term":"BAA","link":"https://csrc.nist.gov/glossary/term/baa","abbrSyn":[{"text":"Business Associate Agreement","link":"https://csrc.nist.gov/glossary/term/business_associate_agreement"}],"definitions":null},{"term":"Back-Channel Communication","link":"https://csrc.nist.gov/glossary/term/back_channel_communication","definitions":[{"text":"Communication between two systems that relies on a direct connection (allowing for standard protocol-level proxies), without using redirects through an intermediary such as a browser. This can be accomplished using HTTP requests and responses.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"backdoor","link":"https://csrc.nist.gov/glossary/term/backdoor","definitions":[{"text":"An undocumented way of gaining access to computer system. A backdoor is a potential security risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-82 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-82r1"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Back door ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"An undocumented way of gaining access to a computer system. A backdoor is a potential security risk.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Backdoor "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Backdoor ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Backdoor ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Backdoor "}]},{"text":"A malicious program that listens for commands on a certain Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","underTerm":" under Backdoor "}]}],"seeAlso":[{"text":"trap door","link":"trap_door"}]},{"term":"Backscatter Channel","link":"https://csrc.nist.gov/glossary/term/backscatter_channel","definitions":[{"text":"The type of back channel used by passive tags. Since passive tags do not have a local power source, they communicate by reflecting or backscattering electromagnetic signals received from a reader.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Backtracking Resistance","link":"https://csrc.nist.gov/glossary/term/backtracking_resistance","definitions":[{"text":"An RBG provides backtracking resistance relative to time T if it provides assurance that an adversary that has knowledge of the state of the RBG at some time(s) subsequent to time T (but incapable of performing work that matches the claimed security strength of the RBG) would be unable to distinguish between observations of ideal random bitstrings and (previously unseen) bitstrings that are output by the RBG at or prior to time T. In particular, an RBG whose design allows the adversary to \"backtrack\" from the initially-compromised RBG state(s) to obtain knowledge of prior RBG states and the corresponding outputs (including the RBG state and output at time T) would not provide backtracking resistance relative to time T. (Contrast with prediction resistance.)","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}],"seeAlso":[{"text":"prediction resistance","link":"prediction_resistance"}]},{"term":"backup","link":"https://csrc.nist.gov/glossary/term/backup","definitions":[{"text":"A copy of files and programs made to facilitate recovery if necessary.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Backup "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Backup ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Backup ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Backup ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Backup ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"A copy of files and programs made to facilitate recovery, if necessary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"Copy of files and programs made to facilitate recovery if necessary.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Backup ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"A copy of information to facilitate recovery during the cryptoperiod of the key, if necessary.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Backup "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Backup "}]},{"text":"A copy of information to facilitate recovery, if necessary.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Backup "}]},{"text":"Duplicating data onto another medium.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Backup "}]},{"text":"A copy of key information to facilitate recovery during the cryptoperiod of the key, if necessary.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Backup "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Backup "}]}]},{"term":"Backup (key and/or metadata)","link":"https://csrc.nist.gov/glossary/term/backup_key_or_metadata","definitions":[{"text":"To copy a key and/or metadata to a medium that is separate from that used for operational storage and from which the key and/or metadata can be recovered if the original values in operational storage are lost or modified.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Backup (system)","link":"https://csrc.nist.gov/glossary/term/backup_system","definitions":[{"text":"The process of copying information or processing status to a redundant system, service, device or medium that can provide the needed processing capability when needed.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Backup facility","link":"https://csrc.nist.gov/glossary/term/backup_facility","definitions":[{"text":"A redundant system or service that is kept available for use in case of a failure of a primary facility.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"BAD","link":"https://csrc.nist.gov/glossary/term/bad","abbrSyn":[{"text":"Behavioral Anomaly Detection","link":"https://csrc.nist.gov/glossary/term/behavioral_anomaly_detection"}],"definitions":[{"text":"A mechanism providing a multifaceted approach to detecting cybersecurity attacks.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Behavioral Anomaly Detection ","refSources":[{"text":"NISTIR 8219","link":"https://doi.org/10.6028/NIST.IR.8219"}]}]}]},{"term":"banner","link":"https://csrc.nist.gov/glossary/term/banner","definitions":[{"text":"Display on an information system that sets parameters for system or data use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Banner Grabbing","link":"https://csrc.nist.gov/glossary/term/banner_grabbing","definitions":[{"text":"The process of capturing banner information—such as application type and version— that is transmitted by a remote port when a connection is initiated.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"BAS","link":"https://csrc.nist.gov/glossary/term/bas","abbrSyn":[{"text":"Building Automation System","link":"https://csrc.nist.gov/glossary/term/building_automation_system"}],"definitions":null},{"term":"base assessment","link":"https://csrc.nist.gov/glossary/term/base_assessment","definitions":[{"text":"The ISCMAx assessment file from which a merge is initiated.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Base layer","link":"https://csrc.nist.gov/glossary/term/base_layer","definitions":[{"text":"The underlying layer of an image upon which all other components are added.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"base point","link":"https://csrc.nist.gov/glossary/term/base_point","definitions":[{"text":"A fixed elliptic curve point that generates the group used for elliptic curve cryptography.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Base Standards","link":"https://csrc.nist.gov/glossary/term/base_standards","definitions":[{"text":"define fundamentals and generalized procedures. They provide an infrastructure that can be used by a variety of applications, each of which can make its own selection from the options offered by them.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","refSources":[{"text":"ISO/IEC TR 10000-1:1998","link":"https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html "}]}]}]},{"term":"Base Station Controller","link":"https://csrc.nist.gov/glossary/term/base_station_controller","abbrSyn":[{"text":"BSC","link":"https://csrc.nist.gov/glossary/term/bsc"}],"definitions":null},{"term":"Base Transceiver Station","link":"https://csrc.nist.gov/glossary/term/base_transceiver_station","abbrSyn":[{"text":"BTS","link":"https://csrc.nist.gov/glossary/term/bts"}],"definitions":null},{"term":"Baseboard Management Controller","link":"https://csrc.nist.gov/glossary/term/baseboard_management_controller","abbrSyn":[{"text":"BMC","link":"https://csrc.nist.gov/glossary/term/bmc"}],"definitions":null},{"term":"Basel Committee on Banking Supervision","link":"https://csrc.nist.gov/glossary/term/basel_committee_on_banking_supervision","abbrSyn":[{"text":"BCBS","link":"https://csrc.nist.gov/glossary/term/bcbs"}],"definitions":null},{"term":"baseline","link":"https://csrc.nist.gov/glossary/term/baseline","abbrSyn":[{"text":"control baseline","link":"https://csrc.nist.gov/glossary/term/control_baseline"}],"definitions":[{"text":"Hardware, software, databases, and relevant documentation for an information system at a given point in time.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item’s life cycle.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"IEEE Std. 828-2012","link":"https://standards.ieee.org/standard/828-2012.html"}]}]},{"text":"Hardware, software, databases, and relevant documentation for an information system at a given point in time.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Baseline ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Baseline ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"Hardware, software, and relevant documentation for an information system at a given point in time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See control baseline.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The set of controls that are applicable to information or an information system to meet legal, regulatory, or policy requirements, as well as address protection needs for the purpose of managing risk.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under control baseline "}]},{"text":"Predefined sets of controls specifically assembled to address the protection needs of groups, organizations, or communities of interest. See privacy control baseline or security control baseline.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under control baseline ","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under control baseline ","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"text":"The set of security and privacy controls defined for a low-impact, moderate-impact, or high-impact system or selected based on the privacy selection criteria that provide a starting point for the tailoring process.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under control baseline ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle. \nNote: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 828","link":"https://standards.ieee.org/findstds/standard/828-2012.html"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle.\nNote: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 828","link":"https://standards.ieee.org/findstds/standard/828-2012.html"}]}]}]},{"term":"baseline configuration","link":"https://csrc.nist.gov/glossary/term/baseline_configuration","abbrSyn":[{"text":"Configuration Baseline"}],"definitions":[{"text":"A documented set of specifications for a system or a configuration item within a system that has been formally reviewed and agreed on at a given point in time and which can only be changed through change control procedures.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"A documented set of specifications for a system or a configuration item within a system that has been formally reviewed and agreed upon at a given point in time, and that can only be changed through change control procedures.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Baseline Configuration "}]},{"text":"A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Baseline Configuration "}]},{"text":"See Baseline Configuration.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Baseline "}]},{"text":"A documented set of specifications for a system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - adapted"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A documented set of specifications for a system or a configuration item within a system that has been formally reviewed and agreed on at a given point in time and which can be changed only through change control procedures.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Baseline Security","link":"https://csrc.nist.gov/glossary/term/baseline_security","definitions":[{"text":"the minimum security controls required for safeguarding an IT systembased on its identified needs for confidentiality, integrity and/or availability protection.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Baselining","link":"https://csrc.nist.gov/glossary/term/baselining","definitions":[{"text":"Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]}]},{"term":"basic assessment","link":"https://csrc.nist.gov/glossary/term/basic_assessment","definitions":[{"text":"An assessment that includes only critical elements.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Basic Encoding Rules","link":"https://csrc.nist.gov/glossary/term/basic_encoding_rules","abbrSyn":[{"text":"BER","link":"https://csrc.nist.gov/glossary/term/ber"}],"definitions":null},{"term":"Basic Encoding Rules Tag-Length-Value","link":"https://csrc.nist.gov/glossary/term/basic_encoding_rules_tag_length_value","abbrSyn":[{"text":"BER-TLV","link":"https://csrc.nist.gov/glossary/term/ber_tlv"}],"definitions":null},{"term":"Basic Input/Output System (BIOS)","link":"https://csrc.nist.gov/glossary/term/basic_input_output_system","abbrSyn":[{"text":"BIOS","link":"https://csrc.nist.gov/glossary/term/bios"}],"definitions":[{"text":"In this publication, refers collectively to boot firmware based on the conventional BIOS, Extensible Firmware Interface (EFI), and the Unified Extensible Firmware Interface (UEFI).","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"}]},{"text":"Refers collectively to boot firmware based on the conventional BIOS, Extensible Firmware Interface (EFI), and the Unified Extensible Firmware Interface (UEFI).","sources":[{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"Basic Process Control System","link":"https://csrc.nist.gov/glossary/term/basic_process_control_system","abbrSyn":[{"text":"BPCS","link":"https://csrc.nist.gov/glossary/term/bpcs"}],"definitions":null},{"term":"Basic Rate","link":"https://csrc.nist.gov/glossary/term/basic_rate","abbrSyn":[{"text":"BR","link":"https://csrc.nist.gov/glossary/term/br"}],"definitions":null},{"term":"Basic Rate/Enhanced Data Rate","link":"https://csrc.nist.gov/glossary/term/basic_rate_enhanced_data_rate","abbrSyn":[{"text":"BR/EDR","link":"https://csrc.nist.gov/glossary/term/br_edr"}],"definitions":null},{"term":"Basic Service Set","link":"https://csrc.nist.gov/glossary/term/basic_service_set","abbrSyn":[{"text":"BSS","link":"https://csrc.nist.gov/glossary/term/bss"}],"definitions":null},{"term":"Basic Service Set Identifier","link":"https://csrc.nist.gov/glossary/term/basic_service_set_identifier","abbrSyn":[{"text":"BSSID","link":"https://csrc.nist.gov/glossary/term/bssid"}],"definitions":null},{"term":"basic testing","link":"https://csrc.nist.gov/glossary/term/basic_testing","abbrSyn":[{"text":"black box testing","link":"https://csrc.nist.gov/glossary/term/black_box_testing"},{"text":"Black Box Testing"}],"definitions":[{"text":"A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black box testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Basic Testing "}]},{"text":"A method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Black Box Testing "}]},{"text":"See basic testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under black box testing ","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Black Box Testing "}]}]},{"term":"Basis vector","link":"https://csrc.nist.gov/glossary/term/basis_vector","definitions":[{"text":"A vector consisting of a ―1‖ in the ithposition and ―0‖ in all of the other positions.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"bastion host","link":"https://csrc.nist.gov/glossary/term/bastion_host","definitions":[{"text":"A special purpose computer on a network where the computer is specifically designed and configured to withstand attacks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Battery Energy Storage System","link":"https://csrc.nist.gov/glossary/term/battery_energy_storage_system","abbrSyn":[{"text":"BESS","link":"https://csrc.nist.gov/glossary/term/bess"}],"definitions":null},{"term":"Battery Management System","link":"https://csrc.nist.gov/glossary/term/battery_management_system","abbrSyn":[{"text":"BMS","link":"https://csrc.nist.gov/glossary/term/bms"}],"definitions":null},{"term":"BC","link":"https://csrc.nist.gov/glossary/term/bc","abbrSyn":[{"text":"Business Continuity","link":"https://csrc.nist.gov/glossary/term/business_continuity"}],"definitions":null},{"term":"BCBS","link":"https://csrc.nist.gov/glossary/term/bcbs","abbrSyn":[{"text":"Basel Committee on Banking Supervision","link":"https://csrc.nist.gov/glossary/term/basel_committee_on_banking_supervision"}],"definitions":null},{"term":"BCD","link":"https://csrc.nist.gov/glossary/term/bcd","abbrSyn":[{"text":"Binary Coded Decimal","link":"https://csrc.nist.gov/glossary/term/binary_coded_decimal"}],"definitions":null},{"term":"BCH","link":"https://csrc.nist.gov/glossary/term/bch","abbrSyn":[{"text":"Bitcoin Cash","link":"https://csrc.nist.gov/glossary/term/bitcoin_cash"}],"definitions":null},{"term":"BCP","link":"https://csrc.nist.gov/glossary/term/bcp","abbrSyn":[{"text":"Best Current Practice","link":"https://csrc.nist.gov/glossary/term/best_current_practice"},{"text":"Business Continuity Plan"}],"definitions":null},{"term":"BD","link":"https://csrc.nist.gov/glossary/term/bd","abbrSyn":[{"text":"Becton, Dickinson and Company","link":"https://csrc.nist.gov/glossary/term/becton_dickinson_and_company"}],"definitions":[{"text":"A Blu-ray Disc(BD) hasthe same shape and size as a CD or DVD,but has a higher density and gives the option for data to be multi-layered.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"BDB","link":"https://csrc.nist.gov/glossary/term/bdb","abbrSyn":[{"text":"Biometric Data Block","link":"https://csrc.nist.gov/glossary/term/biometric_data_block"}],"definitions":null},{"term":"BDS","link":"https://csrc.nist.gov/glossary/term/bds","abbrSyn":[{"text":"Boot Device Selection","link":"https://csrc.nist.gov/glossary/term/boot_device_selection"}],"definitions":null},{"term":"beacon","link":"https://csrc.nist.gov/glossary/term/beacon","definitions":[{"text":"Initial signal by satellite conducted when first put into mission operation in order to establish communications with command and control and report initial operating status.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Bearer Assertion","link":"https://csrc.nist.gov/glossary/term/bearer_assertion","definitions":[{"text":"The assertion a party presents as proof of identity, where possession of the assertion itself is sufficient proof of identity for the assertion bearer.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An assertion that does not provide a mechanism for the Subscriber to prove that he or she is the rightful owner of the assertion. The RP has to assume that the assertion was issued to the Subscriber who presents the assertion or the corresponding assertion reference to the RP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Becton, Dickinson and Company","link":"https://csrc.nist.gov/glossary/term/becton_dickinson_and_company","abbrSyn":[{"text":"BD","link":"https://csrc.nist.gov/glossary/term/bd"}],"definitions":[{"text":"A Blu-ray Disc(BD) hasthe same shape and size as a CD or DVD,but has a higher density and gives the option for data to be multi-layered.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under BD "}]}]},{"term":"behavior","link":"https://csrc.nist.gov/glossary/term/behavior","definitions":[{"text":"The way that an entity functions as an action, reaction, or interaction.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"How a system element, system, or system of systems acts, reacts, and interacts.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 14258:1998","link":"https://www.iso.org/standard/24020.html"}]}]}]},{"term":"behavior analysis","link":"https://csrc.nist.gov/glossary/term/behavior_analysis","definitions":[{"text":"The act of examining malware interactions within its operating environment including file systems, the registry (if on Windows), the network, as well as other processes and Operating System components.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Behavior Management","link":"https://csrc.nist.gov/glossary/term/behavior_management","abbrSyn":[{"text":"Capability, Behavior Management","link":"https://csrc.nist.gov/glossary/term/capability_behavior_management"}],"definitions":[{"text":"See Capability, Behavior Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"An ISCM capability that ensures that people are aware of expected security-related behavior and are able to perform their duties to prevent advertent and inadvertent behavior that compromises information.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Behavior Management "}]}]},{"term":"Behavioral Anomaly Detection","link":"https://csrc.nist.gov/glossary/term/behavioral_anomaly_detection","abbrSyn":[{"text":"BAD","link":"https://csrc.nist.gov/glossary/term/bad"}],"definitions":[{"text":"A mechanism providing a multifaceted approach to detecting cybersecurity attacks.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NISTIR 8219","link":"https://doi.org/10.6028/NIST.IR.8219"}]}]}]},{"term":"Behavioral Outcome","link":"https://csrc.nist.gov/glossary/term/behavioral_outcome","definitions":[{"text":"what an individual who has completed the specific training module isexpected to be able to accomplish in terms of IT security-related job performance.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Benchmark","link":"https://csrc.nist.gov/glossary/term/benchmark","definitions":[{"text":"The root node of an XCCDF benchmark document; may also be the root node of an XCCDF results document (the results of evaluating the XCCDF benchmark document).","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Benchmark Consumer","link":"https://csrc.nist.gov/glossary/term/benchmark_consumer","definitions":[{"text":"A product that accepts an existing XCCDF benchmark document, processes it, and produces an XCCDF results document.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Benchmark Producer","link":"https://csrc.nist.gov/glossary/term/benchmark_producer","definitions":[{"text":"A product that generates XCCDF benchmark documents.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Bend","link":"https://csrc.nist.gov/glossary/term/bend","definitions":[{"text":"The use of a mechanicalprocess to physically transform the storage media to alter its shape and make reading the media difficult orinfeasible using state of the artlaboratory techniques.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"benign environment","link":"https://csrc.nist.gov/glossary/term/benign_environment","definitions":[{"text":"A non-hostile location protected from external hostile elements by physical, personnel, and procedural security countermeasures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"BER","link":"https://csrc.nist.gov/glossary/term/ber","abbrSyn":[{"text":"Basic Encoding Rules","link":"https://csrc.nist.gov/glossary/term/basic_encoding_rules"}],"definitions":null},{"term":"Berkeley Internet Name Domain","link":"https://csrc.nist.gov/glossary/term/berkeley_internet_name_domain","abbrSyn":[{"text":"BIND","link":"https://csrc.nist.gov/glossary/term/bind_acronym"}],"definitions":null},{"term":"Bernoulli Random Variable","link":"https://csrc.nist.gov/glossary/term/bernoulli_random_variable","definitions":[{"text":"A random variable that takes on the value of one with probability p and the value of zero with probability 1-p.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"BER-TLV","link":"https://csrc.nist.gov/glossary/term/ber_tlv","abbrSyn":[{"text":"Basic Encoding Rules Tag-Length-Value","link":"https://csrc.nist.gov/glossary/term/basic_encoding_rules_tag_length_value"}],"definitions":null},{"term":"BER-TLV Data Object","link":"https://csrc.nist.gov/glossary/term/ber_tlv_data_object","definitions":[{"text":"A data object coded according to ISO/IEC 8825-2.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"BES","link":"https://csrc.nist.gov/glossary/term/bes","abbrSyn":[{"text":"Bulk Electric System","link":"https://csrc.nist.gov/glossary/term/bulk_electric_system"}],"definitions":null},{"term":"BESS","link":"https://csrc.nist.gov/glossary/term/bess","abbrSyn":[{"text":"Battery Energy Storage System","link":"https://csrc.nist.gov/glossary/term/battery_energy_storage_system"}],"definitions":null},{"term":"Best Current Practice","link":"https://csrc.nist.gov/glossary/term/best_current_practice","abbrSyn":[{"text":"BCP","link":"https://csrc.nist.gov/glossary/term/bcp"}],"definitions":null},{"term":"Best Practice","link":"https://csrc.nist.gov/glossary/term/best_practice","definitions":[{"text":"A procedure that has been shown by research and experience to produce optimal results and that is established or proposed as a standard suitable for widespread adoption.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]}]}]},{"term":"BF","link":"https://csrc.nist.gov/glossary/term/bf","abbrSyn":[{"text":"Bugs Framework","link":"https://csrc.nist.gov/glossary/term/bugs_framework"}],"definitions":null},{"term":"BFT","link":"https://csrc.nist.gov/glossary/term/bft","abbrSyn":[{"text":"Byzantine Fault Tolerant","link":"https://csrc.nist.gov/glossary/term/byzantine_fault_tolerant"}],"definitions":null},{"term":"BGF","link":"https://csrc.nist.gov/glossary/term/bgf","abbrSyn":[{"text":"Black-Gray-Flip","link":"https://csrc.nist.gov/glossary/term/black_gray_flip"}],"definitions":null},{"term":"BGP","link":"https://csrc.nist.gov/glossary/term/bgp","abbrSyn":[{"text":"Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol"}],"definitions":[{"text":"The Border Gateway Protocol is a protocol designed by the Internet Engineering Task Force (IETF) to exchange routing information between autonomous systems.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Border Gateway Protocol "}]}]},{"term":"BGP Monitoring Protocol","link":"https://csrc.nist.gov/glossary/term/bgp_monitoring_protocol","abbrSyn":[{"text":"BMP","link":"https://csrc.nist.gov/glossary/term/bmp"}],"definitions":null},{"term":"BGP Origin Validation","link":"https://csrc.nist.gov/glossary/term/bgp_origin_validation","abbrSyn":[{"text":"BGP-OV","link":"https://csrc.nist.gov/glossary/term/bgp_ov"}],"definitions":[{"text":"BGP Origin Validation specifies a mechanism described in RFC 6811 where a BGP router can verify if a particular prefix was allowed to be announced by the route's originator.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"BGP Path Validation","link":"https://csrc.nist.gov/glossary/term/bgp_path_validation","abbrSyn":[{"text":"BGP-PV","link":"https://csrc.nist.gov/glossary/term/bgp_pv"}],"definitions":[{"text":"BGP Path Validation specifies a mechanism described in RFC 8205 that allows verifying a path an UPDATE traversed by verifying the validity of the signatures over the relevant data.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"BGP Peer","link":"https://csrc.nist.gov/glossary/term/bgp_peer","definitions":[{"text":"A router running the BGP protocol that has an established BGP session active.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"BGP Secure Routing Extension","link":"https://csrc.nist.gov/glossary/term/bgp_secure_routing_extension","abbrSyn":[{"text":"BGP-SRx","link":"https://csrc.nist.gov/glossary/term/bgp_srx"}],"definitions":[{"text":"BGP Secure Routing Extension consisting of multiple software modules that implement Route Origin Validation as well as BGPsec Path Validation.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"BGP security extension","link":"https://csrc.nist.gov/glossary/term/bgp_security_extension","abbrSyn":[{"text":"BGPsec","link":"https://csrc.nist.gov/glossary/term/bgpsec"}],"definitions":[{"text":"Security extension to the BGP protocol. It allows to digitally sign path information that can be independently verified and therefore eliminate the possibility to alter path information without notice.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"BGP Session","link":"https://csrc.nist.gov/glossary/term/bgp_session","definitions":[{"text":"A TCP session in which both ends are operating BGP and have successfully processed an OPEN message from the other end.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"BGP Speaker","link":"https://csrc.nist.gov/glossary/term/bgp_speaker","definitions":[{"text":"Any router running the BGP protocol.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"BGP-4","link":"https://csrc.nist.gov/glossary/term/bgp_4","abbrSyn":[{"text":"Border Gateway Protocol 4","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_4"}],"definitions":null},{"term":"BGP-OV","link":"https://csrc.nist.gov/glossary/term/bgp_ov","abbrSyn":[{"text":"BGP Origin Validation","link":"https://csrc.nist.gov/glossary/term/bgp_origin_validation"}],"definitions":[{"text":"BGP Origin Validation specifies a mechanism described in RFC 6811 where a BGP router can verify if a particular prefix was allowed to be announced by the route's originator.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under BGP Origin Validation "}]}]},{"term":"BGP-PV","link":"https://csrc.nist.gov/glossary/term/bgp_pv","abbrSyn":[{"text":"BGP Path Validation","link":"https://csrc.nist.gov/glossary/term/bgp_path_validation"},{"text":"BGPsec Path Validation","link":"https://csrc.nist.gov/glossary/term/bgpsec_path_validation"}],"definitions":[{"text":"BGP Path Validation specifies a mechanism described in RFC 8205 that allows verifying a path an UPDATE traversed by verifying the validity of the signatures over the relevant data.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under BGP Path Validation "}]}]},{"term":"BGPsec","link":"https://csrc.nist.gov/glossary/term/bgpsec","abbrSyn":[{"text":"BGP security extension","link":"https://csrc.nist.gov/glossary/term/bgp_security_extension"},{"text":"Border Gateway Protocol Security","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_security"},{"text":"Border Gateway Protocol with Security Extensions","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_with_security_extensions"}],"definitions":[{"text":"Security extension to the BGP protocol. It allows to digitally sign path information that can be independently verified and therefore eliminate the possibility to alter path information without notice.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under BGP security extension "}]}]},{"term":"BGPsec Input-Output","link":"https://csrc.nist.gov/glossary/term/bgpsec_input_output","abbrSyn":[{"text":"BIO","link":"https://csrc.nist.gov/glossary/term/bio"}],"definitions":[{"text":"BGPsec Input-Output (BIO) enables the generation and storage of precomputed reproducible BGPsec traffic for testing purposes.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"BGPsec Path Validation","link":"https://csrc.nist.gov/glossary/term/bgpsec_path_validation","abbrSyn":[{"text":"BGP-PV","link":"https://csrc.nist.gov/glossary/term/bgp_pv"}],"definitions":null},{"term":"BGPSEC-IO","link":"https://csrc.nist.gov/glossary/term/bgpsec_io","abbrSyn":[{"text":"BIO","link":"https://csrc.nist.gov/glossary/term/bio"}],"definitions":null},{"term":"BGPsec-IO traffic generator","link":"https://csrc.nist.gov/glossary/term/bgpsec_io_traffic_generator","abbrSyn":[{"text":"BIO","link":"https://csrc.nist.gov/glossary/term/bio"}],"definitions":null},{"term":"BGP-SRx","link":"https://csrc.nist.gov/glossary/term/bgp_srx","abbrSyn":[{"text":"BGP Secure Routing Extension","link":"https://csrc.nist.gov/glossary/term/bgp_secure_routing_extension"},{"text":"Border Gateway Protocol Secure Routing Extension","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_secure_routing_extension"}],"definitions":[{"text":"BGP Secure Routing Extension consisting of multiple software modules that implement Route Origin Validation as well as BGPsec Path Validation.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under BGP Secure Routing Extension "}]}]},{"term":"BIA","link":"https://csrc.nist.gov/glossary/term/bia","abbrSyn":[{"text":"Business Impact Analysis"},{"text":"Business Impact Assessment"}],"definitions":null},{"term":"Bias","link":"https://csrc.nist.gov/glossary/term/bias","definitions":[{"text":"With respect to the uniform distribution on \\([0,n-1]\\), the bias is defined to be the maximum value of \\(\\{probability(S) - (\\frac{|S|}{n})\\}\\) taken over all subsets \\(S\\) of \\([0,n-1]\\). This measures the maximum advantage that an adversary has in predicting any event.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Biased","link":"https://csrc.nist.gov/glossary/term/biased","definitions":[{"text":"A value that is chosen from a sample space is said to be biased if one value is more likely to be chosen than another value. Contrast with unbiased.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A value that is chosen from an alphabet space is said to be biased if one value is more likely to be chosen than another value. (Contrast with unbiased.)","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"bi-directional (CDS)","link":"https://csrc.nist.gov/glossary/term/bi_directional","definitions":[{"text":"A cross domain device or system with the capability to provide both the transmission and reception of information or data between two or more different security domains (e.g., between TS/SCI and Secret or Secret and Unclassified).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"bidirectional authentication","link":"https://csrc.nist.gov/glossary/term/bidirectional_authentication","abbrSyn":[{"text":"mutual authentication","link":"https://csrc.nist.gov/glossary/term/mutual_authentication"}],"definitions":[{"text":"The process of both entities involved in a transaction verifying each other. See bidirectional authentication.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under mutual authentication ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under mutual authentication "}]},{"text":"The process of both entities involved in a transaction verifying each other.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under mutual authentication "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under mutual authentication "}]},{"text":"Two parties authenticating each other at the same time. Also known as mutual authentication or two-way authentication.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"Big-endian","link":"https://csrc.nist.gov/glossary/term/big_endian","definitions":[{"text":"

The property of a byte string having its bytes positioned in order of decreasing significance. In particular, the leftmost (first) byte is the most significant (containing the most significant eight bits of the corresponding bit string), and the rightmost (last) byte is the least significant (containing the least significant eight bits of the corresponding bit string). 

For the purposes of this Recommendation, it is assumed that the bits within each byte of a big-endian byte string are also positioned in order of decreasing significance (beginning with the most significant bit in the leftmost position and ending with the least significant bit in the rightmost position).

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"The property of a byte string having its bytes positioned in order of decreasing significance. In particular, the leftmost (first) byte is the most significant byte (containing the most significant eight bits of the corresponding bit string) and the rightmost (last) byte is the least significant byte (containing the least significant eight bits of the corresponding bit string). For purposes of this Recommendation, it is assumed that the bits within each byte of a big-endian byte string are aslo positioned in order of decreasing significance (beginning with the most significant bit in the leftmost position and ending the the least significant bit in the rightmost position).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Binary Coded Decimal","link":"https://csrc.nist.gov/glossary/term/binary_coded_decimal","abbrSyn":[{"text":"BCD","link":"https://csrc.nist.gov/glossary/term/bcd"}],"definitions":null},{"term":"binary label","link":"https://csrc.nist.gov/glossary/term/binary_label","abbrSyn":[{"text":"seal of approval","link":"https://csrc.nist.gov/glossary/term/seal_of_approval"}],"definitions":[{"text":"A single label indicating a product has met a baseline standard.","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1"}]}]},{"term":"Binary Large Object","link":"https://csrc.nist.gov/glossary/term/binary_large_object","abbrSyn":[{"text":"BLOB","link":"https://csrc.nist.gov/glossary/term/blob"}],"definitions":null},{"term":"Binary Sequence","link":"https://csrc.nist.gov/glossary/term/binary_sequence","definitions":[{"text":"A sequence of zeroes and ones.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Bind","link":"https://csrc.nist.gov/glossary/term/bind","definitions":[{"text":"To deterministically transform a logical construct into a machine-readable representation suitable for machine interchange and processing. The result of this transformation is called a binding. A binding may also be referred to as the “bound form” of its associated logical construct.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695"}]}]},{"term":"BIND","link":"https://csrc.nist.gov/glossary/term/bind_acronym","abbrSyn":[{"text":"Berkeley Internet Name Domain","link":"https://csrc.nist.gov/glossary/term/berkeley_internet_name_domain"}],"definitions":null},{"term":"binding","link":"https://csrc.nist.gov/glossary/term/binding","definitions":[{"text":"Process of associating two related elements of information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Binding ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"Assurance of the integrity of an asserted relationship between items of information that is provided by cryptographic means. Also see Trusted association.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Binding "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Binding "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Binding "}]},{"text":"An association between a subscriber identity and an authenticator or given subscriber session.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Binding "}]}],"seeAlso":[{"text":"Trusted association","link":"trusted_association"}]},{"term":"Binding Operational Directive","link":"https://csrc.nist.gov/glossary/term/binding_operational_directive","abbrSyn":[{"text":"BOD","link":"https://csrc.nist.gov/glossary/term/bod"}],"definitions":null},{"term":"Binomial Distribution","link":"https://csrc.nist.gov/glossary/term/binomial_distribution","definitions":[{"text":"A random variable is binomially distributed if there is an integer n and a probability p such that the random variable is the number of successes in n independent Bernoulli experiments, where the probability of success in a single experiment is p. In a Bernoulli experiment, there are only two possible outcomes.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"BIO","link":"https://csrc.nist.gov/glossary/term/bio","abbrSyn":[{"text":"BGPsec Input-Output","link":"https://csrc.nist.gov/glossary/term/bgpsec_input_output"},{"text":"BGPSEC-IO","link":"https://csrc.nist.gov/glossary/term/bgpsec_io"},{"text":"BGPsec-IO traffic generator","link":"https://csrc.nist.gov/glossary/term/bgpsec_io_traffic_generator"}],"definitions":[{"text":"BGPsec Input-Output (BIO) enables the generation and storage of precomputed reproducible BGPsec traffic for testing purposes.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under BGPsec Input-Output "}]}]},{"term":"BioCTS","link":"https://csrc.nist.gov/glossary/term/biocts","abbrSyn":[{"text":"Biometric Conformance Test Software","link":"https://csrc.nist.gov/glossary/term/biometric_conformance_test_software"}],"definitions":null},{"term":"Bioeconomy Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/bioeconomy_isac","abbrSyn":[{"text":"BIO-ISAC","link":"https://csrc.nist.gov/glossary/term/bio_isac"}],"definitions":null},{"term":"BIO-ISAC","link":"https://csrc.nist.gov/glossary/term/bio_isac","abbrSyn":[{"text":"Bioeconomy Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/bioeconomy_isac"}],"definitions":null},{"term":"biometric","link":"https://csrc.nist.gov/glossary/term/biometric","definitions":[{"text":"1. Measurable physical characteristics or personal behavioral traits used to identify, or verify the claimed identity of, an individual. Facial images, fingerprints, and handwriting samples are all examples of biometrics.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23","note":" - Adapted"}]}]},{"text":"2. A physical or behavioral characteristic of a human being.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A physical or behavioral characteristic of a human being.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Biometric "}]},{"text":"A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an Applicant. Facial images, fingerprints, and iriscan samples are all examples of biometrics.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Biometric "}]}]},{"term":"Biometric Authentication (BIO, BIO-A)","link":"https://csrc.nist.gov/glossary/term/biometric_authentication","definitions":[{"text":"A form of authentication in which authenticity is established by biometric verification of a new biometric sample from a cardholder to a biometric data record read from the cardholder’s activated PIV Card. In BIO, the biometric sample may be captured from the cardholder in isolation, while in BIO-A, an attendant must oversee the process of biometric capture.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Biometric Capture Device","link":"https://csrc.nist.gov/glossary/term/biometric_capture_device","definitions":[{"text":"Device that collects a signal from a biometric characteristic and converts it to a captured biometric sample.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html"}]}]}]},{"term":"Biometric Characteristic","link":"https://csrc.nist.gov/glossary/term/biometric_characteristic","definitions":[{"text":"Biological attribute of an individual from which distinctive and repeatable values can be extracted for the purpose of automated recognition. Fingerprint ridge structure and face topography are examples of biometric characteristics.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]}]},{"term":"Biometric Conformance Test Software","link":"https://csrc.nist.gov/glossary/term/biometric_conformance_test_software","abbrSyn":[{"text":"BioCTS","link":"https://csrc.nist.gov/glossary/term/biocts"}],"definitions":null},{"term":"Biometric Data","link":"https://csrc.nist.gov/glossary/term/biometric_data","definitions":[{"text":"Biological attribute of an individual from which distinctive and repeatable values can be extracted for the purpose of automated recognition. Fingerprint ridge structure and face topography are examples of biometric characteristics.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html"}]}]}]},{"term":"Biometric Data Block","link":"https://csrc.nist.gov/glossary/term/biometric_data_block","abbrSyn":[{"text":"BDB","link":"https://csrc.nist.gov/glossary/term/bdb"}],"definitions":null},{"term":"Biometric Data Record","link":"https://csrc.nist.gov/glossary/term/biometric_data_record","definitions":[{"text":"Biometric sample or aggregation of biometric samples at any stage of processing.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]}]},{"term":"Biometric Information Template","link":"https://csrc.nist.gov/glossary/term/biometric_information_template","abbrSyn":[{"text":"BIT"}],"definitions":[{"text":"Biometric Information Template – a [CARD-BIO] data structure indicating Card capability","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under BIT "}]}]},{"term":"Biometric On-Card Comparison (OCC)","link":"https://csrc.nist.gov/glossary/term/biometric_on_card_comparison","definitions":[{"text":"A one-to-one comparison of fingerprint biometric data records transmitted to the PIV Card with a biometric reference previously stored on the PIV Card. In this Standard, OCC is used as a means of performing card activation and as part of Biometric On- Card Comparison Authentication (OCC-AUTH).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Biometric On-Card Comparison Authentication (OCC-AUTH)","link":"https://csrc.nist.gov/glossary/term/biometric_on_card_comparison_authentication","definitions":[{"text":"An authentication mechanism where biometric on-card comparison (OCC) is used instead of a PIN to activate a PIV Card for authentication.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Biometric Verification","link":"https://csrc.nist.gov/glossary/term/biometric_verification","definitions":[{"text":"Automated process of confirming a biometric claim through biometric comparison.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]}]},{"term":"Biometric Verification Decision","link":"https://csrc.nist.gov/glossary/term/biometric_verification_decision","definitions":[{"text":"A determination of whether biometric probe(s) and biometric reference(s) have the same biometric source based on comparison score(s) during a biometric verification transaction.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]}]},{"term":"Biometrics","link":"https://csrc.nist.gov/glossary/term/biometrics","definitions":[{"text":"A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","refSources":[{"text":"FIPS 201"}]}]},{"text":"Automated recognition of individuals based on their biological and behavioral characteristics.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The science and technology of measuring and statistically analyzing biological data. In information technology, biometrics usually refers to automated technologies for authenticating and verifying human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]},{"text":"Automated recognition of individuals based on their behavioral and biological characteristics. \nIn this document, biometrics may be used to unlock authentication tokens and prevent repudiation of registration.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"BIOS","link":"https://csrc.nist.gov/glossary/term/bios","abbrSyn":[{"text":"Basic Input/Output System"}],"definitions":null},{"term":"BIP","link":"https://csrc.nist.gov/glossary/term/bip","abbrSyn":[{"text":"Broadcast Integrity Protocol","link":"https://csrc.nist.gov/glossary/term/broadcast_integrity_protocol"}],"definitions":null},{"term":"bit","link":"https://csrc.nist.gov/glossary/term/bit","abbrSyn":[{"text":"Biometric Information Template","link":"https://csrc.nist.gov/glossary/term/biometric_information_template"}],"definitions":[{"text":"A binary digit having a value of 0 or 1.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Bit ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"A binary digit:0or1.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under Bit "}]},{"text":"A binary digit: 0 or 1.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Bit "},{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Bit "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Bit "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Bit "},{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]","underTerm":" under Bit "}]},{"text":"A binary digit:0 or1.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Bit "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"A binary digit having a value of zero or one.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Bit "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Bit "}]},{"text":"Biometric Information Template – a [CARD-BIO] data structure indicating Card capability","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under BIT "}]}]},{"term":"Bit Error","link":"https://csrc.nist.gov/glossary/term/bit_error","definitions":[{"text":"The substitution of a ‘0’ bit for a ‘1’ bit, or vice versa.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"bit error rate","link":"https://csrc.nist.gov/glossary/term/bit_error_rate","definitions":[{"text":"Ratio between the number of bits incorrectly received and the total number of bits transmitted through a communications channel. Also applies to storage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Bit Length","link":"https://csrc.nist.gov/glossary/term/bit_length","definitions":[{"text":"The number of bits in a bit string (e.g., the bit length of the string 0110010101000011 is sixteen bits). The bit length of the empty (i.e., null) string is zero.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Bit length "}]},{"text":"The number of bits in a bit string.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The length in bits of a bit string.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Bit length "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Bit length "}]},{"text":"A positive integer that expresses the number of bits in a bit string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Bit length "}]}]},{"term":"Bit Stream Imaging","link":"https://csrc.nist.gov/glossary/term/bit_stream_imaging","definitions":[{"text":"A bit-for-bit copy of the original media, including free space and slack space.\nAlso known as disk imaging.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"bit string","link":"https://csrc.nist.gov/glossary/term/bit_string","definitions":[{"text":"An ordered sequence of bits (represented as 0s and 1s). Unless otherwise stated in this document, bit strings are depicted as beginning with their most significant bit (shown in the leftmost position) and ending with their least significant bit (shown in the rightmost position). For example, the most significant (leftmost) bit of 0101 is 0, and its least significant (rightmost) bit is 1. If interpreted as the 4-bit binary representation of an unsigned integer, 0101 corresponds to the number five.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Bit string "}]},{"text":"An ordered sequence of zeros and ones. The leftmost bit is the most significant bit of the string. The rightmost bit is the least significant bit of the string.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Bit string "}]},{"text":"An ordered sequence of 0 and 1 bits. In this Recommendation, the leftmost bit is the most significant bit of the string. The rightmost bit is the least significant bit of the string.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Bit string "}]},{"text":"An ordered sequence of 0 and 1 bits.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Bit string "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Bit string "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Bit string "}]},{"text":"A sequence of bits.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Bit String "}]},{"text":"An ordered sequence of 0’s and 1’s.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Bit String "},{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Bit string "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Bit string "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Bit string "}]},{"text":"A finite, ordered sequence of bits.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Bit String "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Bit String "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"An ordered sequence of bits.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Bit String "}]},{"text":"An ordered sequence of 0’s and 1’s. Also known as a binary string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Bit string "}]}]},{"term":"Bitcoin","link":"https://csrc.nist.gov/glossary/term/bitcoin","abbrSyn":[{"text":"BTC","link":"https://csrc.nist.gov/glossary/term/btc"}],"definitions":null},{"term":"Bitcoin Cash","link":"https://csrc.nist.gov/glossary/term/bitcoin_cash","abbrSyn":[{"text":"BCH","link":"https://csrc.nist.gov/glossary/term/bch"}],"definitions":null},{"term":"Bitcoin Request for Comment","link":"https://csrc.nist.gov/glossary/term/bitcoin_request_for_comment","abbrSyn":[{"text":"BRC","link":"https://csrc.nist.gov/glossary/term/brc"}],"definitions":null},{"term":"Bitstring","link":"https://csrc.nist.gov/glossary/term/bitstring","abbrSyn":[{"text":"String","link":"https://csrc.nist.gov/glossary/term/string"}],"definitions":[{"text":"An ordered sequence (string) of 0s and 1s. The leftmost bit is the most significant bit.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]},{"text":"A sequence of bits.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under String "}]},{"text":"A bitstring is an ordered sequence of 0’s and 1’s.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"See Bitstring.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under String "}]},{"text":"An ordered sequence of 0’s and 1’s. The leftmost bit is the most significant bit.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Bitwise Exclusive-Or","link":"https://csrc.nist.gov/glossary/term/bitwise_exclusive_or","definitions":[{"text":"An operation on two bitstrings of equal length that combines corresponding bits of each bitstring using an exclusive-or operation.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"BKZ","link":"https://csrc.nist.gov/glossary/term/bkz","abbrSyn":[{"text":"Block Korkine-Zolotarev algorithm","link":"https://csrc.nist.gov/glossary/term/block_korkine_zolotarev_algorithm"}],"definitions":null},{"term":"BLACK","link":"https://csrc.nist.gov/glossary/term/black","definitions":[{"text":"Designation applied to information systems, and to associated areas, circuits, components, and equipment, in which national security information is encrypted or is not processed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm","note":" - Adapted"},{"text":"NSTISSI No. 7002","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Designation applied to encrypted information and the information systems, the associated areas, circuits, components, and equipment processing that information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"cipher text","link":"cipher_text"},{"text":"ciphertext","link":"ciphertext"},{"text":"RED","link":"red"}]},{"term":"black box testing","link":"https://csrc.nist.gov/glossary/term/black_box_testing","abbrSyn":[{"text":"basic testing","link":"https://csrc.nist.gov/glossary/term/basic_testing"},{"text":"Basic Testing"}],"definitions":[{"text":"A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under basic testing "}]},{"text":"A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black box testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under basic testing ","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Basic Testing "}]},{"text":"A method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Black Box Testing "}]},{"text":"See basic testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Black Box Testing "}]}]},{"term":"black core","link":"https://csrc.nist.gov/glossary/term/black_core","abbrSyn":[{"text":"black transport","link":"https://csrc.nist.gov/glossary/term/black_transport"}],"definitions":[{"text":"A network environment (point-to-point and multi-point) supporting end-to-end encrypted information at a single classification level; networks within the environment are segmented by network technology with inspection points at the perimeter, boundary, or gateway. Encrypted traffic is routed, switched, or forwarded over an unclassified or untrusted network infrastructure."},{"text":"A communication network architecture in which user data traversing a global internet protocol (IP) network is end-to-end encrypted at the IP layer. Related to striped core.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"BLACK data","link":"https://csrc.nist.gov/glossary/term/black_data","definitions":[{"text":"Data that is protected by encryption so that it can be transported or stored without fear of compromise. Also known as encrypted data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"RED key","link":"red_key"}]},{"term":"Black-Gray-Flip","link":"https://csrc.nist.gov/glossary/term/black_gray_flip","abbrSyn":[{"text":"BGF","link":"https://csrc.nist.gov/glossary/term/bgf"}],"definitions":null},{"term":"blacklist","link":"https://csrc.nist.gov/glossary/term/blacklist","abbrSyn":[{"text":"dirty word list","link":"https://csrc.nist.gov/glossary/term/dirty_word_list"}],"definitions":[{"text":"A list of discrete entities that have been previously determined to be associated with malicious activity.","sources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167"}]},{"text":"A list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications, that have been previously determined to be associated with malicious activity. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]},{"text":"List of words that have been pre-defined as being unacceptable for transmission and may be used in conjunction with a clean word list to avoid false negatives (e.g., secret within secretary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under dirty word list "}]},{"text":"A list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Blacklist ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]},{"text":"A list of email senders who have previously sent spam to a user.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Blacklist "}]}]},{"term":"blacklisting","link":"https://csrc.nist.gov/glossary/term/blacklisting","definitions":[{"text":"A process used to identify software programs that are not authorized to execute on a system or prohibited Universal Resource Locators (URL)/websites.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"The process used to identify: (i) software programs that are not authorized to execute on an information system; or (ii) prohibited universal resource locators (URL)/websites.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Blacklisting "}]}]},{"term":"BLE","link":"https://csrc.nist.gov/glossary/term/ble","abbrSyn":[{"text":"Bluetooth Low Energy","link":"https://csrc.nist.gov/glossary/term/bluetooth_low_energy"}],"definitions":null},{"term":"blended attack","link":"https://csrc.nist.gov/glossary/term/blended_attack","definitions":[{"text":"Deliberate, aggressive action that causes harm to both cyber and physical systems."},{"text":"A type of attack that combines multiple attack methods against one or more vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"BLOB","link":"https://csrc.nist.gov/glossary/term/blob","abbrSyn":[{"text":"Binary Large Object","link":"https://csrc.nist.gov/glossary/term/binary_large_object"}],"definitions":null},{"term":"block","link":"https://csrc.nist.gov/glossary/term/block","definitions":[{"text":"A sequence of bits of a given fixed length. In this Standard, blocks consist of 128 bits, sometimes represented as arrays of bytes or words.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]","underTerm":" under Block "}]},{"text":"A binary vector. In this document, the input and output of encryption and decryption operation are 64-bit block. The bits are numbered from left to right. The plaintext and ciphertext are segmented to k-bit blocks, k = 1, 8, 64.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Block "}]},{"text":"A subset of a bit string. A block has a predetermined length.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Block "}]},{"text":"For a given block cipher, a bit string whose length is the block size of the block cipher.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Block "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Block "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"A bit string whose length is the block size of the block cipher algorithm.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Block "}]},{"text":"In this Recommendation, a binary string, for example, a plaintext or a ciphertext, is segmented with a given length. Each segment is called a block. Data is processed block by block, from left to right.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Block "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Block "}]},{"text":"A data structure containing a block header and block data.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Block "}]}]},{"term":"block cipher","link":"https://csrc.nist.gov/glossary/term/block_cipher","definitions":[{"text":"A family of permutations of blocks that is parameterized by the key.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]","underTerm":" under Block cipher "}]},{"text":"An invertible symmetric-key cryptographic algorithm that operates on fixed-length blocks of input using a secret key and an unvarying transformation algorithm. The resulting output block is the same length as the input block.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Block cipher "}]},{"text":"A family of functions and their inverse functions that is parameterized by cryptographic keys; the functions map bit strings of a fixed length to bit strings of the same length.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Block cipher "},{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Block Cipher "}]},{"text":"An algorithm for a parameterized family of permutations on bit strings of a fixed length.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Block Cipher "}]},{"text":"A parameterized family of permutations on bit strings of a fixed length; the parameter that determines the permutation is a bit string called the key.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Block Cipher "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"A symmetric-key cryptographic algorithm that transforms one block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Block Cipher "}]}]},{"term":"Block Cipher Algorithm","link":"https://csrc.nist.gov/glossary/term/block_cipher_algorithm","definitions":[{"text":"A family of functions and their inverse functions that is parameterized by cryptographic keys; the functions map bit strings of a fixed length to bit strings of the same length.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Block cipher algorithm "}]},{"text":"A family of functions and their inverses that is parameterized by cryptographic keys; the functions map bit strings of a fixed length to bit strings of the same length.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]},{"text":"A symmetric-key cryptographic algorithm that transforms one block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Block cipher (algorithm) "}]}]},{"term":"block cipher mode of operation","link":"https://csrc.nist.gov/glossary/term/block_cipher_mode_of_operation","abbrSyn":[{"text":"mode"}],"definitions":[{"text":"An algorithm for the cryptographic transformation of data that is based on a block cipher.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"See “block cipher mode of operation.”","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under mode "}]}]},{"term":"Block Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/block_cipher_based_message_authentication_code","abbrSyn":[{"text":"CMAC","link":"https://csrc.nist.gov/glossary/term/cmac"}],"definitions":[{"text":"Cipher-based Message Authentication Code (as specified in NIST SP 800-38B).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under CMAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under CMAC "}]}]},{"term":"Block data","link":"https://csrc.nist.gov/glossary/term/block_data","definitions":[{"text":"The portion of a block that contains a set of validated transactions and ledger events.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Block Frequency Test","link":"https://csrc.nist.gov/glossary/term/block_frequency_test","definitions":[{"text":"The purpose of the block frequency test is to determine whether the number of ones and zeros in each of M non-overlapping blocks created from a sequence appear to have a random distribution.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Block header","link":"https://csrc.nist.gov/glossary/term/block_header","definitions":[{"text":"The portion of a block that contains information about the block itself (block metadata), typically including a timestamp, a hash representation of the block data, the hash of the previous block’s header, and a cryptographic nonce (if needed).","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Block Korkine-Zolotarev algorithm","link":"https://csrc.nist.gov/glossary/term/block_korkine_zolotarev_algorithm","abbrSyn":[{"text":"BKZ","link":"https://csrc.nist.gov/glossary/term/bkz"}],"definitions":null},{"term":"Block reward","link":"https://csrc.nist.gov/glossary/term/block_reward","definitions":[{"text":"A reward (typically cryptocurrency) awarded to publishing nodes for successfully adding a block to the blockchain.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"block size","link":"https://csrc.nist.gov/glossary/term/block_size","definitions":[{"text":"The number of bits in an input (or output) block of the block cipher.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Block Size "}]},{"text":"For a given block cipher, the fixed length of the input (or output) bit strings.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Block Size "}]},{"text":"The bit length of an input (or output) block of the block cipher.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Block Size "}]},{"text":"For a given block cipher and key, the fixed length of the input (or output) bit strings.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Block Size "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Blockchain Explorer","link":"https://csrc.nist.gov/glossary/term/blockchain_explorer","definitions":[{"text":"A software for visualizing blocks, transactions, and blockchain network metrics (e.g., average transaction fees, hashrates, block size, block difficulty).","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Blockchain implementation","link":"https://csrc.nist.gov/glossary/term/blockchain_implementation","definitions":[{"text":"a specific blockchain.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Blockchain network","link":"https://csrc.nist.gov/glossary/term/blockchain_network","definitions":[{"text":"the network in which a blockchain is being used.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Blockchain network user","link":"https://csrc.nist.gov/glossary/term/blockchain_network_user","definitions":[{"text":"Any single person, group, business, or organization which is using or operating a blockchain node.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Blockchain Subnetwork","link":"https://csrc.nist.gov/glossary/term/blockchain_subnetwork","definitions":[{"text":"A blockchain network that is tightly coupled with one or more other blockchain networks, as found in sharding.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Blockchain technology","link":"https://csrc.nist.gov/glossary/term/blockchain_technology","definitions":[{"text":"a term to describe the technology in the most generic form.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"BLSR","link":"https://csrc.nist.gov/glossary/term/blsr","abbrSyn":[{"text":"Baseline Security Requirement","link":"https://csrc.nist.gov/glossary/term/baseline_security_requirement"},{"text":"Baseline Security Requirements"}],"definitions":null},{"term":"blue team","link":"https://csrc.nist.gov/glossary/term/blue_team","definitions":[{"text":"The group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's CS readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Bluetooth","link":"https://csrc.nist.gov/glossary/term/bluetooth","definitions":[{"text":"A wireless protocol that allows two similarly equipped devices to communicate with each other within a short distance (e.g., 30 ft.).","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A wireless protocol that allows two Bluetooth enabled devices to communicate with each other within a short distance (e.g., 30 ft.).","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Bluetooth Low Energy","link":"https://csrc.nist.gov/glossary/term/bluetooth_low_energy","abbrSyn":[{"text":"BLE","link":"https://csrc.nist.gov/glossary/term/ble"}],"definitions":null},{"term":"BMA","link":"https://csrc.nist.gov/glossary/term/bma","abbrSyn":[{"text":"Business Mission Area","link":"https://csrc.nist.gov/glossary/term/business_mission_area"}],"definitions":null},{"term":"BMC","link":"https://csrc.nist.gov/glossary/term/bmc","abbrSyn":[{"text":"Baseboard Management Controller","link":"https://csrc.nist.gov/glossary/term/baseboard_management_controller"},{"text":"Board Management Controller","link":"https://csrc.nist.gov/glossary/term/board_management_controller"}],"definitions":null},{"term":"BMP","link":"https://csrc.nist.gov/glossary/term/bmp","abbrSyn":[{"text":"BGP Monitoring Protocol","link":"https://csrc.nist.gov/glossary/term/bgp_monitoring_protocol"}],"definitions":null},{"term":"BMS","link":"https://csrc.nist.gov/glossary/term/bms","abbrSyn":[{"text":"Battery Management System","link":"https://csrc.nist.gov/glossary/term/battery_management_system"},{"text":"Building Management Systems","link":"https://csrc.nist.gov/glossary/term/building_management_systems"}],"definitions":null},{"term":"BNA","link":"https://csrc.nist.gov/glossary/term/bna","abbrSyn":[{"text":"Broad Network Access"}],"definitions":null},{"term":"Board Management Controller","link":"https://csrc.nist.gov/glossary/term/board_management_controller","abbrSyn":[{"text":"BMC","link":"https://csrc.nist.gov/glossary/term/bmc"}],"definitions":null},{"term":"BOD","link":"https://csrc.nist.gov/glossary/term/bod","abbrSyn":[{"text":"Binding Operational Directive","link":"https://csrc.nist.gov/glossary/term/binding_operational_directive"}],"definitions":null},{"term":"Body","link":"https://csrc.nist.gov/glossary/term/body","definitions":[{"text":"The section of an email message that contains the actual content of the message.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"body of evidence","link":"https://csrc.nist.gov/glossary/term/body_of_evidence","abbrSyn":[{"text":"BoE","link":"https://csrc.nist.gov/glossary/term/boe"}],"definitions":[{"text":"The set of data that documents the information system’s adherence to the security controls applied.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The totality of evidence used to substantiate trust, trustworthiness, and risk relative to the system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"BoE","link":"https://csrc.nist.gov/glossary/term/boe","abbrSyn":[{"text":"Body of Evidence"}],"definitions":null},{"term":"BOF","link":"https://csrc.nist.gov/glossary/term/bof","abbrSyn":[{"text":"Buffer Overflow"}],"definitions":[{"text":"A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Adversaries exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Buffer Overflow ","refSources":[{"text":"NIST SP 800-28","link":"https://doi.org/10.6028/NIST.SP.800-28"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Buffer Overflow ","refSources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]}]},{"text":"A condition at an interface under which more input can be placed into a buffer or data holding area than the intended capacity allocated (due to insecure or unbound allocation parameters), which overwrites other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Buffer Overflow "}]}]},{"term":"BOG","link":"https://csrc.nist.gov/glossary/term/bog","abbrSyn":[{"text":"Boil-Off Gas","link":"https://csrc.nist.gov/glossary/term/boil_off_gas"}],"definitions":null},{"term":"Boil-Off Gas","link":"https://csrc.nist.gov/glossary/term/boil_off_gas","abbrSyn":[{"text":"BOG","link":"https://csrc.nist.gov/glossary/term/bog"}],"definitions":null},{"term":"Boot Device Selection","link":"https://csrc.nist.gov/glossary/term/boot_device_selection","abbrSyn":[{"text":"BDS","link":"https://csrc.nist.gov/glossary/term/bds"}],"definitions":null},{"term":"Bootstrapping Remote Security Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/bootstrapping_remote_security_key_infrastructure","abbrSyn":[{"text":"BRSKI","link":"https://csrc.nist.gov/glossary/term/brski"}],"definitions":null},{"term":"Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol","abbrSyn":[{"text":"BGP","link":"https://csrc.nist.gov/glossary/term/bgp"}],"definitions":[{"text":"The Border Gateway Protocol is a protocol designed by the Internet Engineering Task Force (IETF) to exchange routing information between autonomous systems.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"Border Gateway Protocol 4","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_4","abbrSyn":[{"text":"BGP-4","link":"https://csrc.nist.gov/glossary/term/bgp_4"}],"definitions":null},{"term":"Border Gateway Protocol Secure Routing Extension","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_secure_routing_extension","abbrSyn":[{"text":"BGP-SRx","link":"https://csrc.nist.gov/glossary/term/bgp_srx"}],"definitions":null},{"term":"Border Gateway Protocol Security","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_security","abbrSyn":[{"text":"BGPsec","link":"https://csrc.nist.gov/glossary/term/bgpsec"}],"definitions":null},{"term":"Border Gateway Protocol with Security Extensions","link":"https://csrc.nist.gov/glossary/term/border_gateway_protocol_with_security_extensions","abbrSyn":[{"text":"BGPsec","link":"https://csrc.nist.gov/glossary/term/bgpsec"}],"definitions":null},{"term":"BOSS","link":"https://csrc.nist.gov/glossary/term/boss","abbrSyn":[{"text":"Business Operation Support Services","link":"https://csrc.nist.gov/glossary/term/business_operation_support_services"}],"definitions":null},{"term":"Botnet","link":"https://csrc.nist.gov/glossary/term/botnet","definitions":[{"text":"The word “botnet” is formed from the words “robot” and ”network.” Cyber criminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer, and organize all the infected machines into a network of “bots” that the criminal can remotely manage.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Kaspersky Cyber Security Resource Center","link":"https://usa.kaspersky.com/resource-center"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Kaspersky Cyber Security Resource Center","link":"https://usa.kaspersky.com/resource-center"}]}]}]},{"term":"boundary","link":"https://csrc.nist.gov/glossary/term/boundary","definitions":[{"text":"A physical or logical perimeter of a system.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See also authorization boundary and interface.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Physical or logical perimeter of a system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"Physical or logical perimeter of a system. See also authorization boundary and interface.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"authorization boundary","link":"authorization_boundary"}]},{"term":"boundary protection","link":"https://csrc.nist.gov/glossary/term/boundary_protection","definitions":[{"text":"Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g. gateways, routers, firewalls, guards, encrypted tunnels).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g., gateways, routers, firewalls, guards, encrypted tunnels).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Boundary Protection "}]},{"text":"Monitoring and control of communications at the external interface to a system to prevent and detect malicious and other unauthorized communications using boundary protection devices.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"boundary protection device","link":"https://csrc.nist.gov/glossary/term/boundary_protection_device","definitions":[{"text":"A device with appropriate mechanisms that: (i) facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or (ii) provides information system boundary protection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Boundary Protection Device "}]},{"text":"A device (e.g., gateway, router, firewall, guard, or encrypted tunnel) that facilitates the adjudication of different system security policies for connected systems or provides boundary protection. The boundary may be the authorization boundary for a system, the organizational network boundary, or a logical boundary defined by the organization.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"BPCS","link":"https://csrc.nist.gov/glossary/term/bpcs","abbrSyn":[{"text":"Basic Process Control System","link":"https://csrc.nist.gov/glossary/term/basic_process_control_system"}],"definitions":null},{"term":"BPML","link":"https://csrc.nist.gov/glossary/term/bpml","abbrSyn":[{"text":"Business Process Markup Language","link":"https://csrc.nist.gov/glossary/term/business_process_markup_language"}],"definitions":null},{"term":"BPSS","link":"https://csrc.nist.gov/glossary/term/bpss","abbrSyn":[{"text":"Business Process Specification Schema","link":"https://csrc.nist.gov/glossary/term/business_process_specification_schema"}],"definitions":null},{"term":"BR","link":"https://csrc.nist.gov/glossary/term/br","abbrSyn":[{"text":"Basic Rate","link":"https://csrc.nist.gov/glossary/term/basic_rate"}],"definitions":null},{"term":"BR/EDR","link":"https://csrc.nist.gov/glossary/term/br_edr","abbrSyn":[{"text":"Basic Rate/Enhanced Data Rate","link":"https://csrc.nist.gov/glossary/term/basic_rate_enhanced_data_rate"}],"definitions":null},{"term":"Branch Target Identification","link":"https://csrc.nist.gov/glossary/term/branch_target_identification","abbrSyn":[{"text":"BTI","link":"https://csrc.nist.gov/glossary/term/bti"}],"definitions":null},{"term":"BRC","link":"https://csrc.nist.gov/glossary/term/brc","abbrSyn":[{"text":"Bitcoin Request for Comment","link":"https://csrc.nist.gov/glossary/term/bitcoin_request_for_comment"}],"definitions":null},{"term":"breach","link":"https://csrc.nist.gov/glossary/term/breach","definitions":[{"text":"The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses personally identifiable information for an other than authorized purpose."},{"text":"The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses personally identifiable information for an other than authorized purpose."},{"text":"The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users, or where authorized users take actions for an other than authorized purposes, have access or potential access to sensitive information, whether physical or electronic.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for another than authorized purpose.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB M-17-12","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-12.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB M-17-12","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-12.pdf"}]}]}]},{"term":"breadth","link":"https://csrc.nist.gov/glossary/term/breadth","definitions":[{"text":"An attribute associated with an assessment method that addresses the scope or coverage of the assessment objects included with the assessment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The steps of the ISCM process covered by an ISCM assessment: Strategy only (ISCM Step 1), Through Design (ISCM Steps 1, 2), Through implementation (ISCM Steps 1-3), or Full (ISCM Steps 1-6).","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"breakdown structure","link":"https://csrc.nist.gov/glossary/term/breakdown_structure","definitions":[{"text":"Framework for efficiently controlling some aspect of the activities for a program or project.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 27026:2011","link":"https://www.iso.org/standard/43961.html"}]}]}]},{"term":"Bring Your Own Device","link":"https://csrc.nist.gov/glossary/term/bring_your_own_device","abbrSyn":[{"text":"BYOD","link":"https://csrc.nist.gov/glossary/term/byod"}],"definitions":null},{"term":"British Standards Institution","link":"https://csrc.nist.gov/glossary/term/british_standards_institution","abbrSyn":[{"text":"BSI","link":"https://csrc.nist.gov/glossary/term/bsi"}],"definitions":null},{"term":"BRM","link":"https://csrc.nist.gov/glossary/term/brm","abbrSyn":[{"text":"Business Reference Model","link":"https://csrc.nist.gov/glossary/term/business_reference_model"}],"definitions":null},{"term":"Broad network access","link":"https://csrc.nist.gov/glossary/term/broad_network_access","abbrSyn":[{"text":"BNA","link":"https://csrc.nist.gov/glossary/term/bna"}],"definitions":[{"text":"Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Broadcast Integrity Protocol","link":"https://csrc.nist.gov/glossary/term/broadcast_integrity_protocol","abbrSyn":[{"text":"BIP","link":"https://csrc.nist.gov/glossary/term/bip"}],"definitions":null},{"term":"Brokered Trust","link":"https://csrc.nist.gov/glossary/term/brokered_trust","definitions":[{"text":"Describes the case where two entities do not have direct business agreements with each other, but do have agreements with one or more intermediaries so as to enable a business trust path to be constructed between the entities. The intermediary brokers operate as active entities, and are invoked dynamically via protocol facilities when new paths are to be established.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"OASIS Trust Models Guidelines","link":"https://www.oasis-open.org/committees/download.php/6158/sstc-saml-trustmodels-2.0-draft-01.pdf"}]}]}]},{"term":"browsing","link":"https://csrc.nist.gov/glossary/term/browsing","definitions":[{"text":"Act of searching through information system storage or active content to locate or acquire information, without necessarily knowing the existence or format of information being sought.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"BRSKI","link":"https://csrc.nist.gov/glossary/term/brski","abbrSyn":[{"text":"Bootstrapping Remote Security Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/bootstrapping_remote_security_key_infrastructure"}],"definitions":null},{"term":"Brute Force Password Attack","link":"https://csrc.nist.gov/glossary/term/brute_force_password_attack","definitions":[{"text":"In cryptography, an attack that involves trying all possible combinations to find a match.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under brute force attack "}]},{"text":"A method of accessing an obstructed device by attempting multiple combinations of numeric/alphanumeric passwords.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A method of accessing an obstructed device through attempting multiple combinations of numeric/alphanumeric passwords.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"In cryptography, an attack that involves trying all possible combinations to find a match.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Brute-Force Attack ","refSources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"text":"in cryptography, an attack that involves trying all possible combinations to find a match","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under brute force attack "}]}]},{"term":"BS2I","link":"https://csrc.nist.gov/glossary/term/bs2i","abbrSyn":[{"text":"Byte String to Integer conversion routine","link":"https://csrc.nist.gov/glossary/term/byte_string_to_integer_conversion_routine"}],"definitions":null},{"term":"BSC","link":"https://csrc.nist.gov/glossary/term/bsc","abbrSyn":[{"text":"Base Station Controller","link":"https://csrc.nist.gov/glossary/term/base_station_controller"}],"definitions":null},{"term":"BSI","link":"https://csrc.nist.gov/glossary/term/bsi","abbrSyn":[{"text":"British Standards Institution","link":"https://csrc.nist.gov/glossary/term/british_standards_institution"}],"definitions":null},{"term":"BSIMM","link":"https://csrc.nist.gov/glossary/term/bsimm","abbrSyn":[{"text":"Building Security In Maturity Model","link":"https://csrc.nist.gov/glossary/term/building_security_in_maturity_model"}],"definitions":null},{"term":"BSS","link":"https://csrc.nist.gov/glossary/term/bss","abbrSyn":[{"text":"Basic Service Set","link":"https://csrc.nist.gov/glossary/term/basic_service_set"}],"definitions":null},{"term":"BSSID","link":"https://csrc.nist.gov/glossary/term/bssid","abbrSyn":[{"text":"Basic Service Set Identifier","link":"https://csrc.nist.gov/glossary/term/basic_service_set_identifier"}],"definitions":null},{"term":"BTC","link":"https://csrc.nist.gov/glossary/term/btc","abbrSyn":[{"text":"Bitcoin","link":"https://csrc.nist.gov/glossary/term/bitcoin"}],"definitions":null},{"term":"BTI","link":"https://csrc.nist.gov/glossary/term/bti","abbrSyn":[{"text":"Branch Target Identification","link":"https://csrc.nist.gov/glossary/term/branch_target_identification"}],"definitions":null},{"term":"BTS","link":"https://csrc.nist.gov/glossary/term/bts","abbrSyn":[{"text":"Base Transceiver Station","link":"https://csrc.nist.gov/glossary/term/base_transceiver_station"}],"definitions":null},{"term":"Budget Year","link":"https://csrc.nist.gov/glossary/term/budget_year","abbrSyn":[{"text":"BY","link":"https://csrc.nist.gov/glossary/term/by"}],"definitions":null},{"term":"buffer overflow","link":"https://csrc.nist.gov/glossary/term/buffer_overflow","abbrSyn":[{"text":"BOF","link":"https://csrc.nist.gov/glossary/term/bof"}],"definitions":[{"text":"A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Adversaries exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Buffer Overflow ","refSources":[{"text":"NIST SP 800-28","link":"https://doi.org/10.6028/NIST.SP.800-28"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Buffer Overflow ","refSources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]}]},{"text":"A condition at an interface under which more input can be placed into a buffer or data holding area than the intended capacity allocated (due to insecure or unbound allocation parameters), which overwrites other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-28","link":"https://doi.org/10.6028/NIST.SP.800-28"},{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Buffer Overflow "}]}]},{"term":"Buffer Overflow Attack","link":"https://csrc.nist.gov/glossary/term/buffer_overflow_attack","definitions":[{"text":"A method of overloading a predefined amount of memory storage in a buffer, which can potentially overwrite and corrupt memory beyond the buffer’s boundaries.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt memory in data.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"bug bounty","link":"https://csrc.nist.gov/glossary/term/bug_bounty","definitions":[{"text":"A method of compensating individuals for reporting software errors, flaws, or faults (“bugs”) that might allow for security exploitation or vulnerabilities.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Bugs Framework","link":"https://csrc.nist.gov/glossary/term/bugs_framework","abbrSyn":[{"text":"BF","link":"https://csrc.nist.gov/glossary/term/bf"}],"definitions":null},{"term":"Building Automation System","link":"https://csrc.nist.gov/glossary/term/building_automation_system","abbrSyn":[{"text":"BAS","link":"https://csrc.nist.gov/glossary/term/bas"}],"definitions":null},{"term":"Building Management Systems","link":"https://csrc.nist.gov/glossary/term/building_management_systems","abbrSyn":[{"text":"BMS","link":"https://csrc.nist.gov/glossary/term/bms"}],"definitions":null},{"term":"Building Security In Maturity Model","link":"https://csrc.nist.gov/glossary/term/building_security_in_maturity_model","abbrSyn":[{"text":"BSIMM","link":"https://csrc.nist.gov/glossary/term/bsimm"}],"definitions":null},{"term":"Bulk Electric System","link":"https://csrc.nist.gov/glossary/term/bulk_electric_system","abbrSyn":[{"text":"BES","link":"https://csrc.nist.gov/glossary/term/bes"}],"definitions":null},{"term":"bulk encryption","link":"https://csrc.nist.gov/glossary/term/bulk_encryption","definitions":[{"text":"Simultaneous encryption of all channels of a multi-channel telecommunications link.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Business Areas","link":"https://csrc.nist.gov/glossary/term/business_areas","definitions":[{"text":"“Business areas” separate government operations into high-level categories relating to the purpose of government, the mechanisms the government uses to achieve its purposes, the support functions necessary to conduct government operations, and resource management functions that support all areas of the government’s business. “Business areas” are subdivided into “areas of operation” or “lines of business.” The recommended information types provided in NIST SP 800-60 are established from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"Business Associate Agreement","link":"https://csrc.nist.gov/glossary/term/business_associate_agreement","abbrSyn":[{"text":"BAA","link":"https://csrc.nist.gov/glossary/term/baa"}],"definitions":null},{"term":"Business Continuity","link":"https://csrc.nist.gov/glossary/term/business_continuity","abbrSyn":[{"text":"BC","link":"https://csrc.nist.gov/glossary/term/bc"}],"definitions":null},{"term":"business continuity plan (BCP)","link":"https://csrc.nist.gov/glossary/term/business_continuity_plan","abbrSyn":[{"text":"BCP","link":"https://csrc.nist.gov/glossary/term/bcp"}],"definitions":[{"text":"The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Business Continuity Plan (BCP) "}]}]},{"term":"business impact analysis (BIA)","link":"https://csrc.nist.gov/glossary/term/business_impact_analysis","abbrSyn":[{"text":"BIA","link":"https://csrc.nist.gov/glossary/term/bia"}],"definitions":[{"text":"Process of analyzing operational functions and the effect that a disruption might have on them.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Business Impact Analysis (BIA) "}]}]},{"term":"Business Mission Area","link":"https://csrc.nist.gov/glossary/term/business_mission_area","abbrSyn":[{"text":"BMA","link":"https://csrc.nist.gov/glossary/term/bma"}],"definitions":null},{"term":"Business Operation Support Services","link":"https://csrc.nist.gov/glossary/term/business_operation_support_services","abbrSyn":[{"text":"BOSS","link":"https://csrc.nist.gov/glossary/term/boss"}],"definitions":null},{"term":"Business Process Markup Language","link":"https://csrc.nist.gov/glossary/term/business_process_markup_language","abbrSyn":[{"text":"BPML","link":"https://csrc.nist.gov/glossary/term/bpml"}],"definitions":null},{"term":"Business Process Specification Schema","link":"https://csrc.nist.gov/glossary/term/business_process_specification_schema","abbrSyn":[{"text":"BPSS","link":"https://csrc.nist.gov/glossary/term/bpss"}],"definitions":null},{"term":"Business Reference Model","link":"https://csrc.nist.gov/glossary/term/business_reference_model","abbrSyn":[{"text":"BRM","link":"https://csrc.nist.gov/glossary/term/brm"}],"definitions":null},{"term":"Business/Mission Objectives","link":"https://csrc.nist.gov/glossary/term/business_mission_objectives","definitions":[{"text":"Broad expression of business goals. Specified target outcome for business operations.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"Business-To-Business","link":"https://csrc.nist.gov/glossary/term/business_to_business","abbrSyn":[{"text":"B2B","link":"https://csrc.nist.gov/glossary/term/b2b"}],"definitions":null},{"term":"Buyer","link":"https://csrc.nist.gov/glossary/term/buyer","definitions":[{"text":"The people or organizations that consume a given product or service.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"term":"BY","link":"https://csrc.nist.gov/glossary/term/by","abbrSyn":[{"text":"Budget Year","link":"https://csrc.nist.gov/glossary/term/budget_year"}],"definitions":null},{"term":"BYOD","link":"https://csrc.nist.gov/glossary/term/byod","abbrSyn":[{"text":"Bring Your Own Device","link":"https://csrc.nist.gov/glossary/term/bring_your_own_device"},{"text":"Bring-Your-Own-Device"}],"definitions":null},{"term":"Byte","link":"https://csrc.nist.gov/glossary/term/byte","definitions":[{"text":"A sequence of eight bits.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]},{"text":"A string of eight bits.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A sequence of 8 bits.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"A group of eight bits that is treated either as a single entity or as an array of eight individual bits.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]},{"text":"A bit string consisting of eight bits.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A bit string consisting of eight bits. A byte is represented by a hexadecimal string of length two. The right-most hexadecimal character represents the rightmost four bits of the byte, and the left-most hexadecimal character of the byte represents the left-most four bits of the byte. For example, 9d represents the bit string 10011101.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A bit string of length eight. A byte is represented by a hexadecimal string of length two. The rightmost hexadecimal character represents the rightmost four bits of the byte, and the leftmost hexadecimal character of the byte represents the leftmost four bits of the byte. For example, 9d represents the bit string 10011101.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Byte length","link":"https://csrc.nist.gov/glossary/term/byte_length","definitions":[{"text":"The number of consecutive (non-overlapping) bytes in a byte string. For example, 0110010101000011 = 01100101 || 01000011 is two bytes long. The byte length of the empty string is zero.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A positive integer that expresses the number of bytes in a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Byte String","link":"https://csrc.nist.gov/glossary/term/byte_string","definitions":[{"text":"An ordered sequence of bytes, beginning with the most significant (leftmost) byte and ending with the least significant (rightmost) byte. Any bit string whose bit length is a multiple of eight can be viewed as the concatenation of an ordered sequence of bytes (i.e., a byte string). For example, the bit string 0110010101000011 can be viewed as a byte string since it is the concatenation of two bytes: 01100101 followed by 01000011.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Byte string "}]},{"text":"A finite, ordered sequence of bytes.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"An ordered sequence of bytes.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Byte string "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Byte string "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Byte string "}]}]},{"term":"Byte String to Integer conversion routine","link":"https://csrc.nist.gov/glossary/term/byte_string_to_integer_conversion_routine","abbrSyn":[{"text":"BS2I","link":"https://csrc.nist.gov/glossary/term/bs2i"}],"definitions":null},{"term":"Bytewise matching","link":"https://csrc.nist.gov/glossary/term/bytewise_matching","definitions":[{"text":"relies only on the sequences of bytes that make up a digital object, without reference to any structures within the data stream, or to any meaning the byte stream may have when appropriately interpreted. Such methods have the widest applicability as they can be applied to any piece of data; however, they also carry the implicit assumption that artifacts that humans perceive as similar have similar byte-level encodings. This assumption is not universally valid. Analyst expertise is necessary to evaluate the significance of a byte-level match.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Byzantine Fault Tolerant","link":"https://csrc.nist.gov/glossary/term/byzantine_fault_tolerant","abbrSyn":[{"text":"BFT","link":"https://csrc.nist.gov/glossary/term/bft"}],"definitions":null},{"term":"Byzantine fault tolerant proof of stake consensus model","link":"https://csrc.nist.gov/glossary/term/byzantine_fault_tolerant_proof_of_stake_consensus_model","definitions":[{"text":"A proof of stake consensus model where the blockchain decides the next block by allowing all staked members to “vote” on which submitted block to include next.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"C","link":"https://csrc.nist.gov/glossary/term/c","definitions":[{"text":"Ciphertext","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"The ciphertext.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"In LMS, the n-byte randomizer used for randomized message hashing.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"c","link":"https://csrc.nist.gov/glossary/term/lower_case_c","definitions":[{"text":"Ciphertext (expressed as an integer).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Ciphertext; an integer.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"C&A","link":"https://csrc.nist.gov/glossary/term/canda","abbrSyn":[{"text":"Certification and Accreditation"}],"definitions":null},{"term":"C&S","link":"https://csrc.nist.gov/glossary/term/c_and_s","abbrSyn":[{"text":"Control and Status","link":"https://csrc.nist.gov/glossary/term/control_and_status"}],"definitions":null},{"term":"C, CU, CV","link":"https://csrc.nist.gov/glossary/term/c_cu_cv","definitions":[{"text":"Ciphertext (expressed as a byte string).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"C.F.D.","link":"https://csrc.nist.gov/glossary/term/cfd","abbrSyn":[{"text":"Candidate for Deletion","link":"https://csrc.nist.gov/glossary/term/candidate_for_deletion"},{"text":"Common Fill Device"}],"definitions":null},{"term":"C.F.R.","link":"https://csrc.nist.gov/glossary/term/cfr","abbrSyn":[{"text":"Code of Federal Regulations","link":"https://csrc.nist.gov/glossary/term/code_of_federal_regulations"}],"definitions":null},{"term":"C1,…,C64","link":"https://csrc.nist.gov/glossary/term/c1toc64","definitions":[{"text":"Bits of the Ciphertext Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"C2","link":"https://csrc.nist.gov/glossary/term/c2","abbrSyn":[{"text":"Command and Control","link":"https://csrc.nist.gov/glossary/term/command_and_control"}],"definitions":[{"text":"Command and Control' is the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Command and Control ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Command and Control "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Command and Control "}]}]},{"term":"C3","link":"https://csrc.nist.gov/glossary/term/c3","abbrSyn":[{"text":"Command, Control, and Communications","link":"https://csrc.nist.gov/glossary/term/command_control_and_communications"},{"text":"Command, Control, and Communications Controller Area Network","link":"https://csrc.nist.gov/glossary/term/command_control_and_communications_controller_area_network"}],"definitions":null},{"term":"C3I","link":"https://csrc.nist.gov/glossary/term/c3i","abbrSyn":[{"text":"Command, Control, Communications and Intelligence","link":"https://csrc.nist.gov/glossary/term/command_control_communications_and_intelligence"}],"definitions":null},{"term":"C4","link":"https://csrc.nist.gov/glossary/term/c4","abbrSyn":[{"text":"Command, Control, Communications and Computers","link":"https://csrc.nist.gov/glossary/term/command_control_communications_and_computers"}],"definitions":null},{"term":"CA","link":"https://csrc.nist.gov/glossary/term/ca","abbrSyn":[{"text":"CA Technologies","link":"https://csrc.nist.gov/glossary/term/ca_technologies"},{"text":"certificate authority"},{"text":"Certificate Authority"},{"text":"Certificate Authority/Certificate Authorities"},{"text":"certification authority","link":"https://csrc.nist.gov/glossary/term/certification_authority"},{"text":"Certification Authority"},{"text":"Certification, Accreditation, and Security Assessments","link":"https://csrc.nist.gov/glossary/term/certification_accreditation_and_security_assessments"},{"text":"Controlling Authority"},{"text":"Cryptanalysis"},{"text":"Security Assessment and Authorization","link":"https://csrc.nist.gov/glossary/term/security_assessment_and_authorization"}],"definitions":[{"text":"An entity authorized to create, sign, issue, and revoke public key certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under certification authority ","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"A trusted entity that issues and revokes public key certificates.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under Certification Authority "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority ","refSources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority ","refSources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certification Authority "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Certification Authority "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Certification Authority "}]},{"text":"Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"1. Operations performed to defeat cryptographic protection without an initial knowledge of the key employed in providing the protection.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"2. The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptanalysis "}]},{"text":"1. Operations performed to defeat cryptographic protection without an initial knowledge of the key employed in providing the protection. 2. The study of mathematical techniques for attempting to defeat cryptographic techniques and information-system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Cryptanalysis "}]},{"text":"The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptanalysis "}]}]},{"term":"CA Technologies","link":"https://csrc.nist.gov/glossary/term/ca_technologies","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"}],"definitions":null},{"term":"CAA","link":"https://csrc.nist.gov/glossary/term/caa","abbrSyn":[{"text":"Certificate Authority Authorization","link":"https://csrc.nist.gov/glossary/term/certificate_authority_authorization"}],"definitions":[{"text":"A record associated with a Domain Name Server (DNS) entry that specifies the CAs that are authorized to issue certificates for that domain.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority Authorization "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority Authorization "}]}]},{"term":"CaaS","link":"https://csrc.nist.gov/glossary/term/caas","abbrSyn":[{"text":"Container-as-a-Service","link":"https://csrc.nist.gov/glossary/term/container_as_a_service"}],"definitions":null},{"term":"CAC","link":"https://csrc.nist.gov/glossary/term/cac","abbrSyn":[{"text":"Common Access Card"}],"definitions":null},{"term":"CAD","link":"https://csrc.nist.gov/glossary/term/cad","abbrSyn":[{"text":"Computer-aided Dispatch","link":"https://csrc.nist.gov/glossary/term/computer_aided_dispatch"}],"definitions":null},{"term":"CAE","link":"https://csrc.nist.gov/glossary/term/cae","abbrSyn":[{"text":"Centers of Academic Excellence","link":"https://csrc.nist.gov/glossary/term/centers_of_academic_excellence"},{"text":"National Centers of Academic Excellence in Cybersecurity","link":"https://csrc.nist.gov/glossary/term/national_centers_of_academic_excellence_in_cybersecurity"}],"definitions":null},{"term":"CAESAR","link":"https://csrc.nist.gov/glossary/term/caesar","abbrSyn":[{"text":"Competition for Authenticated Encryption: Security, Applicability, and Robustness","link":"https://csrc.nist.gov/glossary/term/competition_for_authenticated_encryption_security_applicability_and_robustness"}],"definitions":null},{"term":"CAESARS","link":"https://csrc.nist.gov/glossary/term/caesars","abbrSyn":[{"text":"Continuous Asset Evaluation, Situational Awareness, and Risk Scoring","link":"https://csrc.nist.gov/glossary/term/continuous_asset_evaluation_situational_awareness_and_risk_scoring"}],"definitions":null},{"term":"CAG","link":"https://csrc.nist.gov/glossary/term/cag","abbrSyn":[{"text":"Consensus Audit Guidelines","link":"https://csrc.nist.gov/glossary/term/consensus_audit_guidelines"}],"definitions":null},{"term":"CAK","link":"https://csrc.nist.gov/glossary/term/cak","abbrSyn":[{"text":"Card Authentication Key","link":"https://csrc.nist.gov/glossary/term/card_authentication_key"}],"definitions":null},{"term":"calibration","link":"https://csrc.nist.gov/glossary/term/calibration","definitions":[{"text":"A comparison between a device under test and an established standard, such as UTC(NIST). When the calibration is finished, it should be possible to state the estimated time offset and/or frequency offset of the device under test with respect to the standard, as well as the measurement uncertainty. Calibrations can be absolute or relative. Absolute calibrations are not biased by the calibration reference and would, therefore, be more reproducible. However, absolute calibrations can be more complex to determine. The bias in relative calibrations would be consistent if all the devices in the system are calibrated against the same calibration reference. Calibrations may also be performed relative to other devices without reference to an absolute standard. Relative calibrations are generally simpler to perform than absolute calibrations.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"call back","link":"https://csrc.nist.gov/glossary/term/call_back","definitions":[{"text":"Procedure for identifying and authenticating a remote information system terminal, whereby the host system disconnects the terminal and reestablishes contact.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Call Detail Record","link":"https://csrc.nist.gov/glossary/term/call_detail_record","abbrSyn":[{"text":"CDR","link":"https://csrc.nist.gov/glossary/term/cdr"}],"definitions":null},{"term":"Call Oriented Programming","link":"https://csrc.nist.gov/glossary/term/call_oriented_programming","abbrSyn":[{"text":"COP","link":"https://csrc.nist.gov/glossary/term/c_o_p"}],"definitions":null},{"term":"Call Processor","link":"https://csrc.nist.gov/glossary/term/call_processor","definitions":[{"text":"component that sets up and monitors the state of calls, and provides phone number translation, user authorization, and coordination with media gateways.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"callibration","link":"https://csrc.nist.gov/glossary/term/callibration","definitions":[{"text":"A comparison between a device under test and an established standard, such as Coordinated Universal Time UTC (NIST). When the calibration is finished, it should be possible to state the estimated time offset and/or frequency offset of the device under test with respect to the standard, as well as the measurement uncertainty. Calibrations can be absolute or relative. Absolute calibrations are not biased by the calibration reference and would, therefore, be more reproducible. However, absolute calibrations can be more complex to determine. The bias in relative calibrations would be consistent if all the devices in the system are calibrated against the same calibration reference. Calibrations may also be performed relative to other devices without reference to an absolute standard. Relative calibrations are generally simpler to perform than absolute calibrations.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"CAN","link":"https://csrc.nist.gov/glossary/term/can","abbrSyn":[{"text":"Controller Area Network","link":"https://csrc.nist.gov/glossary/term/controller_area_network"}],"definitions":null},{"term":"Canadian Centre for Cyber Security","link":"https://csrc.nist.gov/glossary/term/canadian_centre_for_cyber_security","abbrSyn":[{"text":"CCCS","link":"https://csrc.nist.gov/glossary/term/cccs"}],"definitions":null},{"term":"Canadian Standards Association","link":"https://csrc.nist.gov/glossary/term/canadian_standards_association","abbrSyn":[{"text":"CSA","link":"https://csrc.nist.gov/glossary/term/csa"}],"definitions":null},{"term":"Candidate Checklist","link":"https://csrc.nist.gov/glossary/term/candidate_checklist","definitions":[{"text":"Checklist that has been screened and approved by NIST for public review.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Checklist approved by NIST for public review.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Candidate for Deletion","link":"https://csrc.nist.gov/glossary/term/candidate_for_deletion","abbrSyn":[{"text":"C.F.D.","link":"https://csrc.nist.gov/glossary/term/cfd"}],"definitions":null},{"term":"canister (COMSEC)","link":"https://csrc.nist.gov/glossary/term/canister","note":"(C.F.D.)","definitions":[{"text":"Type of physical protective packaging used to contain and dispense keying material in punched or printed tape form. \nRationale: Although being phased out, canisters are still in circulation. However term is being marked C.F.D. in anticipation of removal in the future.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"CAP","link":"https://csrc.nist.gov/glossary/term/cap","abbrSyn":[{"text":"Cross Agency Priority","link":"https://csrc.nist.gov/glossary/term/cross_agency_priority"}],"definitions":null},{"term":"Capabilities Catalog","link":"https://csrc.nist.gov/glossary/term/capabilities_catalog","definitions":[{"text":"Comprehensive list of device cybersecurity capabilities derived from analysis of comprehensive list of source documents for the application or sector. For the federal sector, NIST SP 800-53 Rev. 5 provided the definition of controls used to create the NIST-generated capabilities catalog used for the Federal profile.","sources":[{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]},{"text":"Comprehensive list of device cybersecurity capabilities derived from analysis of comprehensive list of source documents for the application or sector. For the federal sector, NIST SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations, provided the definition of controls used to generate the NIST generated capabilities catalog used for the federal profile. ","sources":[{"text":"NIST SP 800-213A","link":"https://doi.org/10.6028/NIST.SP.800-213A"}]}]},{"term":"capability","link":"https://csrc.nist.gov/glossary/term/capability","abbrSyn":[{"text":"Capability, Security","link":"https://csrc.nist.gov/glossary/term/capability_security"}],"definitions":[{"text":"A person’s potential to accomplish something.","sources":[{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]},{"text":"A combination of mutually reinforcing controls implemented by technical means, physical means, and procedural means. Such controls are typically selected to achieve a common information security or privacy purpose.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A combination of mutually reinforcing security and/or privacy controls implemented by technical, physical, and procedural means. Such controls are typically selected to achieve a common information security- or privacy-related purpose.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A combination of mutually reinforcing security and/or privacy controls implemented by technical means, physical means, and procedural means. Such controls are typically selected to achieve a common information security- or privacy-related purpose.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"See Capability, Security.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability "}]},{"text":"A set of mutually reinforcing security controls implemented by technical, physical, and procedural means. Such controls are typically selected to achieve a common information security-related purpose.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Security "}]},{"text":"A feature or function.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228","underTerm":" under Capability "}]}]},{"term":"Capability Bases Access Control","link":"https://csrc.nist.gov/glossary/term/capability_bases_access_control","abbrSyn":[{"text":"CBAC","link":"https://csrc.nist.gov/glossary/term/cbac"}],"definitions":null},{"term":"Capability Hardware Enhanced RISC Instructions","link":"https://csrc.nist.gov/glossary/term/capability_hardware_enhanced_risc_instructions","abbrSyn":[{"text":"CHERI","link":"https://csrc.nist.gov/glossary/term/cheri"}],"definitions":null},{"term":"Capability List","link":"https://csrc.nist.gov/glossary/term/capability_list","definitions":[{"text":"A list attached to a subject ID specifying what accesses are allowed to the subject.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Capability Maturity Model Integration","link":"https://csrc.nist.gov/glossary/term/capability_maturity_model_integration","abbrSyn":[{"text":"CMMI","link":"https://csrc.nist.gov/glossary/term/cmmi"}],"definitions":null},{"term":"capability requirement","link":"https://csrc.nist.gov/glossary/term/capability_requirement","abbrSyn":[{"text":"CR","link":"https://csrc.nist.gov/glossary/term/cr"}],"definitions":[{"text":"A type of requirement describing the capability that the organization or system must provide to satisfy a stakeholder need. Note: Capability requirements relted to information security and privacy are derived from stakeholder protection needs and the corresponding security and privacy requirements.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Capability, Anomalous Event Detection Management","link":"https://csrc.nist.gov/glossary/term/capability_anomalous_event_detection_management","definitions":[{"text":"An ISCM capability that identifies routine and unexpected events that can compromise security within a time frame that prevents or reduces the impact (i.e., consequences) of the events to the extent possible.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Capability, Anomalous Event Response and Recovery Management","link":"https://csrc.nist.gov/glossary/term/capability_anomalous_event_response_and_recovery_management","abbrSyn":[{"text":"Anomalous Event Response and Recovery Management","link":"https://csrc.nist.gov/glossary/term/anomalous_event_response_and_recovery_management"}],"definitions":[{"text":"See Capability, Anomalous Event Response and Recovery Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Anomalous Event Response and Recovery Management "}]},{"text":"An ISCM capability that ensures that both routine and unexpected events that require a response to maintain functionality and security are responded to (once identified) within a time frame that prevents or reduces the impact (i.e., consequences) of the events to the extent possible.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Capability, Behavior Management","link":"https://csrc.nist.gov/glossary/term/capability_behavior_management","abbrSyn":[{"text":"Behavior Management","link":"https://csrc.nist.gov/glossary/term/behavior_management"}],"definitions":[{"text":"See Capability, Behavior Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Behavior Management "}]},{"text":"An ISCM capability that ensures that people are aware of expected security-related behavior and are able to perform their duties to prevent advertent and inadvertent behavior that compromises information.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Capability, Boundary Management","link":"https://csrc.nist.gov/glossary/term/capability_boundary_management","abbrSyn":[{"text":"Manage Boundaries","link":"https://csrc.nist.gov/glossary/term/manage_boundaries"}],"definitions":[{"text":"An ISCM capability that addresses the following network and physical boundary areas: \nPhysical Boundaries – Ensure that movement (of people, media, equipment, etc.) into and out of the physical facility does not compromise security. \nFilters – Ensure that traffic into and out of the network (and thus out of the physical facility protection) does not compromise security. Do the same for enclaves that subdivide the network. \nOther – Ensure that information is protected (with adequate strength) when needed to protect confidentiality and integrity, whether that information is in transit or at rest.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Boundary Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Manage Boundaries "}]}]},{"term":"Capability, Configuration Settings Management","link":"https://csrc.nist.gov/glossary/term/capability_configuration_settings_management","abbrSyn":[{"text":"Configuration Settings Management","link":"https://csrc.nist.gov/glossary/term/configuration_settings_management"}],"definitions":[{"text":"An ISCM capability that identifies configuration settings (Common Configuration Enumerations [CCEs]) on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Configuration Settings Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Configuration Settings Management "}]}]},{"term":"Capability, Credentials and Authentication Management","link":"https://csrc.nist.gov/glossary/term/capability_credentials_and_authentication_management","abbrSyn":[{"text":"Manage Credentials and Authentication","link":"https://csrc.nist.gov/glossary/term/manage_credentials_and_authentication"}],"definitions":[{"text":"An ISCM capability that ensures that people have the credentials and authentication methods necessary (and only those necessary) to perform their duties, while limiting access to that which is necessary.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Credentials and Authentication Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Manage Credentials and Authentication "}]}]},{"term":"Capability, Event Preparation Management","link":"https://csrc.nist.gov/glossary/term/capability_event_preparation_management","abbrSyn":[{"text":"Prepare for Events","link":"https://csrc.nist.gov/glossary/term/prepare_for_events"}],"definitions":[{"text":"An ISCM capability that ensures that procedures and resources are in place to respond to both routine and unexpected events that can compromise security. The unexpected events include both actual attacks and contingencies (natural disasters) like fires, floods, earthquakes, etc.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Event Preparation Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Prepare for Events "}]}]},{"term":"Capability, Hardware Asset Management","link":"https://csrc.nist.gov/glossary/term/capability_hardware_asset_management","abbrSyn":[{"text":"Hardware Asset Management","link":"https://csrc.nist.gov/glossary/term/hardware_asset_management"}],"definitions":[{"text":"An ISCM capability that identifies unmanaged devices that are likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Hardware Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Hardware Asset Management "}]}]},{"term":"Capability, ISCM","link":"https://csrc.nist.gov/glossary/term/capability_iscm","abbrSyn":[{"text":"ISCM Capability","link":"https://csrc.nist.gov/glossary/term/iscm_capability"}],"definitions":[{"text":"See ISCM Capability.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"A security capability with the following additional traits: \n• The purpose (desired result) of each capability is to address specific kind(s) of attack scenarios or exploits. \n• Each capability focuses on attacks towards specific assessment objects. \n• There is a viable way to automate ISCM on the security capability. \n• The capability provides protection against current attack scenarios.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under ISCM Capability "}]}]},{"term":"Capability, Manage and Assess Risk","link":"https://csrc.nist.gov/glossary/term/capability_manage_and_assess_risk","abbrSyn":[{"text":"Risk (ISCM Capability)"},{"text":"Risk Management"}],"definitions":[{"text":"The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Risk Management ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Management ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"the on-going process of assessing the risk to IT resources andinformation, as part of a risk-based approach used to determine adequate security for a system, by analyzing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Risk Management "}]},{"text":"The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Risk Management "}]},{"text":"The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The total process of identifying, controlling, and eliminating or minimizing uncertain events that may adversely affect system resources. It includes risk analysis, cost benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Risk Management "}]},{"text":"An ISCM capability that focuses on reducing the successful exploits of the other non-meta capabilities that occur because the risk management process fails to correctly identify and prioritize actions and investments needed to lower the risk profile.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Manage and Assess Risk.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Risk (ISCM Capability) "},{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Risk Management "}]},{"text":"The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: \n(i) establishing the context for risk-related activities; \n(ii) assessing risk; \n(iii) responding to risk once determined; and \n(iv) monitoring risk over time.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Risk Management ","refSources":[{"text":"CNSSI 4009","note":" - adapted"}]}]},{"text":"The process of identifying, assessing, and responding to risk.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Risk Management "},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Risk Management "}]},{"text":"The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation and includes (i) establishing the context for risk-related activities, (ii) assessing risk, (iii) responding to risk once determined, and (iv) monitoring risk over time.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Risk Management ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"Capability, Perform Resilient Systems Engineering","link":"https://csrc.nist.gov/glossary/term/capability_perform_resilient_systems_engineering","definitions":[{"text":"An ISCM capability that \n• Focuses on reducing successful exploits of the other non-meta capabilities that occur because there was inadequate design, engineering, implementation, testing, and/or other technical issues in implementing and/or monitoring the controls related to the other non-meta capabilities. \n• Reducing the successful exploits of the other non-meta capabilities that occur because there was inadequate definition of requirements, policy, planning, and/or other management issues in implementing and/or monitoring the controls related to the other non-meta capabilities.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Capability, Privilege and Account Management","link":"https://csrc.nist.gov/glossary/term/capability_privilege_and_account_management","abbrSyn":[{"text":"Manage Privileges","link":"https://csrc.nist.gov/glossary/term/manage_privileges"}],"definitions":[{"text":"An ISCM capability that ensures that people have the privileges necessary (and only those necessary) to perform their duties, to limit access to that which is necessary.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Privilege and Account Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Manage Privileges "}]}]},{"term":"Capability, Security","link":"https://csrc.nist.gov/glossary/term/capability_security","abbrSyn":[{"text":"Capability"},{"text":"Security Capability","link":"https://csrc.nist.gov/glossary/term/security_capability"}],"definitions":[{"text":"See capability.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Security Capability "}]},{"text":"A combination of mutually-reinforcing security controls (i.e., safeguards and countermeasures) implemented by technical means (i.e., functionality in hardware, software, and firmware), physical means (i.e., physical devices and protective measures), and procedural means (i.e., procedures performed by individuals).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Capability "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Capability "}]},{"text":"See Capability, Security.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability "},{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Security Capability "}]},{"text":"A set of mutually reinforcing security controls implemented by technical, physical, and procedural means. Such controls are typically selected to achieve a common information security-related purpose.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"A feature or function.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228","underTerm":" under Capability "}]}]},{"term":"Capability, Software Asset Management","link":"https://csrc.nist.gov/glossary/term/capability_software_asset_management","abbrSyn":[{"text":"Software Asset Management","link":"https://csrc.nist.gov/glossary/term/software_asset_management"}],"definitions":[{"text":"An ISCM capability that identifies unauthorized software on devices that is likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Software Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Software Asset Management "}]}]},{"term":"Capability, Trust Management","link":"https://csrc.nist.gov/glossary/term/capability_trust_management","abbrSyn":[{"text":"Trust"},{"text":"Trust Management","link":"https://csrc.nist.gov/glossary/term/trust_management"}],"definitions":[{"text":"The willingness to take actions expecting beneficial outcomes, based on assertions by other parties.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Trust ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"The confidence one element has in another, that the second element will behave as expected.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]},{"text":"NISTIR 8320B","link":"https://doi.org/10.6028/NIST.IR.8320B","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]}]},{"text":"A characteristic of an entity that indicates its ability to perform certain functions or services correctly, fairly and impartially, along with assurance that the entity and its identifier are genuine.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Trust "}]},{"text":"An ISCM capability that ensures that untrustworthy persons are prevented from being trusted with network access (to prevent insider attacks).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Trust Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Trust "},{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Trust Management "}]},{"text":"The confidence one element has in another that the second element will behave as expected.","sources":[{"text":"NISTIR 8320A","link":"https://doi.org/10.6028/NIST.IR.8320A","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]}]}]},{"term":"Capability, Vulnerability Management","link":"https://csrc.nist.gov/glossary/term/capability_vulnerability_management","abbrSyn":[{"text":"Vulnerability Management","link":"https://csrc.nist.gov/glossary/term/vulnerability_management"}],"definitions":[{"text":"An ISCM capability that identifies vulnerabilities [Common Vulnerabilities and Exposures (CVEs)] on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Capability, Vulnerability Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Vulnerability Management "}]}]},{"term":"Capacity Planning","link":"https://csrc.nist.gov/glossary/term/capacity_planning","definitions":[{"text":"Systematic determination of resource requirements for the projected output, over a specific period.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"businessdictionary.com","link":"businessdictionary.com"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"businessdictionary.com","link":"businessdictionary.com"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"businessdictionary.com","link":"businessdictionary.com"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"businessdictionary.com","link":"businessdictionary.com"}]}]},{"text":"Systematic determination of resource requirements for the projected output, over a specific period.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"businessdictionary.com","link":"businessdictionary.com"}]}]}]},{"term":"CAPCO","link":"https://csrc.nist.gov/glossary/term/capco","abbrSyn":[{"text":"Controlled Access Program Coordination Office","link":"https://csrc.nist.gov/glossary/term/controlled_access_program_coordination_office"}],"definitions":null},{"term":"CAPEC","link":"https://csrc.nist.gov/glossary/term/capec","abbrSyn":[{"text":"Common Attack Pattern Enumeration & Classification"},{"text":"Common Attack Pattern Enumeration and Classification","link":"https://csrc.nist.gov/glossary/term/common_attack_pattern_enumeration_and_classification"}],"definitions":null},{"term":"CapEx","link":"https://csrc.nist.gov/glossary/term/capex","abbrSyn":[{"text":"Capital Expenditures","link":"https://csrc.nist.gov/glossary/term/capital_expenditures"}],"definitions":null},{"term":"CAPI","link":"https://csrc.nist.gov/glossary/term/capi","abbrSyn":[{"text":"Cryptographic Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/cryptographic_application_programming_interface"}],"definitions":[{"text":"An application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. While providing a consistent API for applications, API allows for specialized cryptographic modules (cryptographic service providers) to be provided by third parties, such as hardware security module (HSM) manufacturers. This enables applications to leverage the additional security of HSMs while using the same APIs they use to access built-in Windows cryptographic service providers. (Also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptographic Application Programming Interface "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptographic Application Programming Interface "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptographic Application Programming Interface "}]}]},{"term":"Capital Expenditures","link":"https://csrc.nist.gov/glossary/term/capital_expenditures","abbrSyn":[{"text":"CapEx","link":"https://csrc.nist.gov/glossary/term/capex"}],"definitions":null},{"term":"Capstone Policies","link":"https://csrc.nist.gov/glossary/term/capstone_policies","definitions":[{"text":"Those policies that are developed by governing or coordinating institutions of HIEs. They provide overall requirements and guidance for protecting health information within those HIEs. Capstone Policies must address the requirements imposed by: (1) all laws, regulations, and guidelines at the federal, state, and local levels; (2) business needs; and (3) policies at the institutional and HIE levels.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"CAPTCHA","link":"https://csrc.nist.gov/glossary/term/captcha","abbrSyn":[{"text":"Completely Automated Public Turing test to tell Computer and Humans Apart"}],"definitions":null},{"term":"Capture","link":"https://csrc.nist.gov/glossary/term/capture","definitions":[{"text":"Series of actions undertaken to obtain and record, in a retrievable form, signals of biometric characteristics directly from individuals.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]},{"text":"The method of taking a biometric sample from an end user.","sources":[{"text":"FIPS 201","note":" [version unknown]","refSources":[{"text":"INCITS/M1-040211","link":"https://standards.incits.org/a/public/group/m1"}]}]}]},{"term":"CAPWAP","link":"https://csrc.nist.gov/glossary/term/capwap","abbrSyn":[{"text":"Control and Provisioning of Wireless Access Points","link":"https://csrc.nist.gov/glossary/term/control_and_provisioning_of_wireless_access_points"}],"definitions":null},{"term":"card","link":"https://csrc.nist.gov/glossary/term/card","definitions":[{"text":"An integrated circuit card.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"},{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4","underTerm":" under Card "}]}]},{"term":"Card Application","link":"https://csrc.nist.gov/glossary/term/card_application","definitions":[{"text":"A set of data objects and card commands that can be selected using an application identifier.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Card Authentication Key","link":"https://csrc.nist.gov/glossary/term/card_authentication_key","abbrSyn":[{"text":"CAK","link":"https://csrc.nist.gov/glossary/term/cak"}],"definitions":null},{"term":"Card Capability Container","link":"https://csrc.nist.gov/glossary/term/card_capability_container","abbrSyn":[{"text":"CCC","link":"https://csrc.nist.gov/glossary/term/ccc"}],"definitions":null},{"term":"Card Design Standard","link":"https://csrc.nist.gov/glossary/term/card_design_standard","abbrSyn":[{"text":"CDS","link":"https://csrc.nist.gov/glossary/term/cds"}],"definitions":null},{"term":"Card Holder Unique Identifier","link":"https://csrc.nist.gov/glossary/term/card_holder_unique_identifier","abbrSyn":[{"text":"CHUID","link":"https://csrc.nist.gov/glossary/term/chuid"}],"definitions":null},{"term":"Card Management","link":"https://csrc.nist.gov/glossary/term/card_management","definitions":[{"text":"Any operation involving the PIV Card Application Administrator. Operation","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"card management system","link":"https://csrc.nist.gov/glossary/term/card_management_system","definitions":[{"text":"The system that manages the lifecycle of a PIV Card application.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Card Management System "}]},{"text":"The system that manages the life cycle of a PIV Card application.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Card Not Present","link":"https://csrc.nist.gov/glossary/term/card_not_present","abbrSyn":[{"text":"CNP","link":"https://csrc.nist.gov/glossary/term/cnp"}],"definitions":null},{"term":"card reader","link":"https://csrc.nist.gov/glossary/term/card_reader","definitions":[{"text":"An electronic device that connects an integrated circuit card and the card applications therein to a client application.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Card Verifiable","link":"https://csrc.nist.gov/glossary/term/card_verifiable","definitions":[{"text":"A certificate stored on the card that includes a public key, the signature of a Certificate certification authority, and further information needed to verify the certificate.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Card Verifiable Certificate","link":"https://csrc.nist.gov/glossary/term/card_verifiable_certificate","abbrSyn":[{"text":"CVC","link":"https://csrc.nist.gov/glossary/term/cvc"}],"definitions":[{"text":"A certificate stored on the PIV Card that includes a public key, the signature of a certification authority, and further information needed to verify the certificate.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Card Management System to Card","link":"https://csrc.nist.gov/glossary/term/card_management_system_to_card","abbrSyn":[{"text":"CMTC","link":"https://csrc.nist.gov/glossary/term/cmtc"}],"definitions":null},{"term":"cardholder","link":"https://csrc.nist.gov/glossary/term/cardholder","definitions":[{"text":"An individual who possesses an issued PIV Card.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Cardholder "}]},{"text":"An individual possessing an issued PIV Card.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Cardholder "}]}]},{"term":"Cardholder to Card","link":"https://csrc.nist.gov/glossary/term/cardholder_to_card","abbrSyn":[{"text":"CTC","link":"https://csrc.nist.gov/glossary/term/ctc"}],"definitions":null},{"term":"Cardholder to External System","link":"https://csrc.nist.gov/glossary/term/cardholder_to_external_system","abbrSyn":[{"text":"CTE","link":"https://csrc.nist.gov/glossary/term/cte"}],"definitions":null},{"term":"Cardholder Unique Identifier","link":"https://csrc.nist.gov/glossary/term/cardholder_unique_identifier","abbrSyn":[{"text":"CHUID","link":"https://csrc.nist.gov/glossary/term/chuid"}],"definitions":null},{"term":"Career and Technical Education","link":"https://csrc.nist.gov/glossary/term/career_and_technical_education","abbrSyn":[{"text":"CTE","link":"https://csrc.nist.gov/glossary/term/cte"}],"definitions":null},{"term":"Career and Technical Student Organization","link":"https://csrc.nist.gov/glossary/term/career_and_technical_student_organization","abbrSyn":[{"text":"CTSO","link":"https://csrc.nist.gov/glossary/term/ctso"}],"definitions":null},{"term":"Carrier Grade NAT","link":"https://csrc.nist.gov/glossary/term/carrier_grade_nat","abbrSyn":[{"text":"CGN","link":"https://csrc.nist.gov/glossary/term/cgn"}],"definitions":null},{"term":"CAS","link":"https://csrc.nist.gov/glossary/term/cas","abbrSyn":[{"text":"Certification Authority System","link":"https://csrc.nist.gov/glossary/term/certification_authority_system"},{"text":"Content Addressable Storage","link":"https://csrc.nist.gov/glossary/term/content_addressable_storage"}],"definitions":null},{"term":"CASB","link":"https://csrc.nist.gov/glossary/term/casb","abbrSyn":[{"text":"cloud access security broker","link":"https://csrc.nist.gov/glossary/term/cloud_access_security_broker"}],"definitions":null},{"term":"Cascaded Style Sheet","link":"https://csrc.nist.gov/glossary/term/cascaded_style_sheet","abbrSyn":[{"text":"CSS","link":"https://csrc.nist.gov/glossary/term/css"}],"definitions":null},{"term":"cascading","link":"https://csrc.nist.gov/glossary/term/cascading","definitions":[{"text":"An approach for deploying CDS where two identical CDSs are placed in series to transfer information across multiple different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"CASSA","link":"https://csrc.nist.gov/glossary/term/cassa","abbrSyn":[{"text":"Cognitive-based Approach to System Security Assessment","link":"https://csrc.nist.gov/glossary/term/cognitive_based_approach_to_system_security_assessment"}],"definitions":null},{"term":"catalog","link":"https://csrc.nist.gov/glossary/term/catalog","definitions":[{"text":"The collection of all assessment elements.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"categorization","link":"https://csrc.nist.gov/glossary/term/categorization","abbrSyn":[{"text":"security categorization","link":"https://csrc.nist.gov/glossary/term/security_categorization"},{"text":"Security Categorization"}],"definitions":[{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Categorization ","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Categorization "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Categorization "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS PUB 199 for other than national security systems. See security category.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security categorization ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSSI No.1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Categorization "}]},{"text":"See security categorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Categorization "}]},{"text":"The process of determining the security category for information or a system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems. See security category.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security categorization "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security categorization "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under security categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems. See Security Category.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in Committee on National Security Systems (CNSS) Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Security Categorization "}]}]},{"term":"Category","link":"https://csrc.nist.gov/glossary/term/category","definitions":[{"text":"Restrictive label applied to classified or unclassified information to limit access.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under category "}]},{"text":"The subdivision of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"},{"text":"NIST IR 8406","link":"https://doi.org/10.6028/NIST.IR.8406-upd1","note":" [Update 1]"}]},{"text":"The subdivision of a Function into groups of cybersecurity outcomes, closely tied to programmatic needs and particular activities. Examples of Categories include “Asset Management,” “Identity Management and Access Control,” and “Detection Processes.”","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"The subdivision of a Function into groups of privacy outcomes closely tied to programmatic needs and particular activities.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"C-ATO","link":"https://csrc.nist.gov/glossary/term/c_ato","abbrSyn":[{"text":"continuous authority to operate","link":"https://csrc.nist.gov/glossary/term/continuous_authority_to_operate"}],"definitions":null},{"term":"CAVP","link":"https://csrc.nist.gov/glossary/term/cavp","abbrSyn":[{"text":"Cryptographic Algorithm Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_algorithm_validation_program"}],"definitions":null},{"term":"CAVS","link":"https://csrc.nist.gov/glossary/term/cavs","abbrSyn":[{"text":"Cryptographic Algorithm Validation System","link":"https://csrc.nist.gov/glossary/term/cryptographic_algorithm_validation_system"}],"definitions":null},{"term":"CAW","link":"https://csrc.nist.gov/glossary/term/caw","note":"(C.F.D.)","abbrSyn":[{"text":"Certification Authority Workstation","link":"https://csrc.nist.gov/glossary/term/certification_authority_workstation"}],"definitions":null},{"term":"CBA","link":"https://csrc.nist.gov/glossary/term/cba","abbrSyn":[{"text":"Cost/Benefit Analysis","link":"https://csrc.nist.gov/glossary/term/cost_benefit_analysis"}],"definitions":null},{"term":"CBAC","link":"https://csrc.nist.gov/glossary/term/cbac","abbrSyn":[{"text":"Capability Bases Access Control","link":"https://csrc.nist.gov/glossary/term/capability_bases_access_control"}],"definitions":null},{"term":"CBC","link":"https://csrc.nist.gov/glossary/term/cbc","abbrSyn":[{"text":"Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/cipher_block_chaining"},{"text":"Cipher Block Chaining mode"},{"text":"CipherBlock Chaining"}],"definitions":null},{"term":"CBC-MAC","link":"https://csrc.nist.gov/glossary/term/cbc_mac","abbrSyn":[{"text":"Cipher Block Chaining - Message Authentication Code (CMAC)","link":"https://csrc.nist.gov/glossary/term/cipher_block_chaining_message_authentication_code"},{"text":"Cipher Block Chaining Message Authentication Code"},{"text":"Cipher Block Chaining-Message Authentication Code"}],"definitions":null},{"term":"CBDC","link":"https://csrc.nist.gov/glossary/term/cbdc","abbrSyn":[{"text":"Central Bank Digital Currency","link":"https://csrc.nist.gov/glossary/term/central_bank_digital_currency"}],"definitions":null},{"term":"CBEFF","link":"https://csrc.nist.gov/glossary/term/cbeff","abbrSyn":[{"text":"Common Biometric Exchange Formats Framework","link":"https://csrc.nist.gov/glossary/term/common_biometric_exchange_formats_framework"}],"definitions":null},{"term":"CBEFF Basic Structure","link":"https://csrc.nist.gov/glossary/term/cbeff_basic_structure","definitions":[{"text":"The basic CBEFF structure consists of a single Standard Biometric Header followed by a Biometric Data Block and an optional Signature Block","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBEFF Client","link":"https://csrc.nist.gov/glossary/term/cbeff_client","definitions":[{"text":"An entity that defines a biometric data block (BDB) structure (e.g., a BDB format owner) that is CBEFF com­ pliant. This would include any vendor, standards body, working group, or industry consortium that has regis­ tered itself with IBIA and has defined one or more BDB format types.","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBEFF Nested Structure","link":"https://csrc.nist.gov/glossary/term/cbeff_nested_structure","definitions":[{"text":"A CBEFF Nested Structure consists of a Root Header followed by Sub-Headers, one or more CBEFF Basic Structures, and an optional Signature Block","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBEFF Patron","link":"https://csrc.nist.gov/glossary/term/cbeff_patron","definitions":[{"text":"An organization that has defined a standard or specification incorporating biometric data objects that is CBEFF compliant","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBEFF Root Header","link":"https://csrc.nist.gov/glossary/term/cbeff_root_header","definitions":[{"text":"The CBEFF Standard Biometric Header that precedes all others in a CBEFF nested structure","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBEFF Sub-Header","link":"https://csrc.nist.gov/glossary/term/cbeff_sub_header","definitions":[{"text":"Any CBEFF Standard Biometric Header in a CBEFF nested structure that follows the Root Header and pre­ cedes one or more Basic Data Structures. A CBEFF Sub-Header is not immediately followed by a Biometric Data Block.","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"CBOR","link":"https://csrc.nist.gov/glossary/term/cbor","abbrSyn":[{"text":"Concise Binary Object Representation","link":"https://csrc.nist.gov/glossary/term/concise_binary_object_representation"}],"definitions":null},{"term":"CBP","link":"https://csrc.nist.gov/glossary/term/cbp","abbrSyn":[{"text":"Customs and Border Patrol","link":"https://csrc.nist.gov/glossary/term/customs_and_border_patrol"}],"definitions":null},{"term":"CC","link":"https://csrc.nist.gov/glossary/term/cc","abbrSyn":[{"text":"Common Criteria"},{"text":"Common Criteria for IT Security Evaluation","link":"https://csrc.nist.gov/glossary/term/common_criteria_for_it_security_evaluation"}],"definitions":[{"text":"Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Criteria ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A set of internationally accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Common Criteria "}]}]},{"term":"CCA","link":"https://csrc.nist.gov/glossary/term/cca","abbrSyn":[{"text":"Chosen Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/chosen_ciphertext_attack"},{"text":"Confidential Compute Architecture","link":"https://csrc.nist.gov/glossary/term/confidential_compute_architecture"}],"definitions":null},{"term":"CCA with nonce misuse-resilience","link":"https://csrc.nist.gov/glossary/term/cca_with_nonce_misuse_resilience","abbrSyn":[{"text":"CCAm","link":"https://csrc.nist.gov/glossary/term/ccam"}],"definitions":null},{"term":"CCAm","link":"https://csrc.nist.gov/glossary/term/ccam","abbrSyn":[{"text":"CCA with nonce misuse-resilience","link":"https://csrc.nist.gov/glossary/term/cca_with_nonce_misuse_resilience"}],"definitions":null},{"term":"CCB","link":"https://csrc.nist.gov/glossary/term/ccb","abbrSyn":[{"text":"Change Control Board","link":"https://csrc.nist.gov/glossary/term/change_control_board"},{"text":"Configuration Control Board"}],"definitions":[{"text":"A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system. ","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Control Board ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"CCC","link":"https://csrc.nist.gov/glossary/term/ccc","abbrSyn":[{"text":"Card Capability Container","link":"https://csrc.nist.gov/glossary/term/card_capability_container"}],"definitions":null},{"term":"CCCS","link":"https://csrc.nist.gov/glossary/term/cccs","abbrSyn":[{"text":"Canadian Centre for Cyber Security","link":"https://csrc.nist.gov/glossary/term/canadian_centre_for_cyber_security"}],"definitions":null},{"term":"CCE","link":"https://csrc.nist.gov/glossary/term/cce","abbrSyn":[{"text":"Common Configuration Enumeration"},{"text":"Consequence-Driven Cyber-Informed Engineering","link":"https://csrc.nist.gov/glossary/term/consequence_driven_cyber_informed_engineering"}],"definitions":null},{"term":"CCE ID","link":"https://csrc.nist.gov/glossary/term/cce_id","definitions":[{"text":"An identifier for a specific configuration defined within the official CCE Dictionary and that conforms to the CCE specification.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"CCEB","link":"https://csrc.nist.gov/glossary/term/cceb","abbrSyn":[{"text":"Combined Communications-Electronics Board","link":"https://csrc.nist.gov/glossary/term/combined_communications_electronics_board"}],"definitions":null},{"term":"CCEP","link":"https://csrc.nist.gov/glossary/term/ccep","abbrSyn":[{"text":"Commercial COMSEC Evaluation Program"}],"definitions":null},{"term":"CCEVS","link":"https://csrc.nist.gov/glossary/term/ccevs","abbrSyn":[{"text":"Common Criteria Evaluation and Validation Scheme","link":"https://csrc.nist.gov/glossary/term/common_criteria_evaluation_and_validation_scheme"}],"definitions":null},{"term":"CCI","link":"https://csrc.nist.gov/glossary/term/cci","abbrSyn":[{"text":"Control Correlation Identifier"},{"text":"Controlled Cryptographic Item"}],"definitions":null},{"term":"CCIPS","link":"https://csrc.nist.gov/glossary/term/ccips","abbrSyn":[{"text":"Computer Crime and Intellectual Property Section","link":"https://csrc.nist.gov/glossary/term/computer_crime_and_intellectual_property_section"}],"definitions":null},{"term":"CCM","link":"https://csrc.nist.gov/glossary/term/ccm","abbrSyn":[{"text":"Counter Mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC)"},{"text":"Counter with CBC Message Authentication Code"},{"text":"Counter with CBC-MAC"},{"text":"Counter with Cipher Block Chaining Mode"},{"text":"Counter with Cipher Block Chaining-Message Authentication Code"}],"definitions":null},{"term":"CCMP","link":"https://csrc.nist.gov/glossary/term/ccmp","abbrSyn":[{"text":"Counter Mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC) Protocol"},{"text":"Cipher Block Chaining Message Authentication Code Protocol"},{"text":"Counter Mode with CBC MAC Protocol"},{"text":"Counter Mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC) Protocol","link":"https://csrc.nist.gov/glossary/term/counter_mode_with_cbc_mac_protocol"},{"text":"Counter-Mode/CBC-MAC Protocol","link":"https://csrc.nist.gov/glossary/term/counter_mode_cbc_mac_protocol"}],"definitions":null},{"term":"CCN","link":"https://csrc.nist.gov/glossary/term/ccn","abbrSyn":[{"text":"Credit Card Number","link":"https://csrc.nist.gov/glossary/term/credit_card_number"}],"definitions":null},{"term":"CCoA","link":"https://csrc.nist.gov/glossary/term/ccoa","abbrSyn":[{"text":"Cyber Courses of Action","link":"https://csrc.nist.gov/glossary/term/cyber_courses_of_action"}],"definitions":null},{"term":"CCRB","link":"https://csrc.nist.gov/glossary/term/ccrb","abbrSyn":[{"text":"Configuration Control Review Board","link":"https://csrc.nist.gov/glossary/term/configuration_control_review_board"}],"definitions":null},{"term":"CCSDS","link":"https://csrc.nist.gov/glossary/term/ccsds","abbrSyn":[{"text":"Consultative Committee for Space Data Systems","link":"https://csrc.nist.gov/glossary/term/consultative_committee_for_space_data_systems"}],"definitions":null},{"term":"CCSS","link":"https://csrc.nist.gov/glossary/term/ccss","abbrSyn":[{"text":"Common Configuration Scoring System"}],"definitions":null},{"term":"ccTLD","link":"https://csrc.nist.gov/glossary/term/cctld","abbrSyn":[{"text":"Country-code Top-level Domain","link":"https://csrc.nist.gov/glossary/term/country_code_top_level_domain"}],"definitions":null},{"term":"CCTV","link":"https://csrc.nist.gov/glossary/term/cctv","abbrSyn":[{"text":"Closed Circuit Television","link":"https://csrc.nist.gov/glossary/term/closed_circuit_television"}],"definitions":null},{"term":"CD","link":"https://csrc.nist.gov/glossary/term/cd","abbrSyn":[{"text":"Checking Disabled","link":"https://csrc.nist.gov/glossary/term/checking_disabled"},{"text":"Committee Draft","link":"https://csrc.nist.gov/glossary/term/committee_draft"},{"text":"Compact Disc","link":"https://csrc.nist.gov/glossary/term/compact_disc"},{"text":"Compact Disk"},{"text":"Cross Domain"}],"definitions":[{"text":"A Compact Disc(CD)is a class of media from which data are readby optical means.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"A class of media from which data are read by optical means.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Compact Disc ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]}]},{"term":"CD File System","link":"https://csrc.nist.gov/glossary/term/cd_file_system","abbrSyn":[{"text":"CDFS","link":"https://csrc.nist.gov/glossary/term/cdfs"}],"definitions":null},{"term":"CDC","link":"https://csrc.nist.gov/glossary/term/cdc","abbrSyn":[{"text":"Cybersecurity Defense Community","link":"https://csrc.nist.gov/glossary/term/cybersecurity_defense_community"}],"definitions":null},{"term":"CDFS","link":"https://csrc.nist.gov/glossary/term/cdfs","abbrSyn":[{"text":"CD File System","link":"https://csrc.nist.gov/glossary/term/cd_file_system"}],"definitions":null},{"term":"CDH","link":"https://csrc.nist.gov/glossary/term/cdh","abbrSyn":[{"text":"Cofactor Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/cofactor_diffie_hellman"},{"text":"Co-factor Diffie-Hellman"}],"definitions":[{"text":"The cofactor ECC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]}]},{"term":"CDM","link":"https://csrc.nist.gov/glossary/term/cdm","abbrSyn":[{"text":"Continuous Diagnostics and Mitigation"},{"text":"Continuous Diagnostics and Monitoring"}],"definitions":[{"text":"See Continuous Diagnostics and Mitigation.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"CDMA","link":"https://csrc.nist.gov/glossary/term/cdma","abbrSyn":[{"text":"Code Division Multiple Access"}],"definitions":[{"text":"A spread spectrum technology for cellular networks based on the Interim Standard-95 (IS-95) from the Telecommunications Industry Association (TIA).","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Code Division Multiple Access "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Code Division Multiple Access "}]}]},{"term":"CDMA Subscriber Identity Module (CSIM)","link":"https://csrc.nist.gov/glossary/term/cdma_subscriber_identity_module","abbrSyn":[{"text":"CSIM","link":"https://csrc.nist.gov/glossary/term/csim"}],"definitions":[{"text":"CSIM is an application to support CDMA2000 phones that runs on a UICC, with a file structure derived from the R-UIM card.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"CDN","link":"https://csrc.nist.gov/glossary/term/cdn","abbrSyn":[{"text":"Content Delivery Networks","link":"https://csrc.nist.gov/glossary/term/content_delivery_networks"}],"definitions":null},{"term":"CDP","link":"https://csrc.nist.gov/glossary/term/cdp","abbrSyn":[{"text":"Continuous Data Protection","link":"https://csrc.nist.gov/glossary/term/continuous_data_protection"},{"text":"CRL Distribution Point"}],"definitions":null},{"term":"CDR","link":"https://csrc.nist.gov/glossary/term/cdr","abbrSyn":[{"text":"Call Detail Record","link":"https://csrc.nist.gov/glossary/term/call_detail_record"}],"definitions":null},{"term":"CD-R","link":"https://csrc.nist.gov/glossary/term/cd_r","abbrSyn":[{"text":"CD-Recordable","link":"https://csrc.nist.gov/glossary/term/cd_recordable"},{"text":"Compact Disc-Recordable","link":"https://csrc.nist.gov/glossary/term/compact_disc_recordable"}],"definitions":[{"text":"ACompact Disc Recordable(CD-R) is aCD thatcan be written on only once but read manytimes. Also known as WORM.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"CD-Read Only Memory","link":"https://csrc.nist.gov/glossary/term/cd_read_only_memory","abbrSyn":[{"text":"CD-ROM","link":"https://csrc.nist.gov/glossary/term/cd_rom"}],"definitions":null},{"term":"CD-Recordable","link":"https://csrc.nist.gov/glossary/term/cd_recordable","abbrSyn":[{"text":"CD-R","link":"https://csrc.nist.gov/glossary/term/cd_r"}],"definitions":[{"text":"ACompact Disc Recordable(CD-R) is aCD thatcan be written on only once but read manytimes. Also known as WORM.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD-R "}]}]},{"term":"CD-Rewritable","link":"https://csrc.nist.gov/glossary/term/cd_rewritable","abbrSyn":[{"text":"CD-RW","link":"https://csrc.nist.gov/glossary/term/cd_rw"}],"definitions":[{"text":"ACompact Disc Read/Write(CD-RW) isaCD that can be Purged and rewritten multiple times.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD-RW "}]}]},{"term":"CD-ROM","link":"https://csrc.nist.gov/glossary/term/cd_rom","abbrSyn":[{"text":"CD-Read Only Memory","link":"https://csrc.nist.gov/glossary/term/cd_read_only_memory"},{"text":"Compact Disc Read Only Memory"},{"text":"Compact Disc Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/compact_disc_read_only_memory"},{"text":"Compact Disk—Read-Only Memory"}],"definitions":null},{"term":"CD-RW","link":"https://csrc.nist.gov/glossary/term/cd_rw","abbrSyn":[{"text":"CD-Rewritable","link":"https://csrc.nist.gov/glossary/term/cd_rewritable"}],"definitions":[{"text":"ACompact Disc Read/Write(CD-RW) isaCD that can be Purged and rewritten multiple times.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"CDS","link":"https://csrc.nist.gov/glossary/term/cds","abbrSyn":[{"text":"Card Design Standard","link":"https://csrc.nist.gov/glossary/term/card_design_standard"},{"text":"Cross Domain Solution"},{"text":"Cross-Domain Solutions","link":"https://csrc.nist.gov/glossary/term/cross_domain_solutions"}],"definitions":[{"text":"A form of controlled interface that provides the ability to manually and/or automatically access and transfer information between different security domains. A CDS may consist of one or more devices.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Cross Domain Solution "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Cross Domain Solution ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"CE","link":"https://csrc.nist.gov/glossary/term/ce","abbrSyn":[{"text":"Cryptographic Erase"}],"definitions":[{"text":"See Cryptographic Erase.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"A method of Sanitization in which the Media Encryption Key(MEK) for the encryptedTarget Data (or the KeyEncryption Key–KEK) is sanitized, making recovery of the decrypted Target Data infeasible.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Cryptographic Erase "}]}]},{"term":"CEA","link":"https://csrc.nist.gov/glossary/term/cea","abbrSyn":[{"text":"Cybersecurity Enhancement Act of 2014","link":"https://csrc.nist.gov/glossary/term/cybersecurity_enhancement_act_2014"}],"definitions":null},{"term":"CED-DA","link":"https://csrc.nist.gov/glossary/term/ced_da","abbrSyn":[{"text":"Center for Enterprise Dissemination-Disclosure Avoidance","link":"https://csrc.nist.gov/glossary/term/center_for_enterprise_dissemination_disclosure_avoidance"}],"definitions":null},{"term":"CEDS","link":"https://csrc.nist.gov/glossary/term/ceds","abbrSyn":[{"text":"Cybersecurity for Energy Delivery Systems","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_energy_delivery_systems"}],"definitions":null},{"term":"CEF","link":"https://csrc.nist.gov/glossary/term/cef","abbrSyn":[{"text":"Common Event Format","link":"https://csrc.nist.gov/glossary/term/common_event_format"}],"definitions":null},{"term":"CeFi","link":"https://csrc.nist.gov/glossary/term/cefi","abbrSyn":[{"text":"centralized finance","link":"https://csrc.nist.gov/glossary/term/centralized_finance"}],"definitions":null},{"term":"Cell on Wheels","link":"https://csrc.nist.gov/glossary/term/cell_on_wheels","abbrSyn":[{"text":"COW","link":"https://csrc.nist.gov/glossary/term/cow"}],"definitions":null},{"term":"Cellular Network Isolation Card (CNIC)","link":"https://csrc.nist.gov/glossary/term/cellular_network_isolation_card","abbrSyn":[{"text":"CNIC","link":"https://csrc.nist.gov/glossary/term/cnic"}],"definitions":[{"text":"A SIM card that isolates the device from cell tower connectivity.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Cellular Telecommunications and Internet Association","link":"https://csrc.nist.gov/glossary/term/cellular_telecommunications_and_internet_association","abbrSyn":[{"text":"CTIA","link":"https://csrc.nist.gov/glossary/term/ctia"}],"definitions":null},{"term":"Center for Education and Research in Information Assurance and Security","link":"https://csrc.nist.gov/glossary/term/center_for_education_and_research_in_information_assurance_and_security","abbrSyn":[{"text":"CERIAS","link":"https://csrc.nist.gov/glossary/term/cerias"}],"definitions":null},{"term":"Center for Enterprise Dissemination-Disclosure Avoidance","link":"https://csrc.nist.gov/glossary/term/center_for_enterprise_dissemination_disclosure_avoidance","abbrSyn":[{"text":"CED-DA","link":"https://csrc.nist.gov/glossary/term/ced_da"},{"text":"CISA","link":"https://csrc.nist.gov/glossary/term/cisa"}],"definitions":null},{"term":"Center for Internet Security","link":"https://csrc.nist.gov/glossary/term/center_for_internet_security","abbrSyn":[{"text":"CIS","link":"https://csrc.nist.gov/glossary/term/cis"}],"definitions":null},{"term":"Centers for Medicare and Medicaid Services","link":"https://csrc.nist.gov/glossary/term/centers_for_medicare_and_medicaid_services","abbrSyn":[{"text":"CMS","link":"https://csrc.nist.gov/glossary/term/cms"}],"definitions":null},{"term":"Centers of Academic Excellence","link":"https://csrc.nist.gov/glossary/term/centers_of_academic_excellence","abbrSyn":[{"text":"CAE","link":"https://csrc.nist.gov/glossary/term/cae"}],"definitions":null},{"term":"Centimeter","link":"https://csrc.nist.gov/glossary/term/centimeter","abbrSyn":[{"text":"cm","link":"https://csrc.nist.gov/glossary/term/cm_lowercase"}],"definitions":null},{"term":"CentOS","link":"https://csrc.nist.gov/glossary/term/centos","abbrSyn":[{"text":"Community Enterprise Operating System","link":"https://csrc.nist.gov/glossary/term/community_enterprise_operating_system"}],"definitions":null},{"term":"Central Bank Digital Currency","link":"https://csrc.nist.gov/glossary/term/central_bank_digital_currency","abbrSyn":[{"text":"CBDC","link":"https://csrc.nist.gov/glossary/term/cbdc"}],"definitions":null},{"term":"Central Facility Finksburg","link":"https://csrc.nist.gov/glossary/term/central_facility_finksburg","abbrSyn":[{"text":"CFFB","link":"https://csrc.nist.gov/glossary/term/cffb"}],"definitions":null},{"term":"Central Limit Theorem","link":"https://csrc.nist.gov/glossary/term/central_limit_theorem","definitions":[{"text":"For a random sample of size n from a population with meanm and variance s2, the distribution of the sample means is approximately normal with mean m and variance s2/n as the sample size increases.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"central management","link":"https://csrc.nist.gov/glossary/term/central_management","definitions":[{"text":"The organization-wide management and implementation of selected security controls and related processes. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed security controls and processes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Central Management "}]},{"text":"The organization-wide management and implementation of selected security and privacy controls and related processes. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed security and privacy controls and processes.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"central office of record","link":"https://csrc.nist.gov/glossary/term/central_office_of_record","abbrSyn":[{"text":"COR","link":"https://csrc.nist.gov/glossary/term/cor"}],"definitions":[{"text":"The entity that keeps records of accountable COMSEC material held by COMSEC accounts subject to its oversight.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Central Oversight Authority","link":"https://csrc.nist.gov/glossary/term/central_oversight_authority","abbrSyn":[{"text":"COA","link":"https://csrc.nist.gov/glossary/term/coa"}],"definitions":[{"text":"The Key Management Infrastructure (KMI) entity that provides overall KMI data synchronization and system security oversight for an organization or set of organizations.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Central oversight authority "}]},{"text":"The cryptographic key management system (CKMS) entity that provides overall CKMS data synchronization and system security oversight for an organization or set of organizations.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Central Processing Unit","link":"https://csrc.nist.gov/glossary/term/central_processing_unit","abbrSyn":[{"text":"CPU","link":"https://csrc.nist.gov/glossary/term/cpu"}],"definitions":null},{"term":"Central Public Safety Service Provider","link":"https://csrc.nist.gov/glossary/term/central_public_safety_service_provider","abbrSyn":[{"text":"CPSSP","link":"https://csrc.nist.gov/glossary/term/cpssp"}],"definitions":null},{"term":"Central Reservation System","link":"https://csrc.nist.gov/glossary/term/central_reservation_system","abbrSyn":[{"text":"CRS","link":"https://csrc.nist.gov/glossary/term/crs"}],"definitions":null},{"term":"Central Security Service","link":"https://csrc.nist.gov/glossary/term/central_security_service","abbrSyn":[{"text":"CSS","link":"https://csrc.nist.gov/glossary/term/css"}],"definitions":null},{"term":"central services node","link":"https://csrc.nist.gov/glossary/term/central_services_node","abbrSyn":[{"text":"CSN","link":"https://csrc.nist.gov/glossary/term/csn"}],"definitions":[{"text":"The Key Management Infrastructure core node that provides central security management and data management services.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Central Verification System","link":"https://csrc.nist.gov/glossary/term/card_verification_system","definitions":[{"text":"A system operated by the Office of Personnel Management that contains information on security clearances, investigations, suitability, fitness determinations, [HSPD-12] decisions, PIV credentials, and polygraph data.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"centralized finance","link":"https://csrc.nist.gov/glossary/term/centralized_finance","abbrSyn":[{"text":"CeFi","link":"https://csrc.nist.gov/glossary/term/cefi"}],"definitions":null},{"term":"Centralized network","link":"https://csrc.nist.gov/glossary/term/centralized_network","definitions":[{"text":"A network configuration where participants must communicate with a central authority to communicate with one another. Since all participants must go through a single centralized source, the loss of that source would prevent all participants from communicating.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Centre for the Protection of National Infrastructure","link":"https://csrc.nist.gov/glossary/term/centre_for_the_protection_of_national_infrastructure","abbrSyn":[{"text":"CPNI","link":"https://csrc.nist.gov/glossary/term/cpni"}],"definitions":null},{"term":"centric architecture","link":"https://csrc.nist.gov/glossary/term/centric_architecture","definitions":[{"text":"A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnected by a network that enhances information sharing and collaboration. Subsystems and services may or may not be developed or owned by the same entity, and, in general, will not be continually present during the full life cycle of the system of systems. Examples of this architecture include service-oriented architectures and cloud computing architectures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]}]},{"term":"Centrum Wiskunde & Informatica","link":"https://csrc.nist.gov/glossary/term/centrum_wiskunde_and_informatica","abbrSyn":[{"text":"CWI","link":"https://csrc.nist.gov/glossary/term/cwi"}],"definitions":null},{"term":"CEO","link":"https://csrc.nist.gov/glossary/term/ceo","abbrSyn":[{"text":"Chief Executive Officer","link":"https://csrc.nist.gov/glossary/term/chief_executive_officer"}],"definitions":null},{"term":"CEP","link":"https://csrc.nist.gov/glossary/term/cep","abbrSyn":[{"text":"Certificate Enrollment Policy","link":"https://csrc.nist.gov/glossary/term/certificate_enrollment_policy"}],"definitions":null},{"term":"CERG","link":"https://csrc.nist.gov/glossary/term/cerg","abbrSyn":[{"text":"Cryptographic Engineering Research Group","link":"https://csrc.nist.gov/glossary/term/cryptographic_engineering_research_group"}],"definitions":null},{"term":"CERIAS","link":"https://csrc.nist.gov/glossary/term/cerias","abbrSyn":[{"text":"Center for Education and Research in Information Assurance and Security","link":"https://csrc.nist.gov/glossary/term/center_for_education_and_research_in_information_assurance_and_security"}],"definitions":null},{"term":"CERT","link":"https://csrc.nist.gov/glossary/term/cert","abbrSyn":[{"text":"Computer Emergency Readiness Team","link":"https://csrc.nist.gov/glossary/term/computer_emergency_readiness_team"},{"text":"Computer Emergency Response Team","link":"https://csrc.nist.gov/glossary/term/computer_emergency_response_team"}],"definitions":null},{"term":"CERT Coordination Center","link":"https://csrc.nist.gov/glossary/term/cert_coordination_center","abbrSyn":[{"text":"CERT®/CC"},{"text":"CERTCC"}],"definitions":null},{"term":"CERT/CC","link":"https://csrc.nist.gov/glossary/term/cert_cc","abbrSyn":[{"text":"CERT Coordination Center","link":"https://csrc.nist.gov/glossary/term/cert_coordination_center"},{"text":"CERT® Coordination Center"},{"text":"Computer Emergency Response Team/Coordination Center","link":"https://csrc.nist.gov/glossary/term/computer_emergency_response_team_coordination_center"},{"text":"Coordination Center","link":"https://csrc.nist.gov/glossary/term/coordination_center"}],"definitions":null},{"term":"certificate","link":"https://csrc.nist.gov/glossary/term/certificate","abbrSyn":[{"text":"public key certificate","link":"https://csrc.nist.gov/glossary/term/public_key_certificate"},{"text":"Public key certificate"},{"text":"public-key certificate"},{"text":"Public-key certificate"}],"definitions":[{"text":"A set of data that uniquely identifies a public key (which has a corresponding private key) and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Certificate "}]},{"text":"A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it. [ABADSG]. As used in this CP, the term “Certificate” refers to certificates that expressly reference the OID of this CP in the “Certificate Policies” field of an X.509 v.3 certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate ","refSources":[{"text":"ABADSG","note":" - plus note"}]}]},{"text":"A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies it’s Subscriber, (3) contains the Subscriber’s public key, (4) identifies it’s operational period, and (5) is digitally signed by the certification authority issuing it.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate ","refSources":[{"text":"ABADSG"}]}]},{"text":"A digital representation of information which at least (1) identifies the certification authority (CA) issuing it, (2) names or identifies its subscriber, (3) contains the subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"},{"text":"CNSSI No. 1300"}]}]},{"text":"See certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under public key certificate "}]},{"text":"A digitally signed data structure defined in the X.509 standard [IS0 94-8] that binds the identity of a certificate holder (or subject) to a public key.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under certificate (or public key certificate) "}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key (including an indication of the associated set of domain parameters) and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e. a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies a key pair owner that is authorized to use the key pair, contains the owner’s public key and possibly other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Certificate "}]},{"text":"See public-key certificate.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Certificate "}]},{"text":"See public key certificate.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certificate "}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key (including an indication of the associated set of domain parameters) and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e., a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Public-key certificate "},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity identified in the certificate. Additional information in the certificate could specify how the key is used and the validity period of the certificate.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Certificate (or public key certificate) "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-key certificate"}]}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period. (Certificates in this practice guide are based on IETF RFC 5280).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-Key Certificate"}]}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period. (Certificates in this practice guide are based on IETF RFC 5280.)","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-key certificate"}]}]},{"text":"Also known as a digital certificate. A digital representation of information which at least\n1. identifies the certification authority issuing it,\n2. names or identifies its subscriber,\n3. contains the subscriber's public key,\n4. identifies its operational period, and\n5. is digitally signed by the certification authority issuing it.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certificate "}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e. a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Public-key certificate "}]}],"seeAlso":[{"text":"cross certificate","link":"cross_certificate"},{"text":"encryption certificate","link":"encryption_certificate"},{"text":"identity certificate","link":"identity_certificate"}]},{"term":"Certificate Authority (CA)","link":"https://csrc.nist.gov/glossary/term/certificate_authority","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"}],"definitions":[{"text":"A trusted entity that issues and revokes public key certificates.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority ","refSources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Authority ","refSources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]},{"text":"The entity in a Public Key Infrastructure (PKI) that is responsible for issuing public-key certificates and exacting compliance to a PKI policy. Also known as a Certification Authority.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Certificate Authority Authorization","link":"https://csrc.nist.gov/glossary/term/certificate_authority_authorization","abbrSyn":[{"text":"CAA","link":"https://csrc.nist.gov/glossary/term/caa"}],"definitions":[{"text":"A record associated with a Domain Name Server (DNS) entry that specifies the CAs that are authorized to issue certificates for that domain.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"certificate authority workstation (CAW)","link":"https://csrc.nist.gov/glossary/term/certificate_authority_workstation","definitions":[{"text":"The computer system or systems that process certification authority (CA) software and/or have access to the CA private keys, end entity keys, or end entity public keys prior to certification.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST CP-1"}]}]}]},{"term":"Certificate Chain","link":"https://csrc.nist.gov/glossary/term/certificate_chain","definitions":[{"text":"An ordered list of certificates that starts with an end-entity certificate, includes one or more certificate authority (CA) certificates, and ends with the end-entity certificate’s root CA certificate, where each certificate in the chain is the certificate of the CA that issued the previous certificate. By checking to see if each certificate in the chain was issued by a trusted CA, the receiver of an end-user certificate can determine whether or not it should trust the end-entity certificate by verifying the signatures in the chain of certificates.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Certificate class","link":"https://csrc.nist.gov/glossary/term/certificate_class","definitions":[{"text":"A CA-designation (e.g., \"class 0\" or \"class 1\") indicating how thoroughly the CA checked the validity of the certificate. Per X.509 rules, the \"class\" should be encoded in the certificate as a CP extension: the CA can insert an object identifier (OID) that designates the set of procedures applied for the issuance of the certificate. These OIDs are CA-specific and can be understood only by referring to the CA's Certification Practice Statement.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Certificate Enrollment Policy","link":"https://csrc.nist.gov/glossary/term/certificate_enrollment_policy","abbrSyn":[{"text":"CEP","link":"https://csrc.nist.gov/glossary/term/cep"}],"definitions":null},{"term":"Certificate Enrollment Service","link":"https://csrc.nist.gov/glossary/term/certificate_enrollment_service","abbrSyn":[{"text":"CES","link":"https://csrc.nist.gov/glossary/term/ces"}],"definitions":null},{"term":"certificate management","link":"https://csrc.nist.gov/glossary/term/certificate_management","definitions":[{"text":"Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. (In the context of this practice guide, it also includes inventory, monitoring, enrolling, installing, and revoking.)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Management ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Management ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. (In the context of this practice guide, it also includes inventory, monitoring, enrolling, installing, and revoking).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Management ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Certificate Management Service","link":"https://csrc.nist.gov/glossary/term/certificate_management_service","abbrSyn":[{"text":"CMS","link":"https://csrc.nist.gov/glossary/term/cms"}],"definitions":null},{"term":"Certificate owner","link":"https://csrc.nist.gov/glossary/term/certificate_owner","definitions":[{"text":"The human(s) responsible for the management of a given certificate.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The entity that is responsible for managing the certificate, including requesting, replacing, and revoking the certificate if and when required. The certificate owner is not necessarily the subject entity associated with the public key in the certificate (i.e., the key pair owner).","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Owner of a certificate "}]},{"text":"A human entity that is identified as the subject in a public key certificate or is a sponsor of a non-human entity (e.g., device, application or process) that is identified as the certificate subject.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Owner (of a certificate) "}]}]},{"term":"certificate revocation list (CRL)","link":"https://csrc.nist.gov/glossary/term/certificate_revocation_list","abbrSyn":[{"text":"CRL","link":"https://csrc.nist.gov/glossary/term/crl"}],"definitions":[{"text":"A list of revoked public key certificates created and digitally signed by a certification authority.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Certificate Revocation List ","refSources":[{"text":"RFC 5280","link":"https://doi.org/10.17487/RFC5280","note":" - adapted"},{"text":"RFC 6818","link":"https://doi.org/10.17487/RFC6818","note":" - adapted"}]}]},{"text":"These are digitally signed “blacklists” of revoked certificates. Certification authorities (CAs) periodically issue certificate revocation lists (CRLs), and users can retrieve them on demand via repositories.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"1. A list of revoked public key certificates created and digitally signed by a Certificate Authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"},{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"A list of revoked public key certificates created and digitally signed by a Certification Authority.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under certificate revocation list "},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certificate Revocation List "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Certificate Revocation List ","refSources":[{"text":"RFC 3280","link":"https://doi.org/10.17487/RFC3280"}]}]},{"text":"a list of revoked but unexpired certificates issued by a CA.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"A list maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate Revocation List (CRL) "},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Certificate Revocation List ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A list of revoked public key certificates by certificate number that includes the revocation date and (possibly) the reason for their revocation.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certificate revocation list (CRL) "}]},{"text":"A list of revoked but unexpired certificates issued by a Certification Authority.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Certificate Revocation List (CRL) "}]},{"text":"A list of digital certificates that have been revoked by an issuing CA before their scheduled expiration date and should no longer be trusted.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "}]},{"text":"A list of revoked public key certificates created and digitally signed by a Certificate Authority. See [RFC 5280].","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Certificate Revocation List (CRL) "}]}]},{"term":"Certificate Signing Request","link":"https://csrc.nist.gov/glossary/term/certificate_signing_request","abbrSyn":[{"text":"CSR","link":"https://csrc.nist.gov/glossary/term/csr"}],"definitions":[{"text":"A request sent from a certificate requester to a certificate authority to apply for a digital identity certificate. The certificate signing request contains the public key as well as other information to be included in the certificate and is signed by the private key corresponding to the public key.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Certificate Status Authority","link":"https://csrc.nist.gov/glossary/term/certificate_status_authority","abbrSyn":[{"text":"CSA","link":"https://csrc.nist.gov/glossary/term/csa"}],"definitions":[{"text":"A trusted entity that provides on-line verification to a relying party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]}]},{"term":"certificate status server","link":"https://csrc.nist.gov/glossary/term/certificate_status_server","abbrSyn":[{"text":"CSS","link":"https://csrc.nist.gov/glossary/term/css"}],"definitions":[{"text":"An authority that provides status information about certificates on behalf of the CA through online transactions (e.g., an online certificate status protocol (OCSP) responder).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Certificate Transparency","link":"https://csrc.nist.gov/glossary/term/certificate_transparency","abbrSyn":[{"text":"CT","link":"https://csrc.nist.gov/glossary/term/ct"}],"definitions":[{"text":"A framework for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed in a manner that allows anyone to audit CA activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. (Experimental RFC 6962)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"RFC 6962","link":"https://doi.org/10.17487/RFC6962"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"RFC 6962","link":"https://doi.org/10.17487/RFC6962"}]}]}]},{"term":"Certificate Usage Type","link":"https://csrc.nist.gov/glossary/term/certificate_usage_type","abbrSyn":[{"text":"CU","link":"https://csrc.nist.gov/glossary/term/cu"}],"definitions":null},{"term":"Certificate-inventory management","link":"https://csrc.nist.gov/glossary/term/certificate_inventory_management","definitions":[{"text":"See Key-inventory management.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"Establishing and maintaining records of the keys and/or certificates in use, assigning and tracking their owners or sponsors, monitoring key and certificate status, and reporting the status to the appropriate official for remedial action when required.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key-inventory (or certificate-inventory) management "}]}]},{"term":"certificate-related information","link":"https://csrc.nist.gov/glossary/term/certificate_related_information","definitions":[{"text":"Information, such as subscriber’s postal address, that is not included in a certificate. May be used by a certification authority (CA) managing certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]}]},{"term":"certification","link":"https://csrc.nist.gov/glossary/term/certification","definitions":[{"text":"Third-party attestation related to an object of conformity assessment, with the exception of accreditation.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2","underTerm":" under Certification "}]},{"text":"A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under CERTIFICATION "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Certification ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Certification ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Certification ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Certification ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Comprehensive evaluation of an information system component that establishes the extent to which a particular design and implementation meets a set of specified security requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"a formal process for testing components or systems against a specified set ofsecurity requirements. Certification is normally performed by an independent reviewer rather than one involved in building the system. Certification can be part of the review of security controls identified in OMB Circular A-130, Appendix III, which calls for security reviews to assure that management, operational, and technical controls are appropriate and functioning effectively. (See Accreditation.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Certification "}]},{"text":"The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Certification "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Certification "}]}],"seeAlso":[{"text":"Accreditation"}]},{"term":"Certification Agent","link":"https://csrc.nist.gov/glossary/term/certification_agent","definitions":[{"text":"The individual, group, or organization responsible for conducting a security certification.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]}]},{"term":"certification analyst","link":"https://csrc.nist.gov/glossary/term/certification_analyst","note":"(C.F.D.)","definitions":[{"text":"The independent technical liaison for all stakeholders involved in the certification and accreditation (C&A) process responsible for objectively and independently evaluating a system as part of the risk management process. Based on the security requirements documented in the security plan, performs a technical and non-technical review of potential vulnerabilities in the system and determines if the security controls (management, operational, and technical) are correctly implemented and effective.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"certification authority","link":"https://csrc.nist.gov/glossary/term/certification_authority","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"}],"definitions":[{"text":"An entity authorized to create, sign, issue, and revoke public key certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"A trusted entity that issues and revokes public key certificates.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under Certification Authority "},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certification Authority "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Certification Authority "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Certification Authority "}]},{"text":"A trusted entity that issues certificates to end entities and other CAs. CAs issue CRLs periodically, and post certificates and CRLs to a repository.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Certification Authority (CA) "}]},{"text":"An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CARLs or CRLs.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certification Authority (CA) "}]},{"text":"The entity in a Public-Key Infrastructure (PKI) that is responsible for issuing public key certificates and exacting compliance to a PKI policy.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Certification Authority (CA) "}]},{"text":"The entity in a Public Key Infrastructure (PKI) that issues certificates to certificate subjects.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Certification authority "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Certification authority "}]},{"text":"The entity in a Public Key Infrastructure (PKI) that is responsible for issuing certificates and exacting compliance with a PKI policy.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Certification Authority (CA) "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Certification Authority (CA) "}]},{"text":"The entity in a Public Key Infrastructure (PKI) that is responsible for issuing certificates and exacting compliance to a PKI policy.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Certification authority (CA) "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certification Authority (CA) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Certification authority "}]},{"text":"The entity in a public key infrastructure (PKI) that is responsible for issuing certificates to certificate subjects and exacting compliance to a PKI policy.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Certification Authority (CA) "}]},{"text":"The entity in a Public Key Infrastructure (PKI) that is responsible for issuing public-key certificates and exacting compliance to a PKI policy.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Certification Authority (CA) "}]}]},{"term":"Certification Authority System","link":"https://csrc.nist.gov/glossary/term/certification_authority_system","abbrSyn":[{"text":"CAS","link":"https://csrc.nist.gov/glossary/term/cas"}],"definitions":null},{"term":"Certification Authority Workstation","link":"https://csrc.nist.gov/glossary/term/certification_authority_workstation","abbrSyn":[{"text":"CAW","link":"https://csrc.nist.gov/glossary/term/caw"}],"definitions":[{"text":"Commercial-off-the-shelf (COTS) workstation with a trusted operating system and special purpose application software that is used to issue certificates. \nRationale: Term has been replaced by the term “certificate authority workstation (CAW)”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under certification authority workstation (CAW) "}]}]},{"term":"certification package","link":"https://csrc.nist.gov/glossary/term/certification_package","note":"(C.F.D.)","definitions":[{"text":"Product of the certification effort documenting the detailed results of the certification activities. \nRationale: The Risk Management Framework uses a new term to refer to this concept, and it is called security assessment report (SAR).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"certification practice statement (CPS)","link":"https://csrc.nist.gov/glossary/term/certification_practice_statement","abbrSyn":[{"text":"CPS","link":"https://csrc.nist.gov/glossary/term/cps"}],"definitions":[{"text":"A statement of the practices that a certification authority (CA) employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A statement of the practices which a Certification Authority employs in issuing certificates.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Certification Practice Statement "}]},{"text":"A statement of the practices that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CP, or requirements specified in a contract for services).","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certification Practice Statement (CPS) "}]},{"text":"A statement of the practices that a certification authority employs in issuing certificates.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Certification practices statement "}]},{"text":"A statement of the practices that a Certification Authority employs in issuing and managing public key certificates.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certification Practice Statement "}]}]},{"term":"certification test and evaluation","link":"https://csrc.nist.gov/glossary/term/certification_test_and_evaluation","abbrSyn":[{"text":"CT&E","link":"https://csrc.nist.gov/glossary/term/ctande"}],"definitions":[{"text":"Software, hardware, and firmware security tests conducted during development of an information system component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"certified TEMPEST technical authority","link":"https://csrc.nist.gov/glossary/term/certified_tempest_technical_authority","abbrSyn":[{"text":"CTTA","link":"https://csrc.nist.gov/glossary/term/ctta"}],"definitions":[{"text":"An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with CNSS approved criteria and has been appointed by a U.S. Government Department or Agency to fulfill CTTA responsibilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"certifier","link":"https://csrc.nist.gov/glossary/term/certifier","note":"(C.F.D.)","definitions":[{"text":"Individual responsible for making a technical judgment of the system’s compliance with stated requirements, identifying and assessing the risks associated with operating the system, coordinating the certification activities, and consolidating the final certification and accreditation packages. \nRationale: Term has been replaced by the term “security control assessor”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"CES","link":"https://csrc.nist.gov/glossary/term/ces","abbrSyn":[{"text":"Certificate Enrollment Service","link":"https://csrc.nist.gov/glossary/term/certificate_enrollment_service"}],"definitions":null},{"term":"CESER","link":"https://csrc.nist.gov/glossary/term/ceser","abbrSyn":[{"text":"Office of Cybersecurity, Energy Security, and Emergency Response","link":"https://csrc.nist.gov/glossary/term/office_of_cybersecurity_energy_security_emergency_response"}],"definitions":null},{"term":"CF","link":"https://csrc.nist.gov/glossary/term/cf","abbrSyn":[{"text":"Compact Flash","link":"https://csrc.nist.gov/glossary/term/compact_flash"}],"definitions":null},{"term":"CFATS","link":"https://csrc.nist.gov/glossary/term/cfats","abbrSyn":[{"text":"Chemical Facility Anti-Terrorism Standards","link":"https://csrc.nist.gov/glossary/term/chemical_facility_anti_terrorism_standards"}],"definitions":null},{"term":"CFB","link":"https://csrc.nist.gov/glossary/term/cfb","abbrSyn":[{"text":"Cipher Feedback","link":"https://csrc.nist.gov/glossary/term/cipher_feedback"},{"text":"Cipher Feedback mode"}],"definitions":null},{"term":"CFC","link":"https://csrc.nist.gov/glossary/term/cfc","abbrSyn":[{"text":"NIST Cybersecurity Framework Core","link":"https://csrc.nist.gov/glossary/term/nist_cybersecurity_framework_core"}],"definitions":null},{"term":"CFFB","link":"https://csrc.nist.gov/glossary/term/cffb","abbrSyn":[{"text":"Central Facility Finksburg","link":"https://csrc.nist.gov/glossary/term/central_facility_finksburg"}],"definitions":null},{"term":"CFI","link":"https://csrc.nist.gov/glossary/term/cfi","abbrSyn":[{"text":"Computer and Financial Investigations","link":"https://csrc.nist.gov/glossary/term/computer_and_financial_investigations"}],"definitions":null},{"term":"CFO","link":"https://csrc.nist.gov/glossary/term/cfo","abbrSyn":[{"text":"Chief Financial Officer","link":"https://csrc.nist.gov/glossary/term/chief_financial_officer"}],"definitions":null},{"term":"CFOC","link":"https://csrc.nist.gov/glossary/term/cfoc","abbrSyn":[{"text":"Chief Financial Officers Council","link":"https://csrc.nist.gov/glossary/term/chief_financial_officers_council"}],"definitions":null},{"term":"CFRDC","link":"https://csrc.nist.gov/glossary/term/cfrdc","abbrSyn":[{"text":"Computer Forensics Research and Development Center","link":"https://csrc.nist.gov/glossary/term/computer_forensics_research_and_development_center"}],"definitions":null},{"term":"CFReDS","link":"https://csrc.nist.gov/glossary/term/cfreds","abbrSyn":[{"text":"Computer Forensic Reference Data Sets","link":"https://csrc.nist.gov/glossary/term/computer_forensic_reference_data_sets"},{"text":"Computer Forensics Reference Data Sets","link":"https://csrc.nist.gov/glossary/term/computer_forensics_reference_data_sets"}],"definitions":null},{"term":"CFTT","link":"https://csrc.nist.gov/glossary/term/cftt","abbrSyn":[{"text":"Computer Forensic Tool Testing","link":"https://csrc.nist.gov/glossary/term/computer_forensic_tool_testing"},{"text":"Computer Forensics Tool Testing","link":"https://csrc.nist.gov/glossary/term/computer_forensics_tool_testing"}],"definitions":null},{"term":"CGE","link":"https://csrc.nist.gov/glossary/term/cge","abbrSyn":[{"text":"Cisco Global Exploiter","link":"https://csrc.nist.gov/glossary/term/cisco_global_exploiter"}],"definitions":null},{"term":"CGI","link":"https://csrc.nist.gov/glossary/term/cgi","abbrSyn":[{"text":"Common Gateway Interface","link":"https://csrc.nist.gov/glossary/term/common_gateway_interface"}],"definitions":null},{"term":"CGN","link":"https://csrc.nist.gov/glossary/term/cgn","abbrSyn":[{"text":"Carrier Grade NAT","link":"https://csrc.nist.gov/glossary/term/carrier_grade_nat"}],"definitions":null},{"term":"cgroup","link":"https://csrc.nist.gov/glossary/term/cgroup","abbrSyn":[{"text":"Control Group","link":"https://csrc.nist.gov/glossary/term/control_group"}],"definitions":null},{"term":"chain","link":"https://csrc.nist.gov/glossary/term/chain","definitions":[{"text":"Two or more assessment elements that are linked by a common aspect of ISCM. Each chain has an assessment element in Program Step 1, DEFINE, called the root, which has no predecessor or parent element.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"A set of elements that represents a complete assessment concept and are related by their Parent attribute.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"chain of custody","link":"https://csrc.nist.gov/glossary/term/chain_of_custody","definitions":[{"text":"A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Chain of Custody "}]},{"text":"A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for any transfers.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Chain of Custody "}]}]},{"term":"chain of evidence","link":"https://csrc.nist.gov/glossary/term/chain_of_evidence","note":"(C.F.D.)","definitions":[{"text":"A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence. The “sequencing” of the chain of evidence follows this order: collection and identification; analysis; storage; preservation; presentation in court; return to owner. \nRationale: Sufficiently covered under chain of custody.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"chain of trust","link":"https://csrc.nist.gov/glossary/term/chain_of_trust","abbrSyn":[{"text":"authentication chain","link":"https://csrc.nist.gov/glossary/term/authentication_chain"},{"text":"CoT","link":"https://csrc.nist.gov/glossary/term/cot"}],"definitions":[{"text":"An interoperable data format for PIV enrollment records that facilitates the import and export of records between PIV Card issuers.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Chain of trust "}]},{"text":"A method for maintaining valid trust boundaries by applying a principle of transitive trust, where each software module in a system boot process is required to measure the next module before transitioning control.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320","underTerm":" under Chain of Trust "}]},{"text":"See “authentication chain.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2","underTerm":" under Chain of Trust "}]},{"text":"A certain level of trust in supply chain interactions such that each participant in the consumer-provider relationship provides adequate protection for its component products, systems, and services.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Chain-based proof of stake consensus model","link":"https://csrc.nist.gov/glossary/term/chain_based_proof_of_stake_consensus_model","definitions":[{"text":"A proof of stake consensus model where the blockchain network decides the next block through pseudo-random selection, based on a personal stake to overall system asset ratio.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Chained Secure Zone","link":"https://csrc.nist.gov/glossary/term/chained_secure_zone","definitions":[{"text":"A DNS zone in which there is an authentication chain from the zone to a trust anchor.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"chaining","link":"https://csrc.nist.gov/glossary/term/chaining","definitions":[{"text":"An approach for deploying CDS where two different CDS on different operating systems are placed in series to transfer information across multiple security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Challenge","link":"https://csrc.nist.gov/glossary/term/challenge","definitions":[{"text":"For this paper, a currently difficult or impossible task that is either unique to cloud computing or exacerbated by it","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006"}]}]},{"term":"challenge and reply authentication","link":"https://csrc.nist.gov/glossary/term/challenge_and_reply_authentication","definitions":[{"text":"Prearranged procedure in which a subject requests authentication of another and the latter establishes validity with a correct reply.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Challenge-Handshake Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/challenge_handshake_authentication_protocol","abbrSyn":[{"text":"CHAP","link":"https://csrc.nist.gov/glossary/term/chap"}],"definitions":null},{"term":"Challenge-Response Authentication Mechanism","link":"https://csrc.nist.gov/glossary/term/challenge_response_authentication_mechanism","abbrSyn":[{"text":"CRAM","link":"https://csrc.nist.gov/glossary/term/cram"}],"definitions":null},{"term":"Challenge-Response Protocol","link":"https://csrc.nist.gov/glossary/term/challenge_response_protocol","definitions":[{"text":"An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a secret (often by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the Claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the Claimant possesses and controls the secret.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"An authentication protocol where the verifier sends the claimant a challenge (usually a random value or nonce) that the claimant combines with a secret (such as by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the claimant possesses and controls the secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An authentication protocol where the Verifier sends the Claimant a challenge (usually a random value or a nonce) that the Claimant combines with a secret (such as by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the Verifier. The Verifier can independently verify the response generated by the Claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the Claimant possesses and controls the secret.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Change Control Board","link":"https://csrc.nist.gov/glossary/term/change_control_board","abbrSyn":[{"text":"CCB","link":"https://csrc.nist.gov/glossary/term/ccb"}],"definitions":null},{"term":"Change of Authorization","link":"https://csrc.nist.gov/glossary/term/change_of_authorization","abbrSyn":[{"text":"CoA"},{"text":"COA","link":"https://csrc.nist.gov/glossary/term/coa"}],"definitions":null},{"term":"Channel","link":"https://csrc.nist.gov/glossary/term/channel","definitions":[{"text":"An information transfer path within a system. May also refer to the mechanism by which the path is effected.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","refSources":[{"text":"DoD 5200.28-STD","link":"https://www.esd.whs.mil/DD/"}]}]}]},{"term":"CHAP","link":"https://csrc.nist.gov/glossary/term/chap","abbrSyn":[{"text":"Challenge Handshake Authentication Protocol"},{"text":"Challenge-Handshake Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/challenge_handshake_authentication_protocol"}],"definitions":null},{"term":"characterization","link":"https://csrc.nist.gov/glossary/term/characterization","definitions":[{"text":"An extended test of the performance characteristics of a clock or oscillator. A characterization involves more work than a typical calibration. The device under test is usually measured for a long period of time (days or weeks), and sometimes, a series of measurements is made under different environmental conditions. A characterization is often used to determine the types of noise that limit the uncertainty of the measurement and the sensitivity of the device to environmental changes.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Chassis Management Controller","link":"https://csrc.nist.gov/glossary/term/chassis_management_controller","note":"(Cisco)","abbrSyn":[{"text":"CMC","link":"https://csrc.nist.gov/glossary/term/cmc"}],"definitions":null},{"term":"Check Fact Reference","link":"https://csrc.nist.gov/glossary/term/check_fact_reference","definitions":[{"text":"An expression that refers to a check (e.g., OVAL check, OCIL check).","sources":[{"text":"NISTIR 7698","link":"https://doi.org/10.6028/NIST.IR.7698"}]}]},{"term":"check word","link":"https://csrc.nist.gov/glossary/term/check_word","definitions":[{"text":"Cipher text generated by cryptographic logic to detect failures in cryptography.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Checking Disabled","link":"https://csrc.nist.gov/glossary/term/checking_disabled","abbrSyn":[{"text":"CD","link":"https://csrc.nist.gov/glossary/term/cd"}],"definitions":[{"text":"A Compact Disc(CD)is a class of media from which data are readby optical means.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD "}]}]},{"term":"Checklist","link":"https://csrc.nist.gov/glossary/term/checklist","definitions":[{"text":"A document that contains instructions or procedures for configuring an IT product to an operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized configuration changes to the product. Also referred to as a security configuration checklist, lockdown guide, hardening guide, security guide, security technical implementation guide (STIG), or benchmark.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"An organized collection of rules about a particular kind of system or platform.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Checklist Developer","link":"https://csrc.nist.gov/glossary/term/checklist_developer","definitions":[{"text":"An individual or organization that develops and owns a checklist and submits it to the National Checklist Program.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Checklist Group","link":"https://csrc.nist.gov/glossary/term/checklist_group","definitions":[{"text":"Represents the grouping of checklists based on a common source material. Commonly used if an organization packages multiple sets of product guidance under the same name.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Checklist Revision","link":"https://csrc.nist.gov/glossary/term/checklist_revision","definitions":[{"text":"Represents a change to the checklist content that does not affect the underlying rule/value configuration guidance put forth by the content. A scenario that would require a new checklist revision is when SCAP content is created for a prose checklist. This revision would change the checklist's content type from Prose to SCAP Content. A new checklist revision would be created to accommodate this change, while still maintaining the Prose checklist revision for interested parties.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Represents a change to the checklist content that does not affect the underlying rule/value configuration guidance put forth by the content. A scenario that would require a new checklist revision would be when SCAP content is created for a prose checklist. This revision would change the checklist's Tier status from Tier I to either Tier III or IV. A new checklist revision would be created to accommodate this change, while still maintaining the Tier I checklist revision for interested parties.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Checklist Role","link":"https://csrc.nist.gov/glossary/term/checklist_role","definitions":[{"text":"The primary use or function of the IT product as described by the checklist (e.g., client desktop host, web server, bastion host, network border protection, intrusion detection).","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Checklist Type","link":"https://csrc.nist.gov/glossary/term/checklist_type","definitions":[{"text":"The type of checklist, such as Compliance, Vulnerability, and Specialized.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"checksum","link":"https://csrc.nist.gov/glossary/term/checksum","definitions":[{"text":"A value computed on data to detect error or manipulation.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Checksum ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A value that (a) is computed by a function that is dependent on the contents of a data object and (b) is stored or transmitted together with the object, for detecting changes in the data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"A value that (a) is computed by a function that is dependent on the content of a data object and (b) is stored or transmitted together with the object, for detecting changes in the data","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Checksum ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Value computed on data to detect error or manipulation.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Checksum "}]}],"seeAlso":[{"text":"integrity check value","link":"integrity_check_value"},{"text":"message authentication code (MAC)","link":"message_authentication_code"},{"text":"parity bit","link":"parity_bit"}]},{"term":"Chemical Facility Anti-Terrorism Standards","link":"https://csrc.nist.gov/glossary/term/chemical_facility_anti_terrorism_standards","abbrSyn":[{"text":"CFATS","link":"https://csrc.nist.gov/glossary/term/cfats"}],"definitions":null},{"term":"CHERI","link":"https://csrc.nist.gov/glossary/term/cheri","abbrSyn":[{"text":"Capability Hardware Enhanced RISC Instructions","link":"https://csrc.nist.gov/glossary/term/capability_hardware_enhanced_risc_instructions"}],"definitions":null},{"term":"Chief Executive Officer","link":"https://csrc.nist.gov/glossary/term/chief_executive_officer","abbrSyn":[{"text":"CEO","link":"https://csrc.nist.gov/glossary/term/ceo"}],"definitions":null},{"term":"Chief Financial Officer","link":"https://csrc.nist.gov/glossary/term/chief_financial_officer","abbrSyn":[{"text":"CFO","link":"https://csrc.nist.gov/glossary/term/cfo"}],"definitions":null},{"term":"Chief Financial Officers Council","link":"https://csrc.nist.gov/glossary/term/chief_financial_officers_council","abbrSyn":[{"text":"CFOC","link":"https://csrc.nist.gov/glossary/term/cfoc"}],"definitions":null},{"term":"chief information officer","link":"https://csrc.nist.gov/glossary/term/chief_information_officer","abbrSyn":[{"text":"CIO","link":"https://csrc.nist.gov/glossary/term/cio"}],"definitions":[{"text":"

Executive agency official responsible for: 

(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the executive agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and 

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency.

"},{"text":"Agency official responsible for: (i) providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; (ii) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and (iii) promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under CHIEF INFORMATION OFFICER ","refSources":[{"text":"44 U.S.C., Sec. 5125(b)","link":"https://www.gpo.gov/fdsys/granule/USCODE-2011-title44/USCODE-2011-title44-chap35-subchapI-sec3506/content-detail.html"}]}]},{"text":"The senior official that provides advice and other assistance to the head of the agency and other senior management personnel of the agency to ensure that IT is acquired and information resources are managed for the agency in a manner that achieves the agency’s strategic goals and information resources management goals; and is responsible for ensuring agency compliance with, and prompt, efficient, and effective implementation of, the information policies and information resources management responsibilities, including the reduction of information collection burdens on the public.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and\n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: \n1) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; \n2) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n3) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Chief Information Officer (CIO) ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: \n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; \n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: \n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; \n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. \nNote: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and\n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.\nNote: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: (1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information systems are acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; (2) developing, maintaining, and facilitating the implementation of a sound and integrated information system architecture for the agency; and (3) promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. \nNote: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under chief information officer (CIO) ","refSources":[{"text":"40 U.S.C., Sec. 1425 (b)","link":"https://www.govinfo.gov/app/details/USCODE-2001-title40/USCODE-2001-title40-chap25-subchapI-partB-sec1425"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Agency official responsible for:\n\n(i) Providing advice and other assistance to the head of the executive\nagency and other senior management personnel of the agency to ensure\nthat information technology is acquired and information resources are\nmanaged in a manner that is consistent with laws, Executive Orders,\ndirectives, policies, regulations, and priorities established by the head of\nthe agency;\n(ii) Developing, maintaining, and facilitating the implementation of a\nsound and integrated information technology architecture for the agency;\n\nand\n(iii) Promoting the effective and efficient design and operation of all\nmajor information resources management processes for the agency,\nincluding improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: (i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, executive orders, directives, policies, regulations, and priorities established by the head of the agency; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"44 U.S.C., Sec. 5125(b)","link":"https://www.gpo.gov/fdsys/granule/USCODE-2011-title44/USCODE-2011-title44-chap35-subchapI-sec3506/content-detail.html"}]}]},{"text":"Organization’s official responsible for: (i) Providing advice and other assistance to the head of the organization and other senior management personnel of the organization to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, directives, policies, regulations, and priorities established by the head of the organization; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the organization; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the organization, including improvements to work processes of the organization. Note: A subordinate organization may assign a chief information officer to denote an individual filling a position with security responsibilities with respect to the subordinate organization that are similar to those that the chief information officers fills for the organization to which they are subordinate.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Chief information officer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Chief information officer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - adapted"}]}]}]},{"term":"Chief Information Officers (CIO) Council","link":"https://csrc.nist.gov/glossary/term/chief_information_officers_cio_council","definitions":[{"text":"The CIO Council is the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, sharing, and performance of Federal information resources.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"CIO Council","link":"https://www.gsa.gov/about-us/organization/office-of-governmentwide-policy/office-of-shared-solutions-and-performance-improvement/chief-information-officers-council-cioc"}]}]}]},{"term":"chief information security officer","link":"https://csrc.nist.gov/glossary/term/chief_information_security_officer","abbrSyn":[{"text":"CISO","link":"https://csrc.nist.gov/glossary/term/ciso"},{"text":"senior agency information security officer"},{"text":"Senior Agency Information Security Officer"}],"definitions":[{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under CHIEF INFORMATION SECURITY OFFICER "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under senior agency information security officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under senior agency information security officer "}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \n[Note 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses.\nNote 2: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"See senior agency information security officer (SAISO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under chief information security officer (CISO) ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\nNote: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Modernization Act FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \nNote 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses. \nNote 2: Organizations subordinate to federal agencies may use the term Senior Agency Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. Note: Organizations subordinate to federal agencies may use the term senior information security officer or chief information security officer to denote individuals who fill positions with similar responsibilities to senior agency information security officers.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under senior agency information security officer "}]},{"text":"See Senior Agency Information Security Officer","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Chief Information Security Officer "}]}],"seeAlso":[{"text":"senior agency information security officer (SAISO)","link":"senior_agency_information_security_officer"}]},{"term":"Chief Operating Officer","link":"https://csrc.nist.gov/glossary/term/chief_operating_officer","abbrSyn":[{"text":"COO","link":"https://csrc.nist.gov/glossary/term/coo"}],"definitions":null},{"term":"Chief Privacy Officer","link":"https://csrc.nist.gov/glossary/term/chief_privacy_officer","abbrSyn":[{"text":"CPO","link":"https://csrc.nist.gov/glossary/term/cpo"},{"text":"Senior Agency Official for Privacy"}],"definitions":[{"text":"See Senior Agency Official for Privacy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The senior organizational official with overall organization-wide responsibility for information privacy issues.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "}]},{"text":"The senior official, designated by the head of each agency, who has agency-wide responsibility for privacy, including implementation of privacy protections; compliance with Federal laws, regulations, and policies relating to privacy; management of privacy risks at the agency; and a central policy-making role in the agency’s development and evaluation of legislative, regulatory, and other policy proposals.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Senior Agency Official for Privacy "}]}]},{"term":"Chief Product Security Officer","link":"https://csrc.nist.gov/glossary/term/chief_product_security_officer","abbrSyn":[{"text":"CPSO","link":"https://csrc.nist.gov/glossary/term/cpso"}],"definitions":null},{"term":"Chief Risk Officer","link":"https://csrc.nist.gov/glossary/term/chief_risk_officer","abbrSyn":[{"text":"CRO","link":"https://csrc.nist.gov/glossary/term/cro"}],"definitions":null},{"term":"Chief Security Officer","link":"https://csrc.nist.gov/glossary/term/chief_security_officer","abbrSyn":[{"text":"CSO","link":"https://csrc.nist.gov/glossary/term/cso"}],"definitions":null},{"term":"Chief Technology Officer","link":"https://csrc.nist.gov/glossary/term/chief_technology_officer","abbrSyn":[{"text":"CTO","link":"https://csrc.nist.gov/glossary/term/cto"}],"definitions":null},{"term":"Children‘s Online Privacy Protection Act","link":"https://csrc.nist.gov/glossary/term/childrens_online_privacy_protection_act","abbrSyn":[{"text":"COPPA","link":"https://csrc.nist.gov/glossary/term/coppa"}],"definitions":null},{"term":"Chinese Remainder Theorem","link":"https://csrc.nist.gov/glossary/term/chinese_remainder_theorem","abbrSyn":[{"text":"CRT","link":"https://csrc.nist.gov/glossary/term/crt"}],"definitions":null},{"term":"Choose Your Own Device","link":"https://csrc.nist.gov/glossary/term/choose_your_own_device","abbrSyn":[{"text":"CYOD","link":"https://csrc.nist.gov/glossary/term/cyod"}],"definitions":null},{"term":"Choreography","link":"https://csrc.nist.gov/glossary/term/choreography","definitions":[{"text":"Defines the requirements and sequences through which multiple Web services interact.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"Chosen Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/chosen_ciphertext_attack","abbrSyn":[{"text":"CCA","link":"https://csrc.nist.gov/glossary/term/cca"}],"definitions":null},{"term":"Chosen Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/chosen_plaintext_attack","abbrSyn":[{"text":"CPA","link":"https://csrc.nist.gov/glossary/term/cpa"}],"definitions":null},{"term":"CHUID","link":"https://csrc.nist.gov/glossary/term/chuid","abbrSyn":[{"text":"Card Holder Unique Identifier","link":"https://csrc.nist.gov/glossary/term/card_holder_unique_identifier"},{"text":"Cardholder Unique Identifier","link":"https://csrc.nist.gov/glossary/term/cardholder_unique_identifier"}],"definitions":null},{"term":"CHVP","link":"https://csrc.nist.gov/glossary/term/chvp","abbrSyn":[{"text":"Cryptographic High Value Products"}],"definitions":null},{"term":"CI","link":"https://csrc.nist.gov/glossary/term/ci","abbrSyn":[{"text":"Confidence interval","link":"https://csrc.nist.gov/glossary/term/confidence_interval"},{"text":"Ciphertext Integrity","link":"https://csrc.nist.gov/glossary/term/ciphertext_integrity"},{"text":"Configuration Item"},{"text":"Critical Infrastructure"}],"definitions":[{"text":"An aggregation of information system components that is designated for configuration management and treated as a single entity in the configuration management process.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Item "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Item "}]},{"text":"An interval estimate [low, high] of a population parameter. If the population is repeatedly sampled, and confidence intervals are computed for each sample with significance level α, approximately 100(1− α) % of the intervals are expected to contain the true population parameter.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Confidence interval "}]},{"text":"System and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Critical Infrastructure "}]},{"text":"Essential services and related assets that underpin American society and serve as the backbone of the nation's economy, security, and health.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS","note":" - Unknown Source"},{"text":"National Cybersecurity & Communications Integration Center","link":"https://www.cisa.gov/central"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]}]},{"text":"An item or aggregation of hardware or software or both that is designed to be managed as a single entity. Configuration items may vary widely in complexity, size and type, ranging from an entire system including all hardware, software and documentation, to a single module, a minor hardware component or a single software package.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Configuration Item ","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on cybersecurity, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Critical Infrastructure "}]}]},{"term":"CI/CD","link":"https://csrc.nist.gov/glossary/term/ci_cd","abbrSyn":[{"text":"continuous delivery/continuous deployment","link":"https://csrc.nist.gov/glossary/term/continuous_delivery_continuous_deployment"},{"text":"continuous integration and continuous deployment","link":"https://csrc.nist.gov/glossary/term/continuous_integration_and_continuous_deployment"}],"definitions":null},{"term":"CIA","link":"https://csrc.nist.gov/glossary/term/cia","abbrSyn":[{"text":"Confidentiality, Integrity, and Availability"},{"text":"confidentiality, integrity, availability","link":"https://csrc.nist.gov/glossary/term/confidentiality_integrity_availability"},{"text":"Cryptographic Information Application","link":"https://csrc.nist.gov/glossary/term/cryptographic_information_application"}],"definitions":[{"text":"C = Confidentiality assurance, I = Integrity assurance, A = Availability assurance","sources":[{"text":"NISTIR 7609","link":"https://doi.org/10.6028/NIST.IR.7609"}]}]},{"term":"CIDAR","link":"https://csrc.nist.gov/glossary/term/cidar","abbrSyn":[{"text":"Cyber Incident Data and Analysis Repository","link":"https://csrc.nist.gov/glossary/term/cyber_incident_data_and_analysis_repository"}],"definitions":null},{"term":"CIDR","link":"https://csrc.nist.gov/glossary/term/cidr","abbrSyn":[{"text":"Classless Interdomain Routing"},{"text":"Classless Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/classless_inter_domain_routing"}],"definitions":null},{"term":"CIE","link":"https://csrc.nist.gov/glossary/term/cie","abbrSyn":[{"text":"Cyber-Informed Engineering","link":"https://csrc.nist.gov/glossary/term/cyber_informed_engineering"}],"definitions":null},{"term":"CIF","link":"https://csrc.nist.gov/glossary/term/cif","abbrSyn":[{"text":"Control of Interaction Frequency","link":"https://csrc.nist.gov/glossary/term/control_of_interaction_frequency"}],"definitions":null},{"term":"CIFS","link":"https://csrc.nist.gov/glossary/term/cifs","abbrSyn":[{"text":"Common Internet File System","link":"https://csrc.nist.gov/glossary/term/common_internet_file_system"}],"definitions":null},{"term":"CIGRE","link":"https://csrc.nist.gov/glossary/term/cigre","abbrSyn":[{"text":"International Council on Large Electric Systems","link":"https://csrc.nist.gov/glossary/term/international_council_on_large_electric_systems"}],"definitions":null},{"term":"CIK","link":"https://csrc.nist.gov/glossary/term/cik","abbrSyn":[{"text":"Cryptographic Ignition Key","link":"https://csrc.nist.gov/glossary/term/cryptographic_ignition_key"}],"definitions":null},{"term":"CIKR","link":"https://csrc.nist.gov/glossary/term/cikr","abbrSyn":[{"text":"Critical Infrastructure and Key Resources","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_and_key_resources"}],"definitions":null},{"term":"CIM","link":"https://csrc.nist.gov/glossary/term/cim","abbrSyn":[{"text":"Ciphertext Integrity with Misuse-resistance","link":"https://csrc.nist.gov/glossary/term/ciphertext_integrity_with_misuse_resistance"},{"text":"Computer Integrated Manufacturing","link":"https://csrc.nist.gov/glossary/term/computer_integrated_manufacturing"}],"definitions":null},{"term":"CIMA","link":"https://csrc.nist.gov/glossary/term/cima","abbrSyn":[{"text":"COMSEC Incident Monitoring Activity","link":"https://csrc.nist.gov/glossary/term/comsec_incident_monitoring_activity"}],"definitions":null},{"term":"Cin-Day","link":"https://csrc.nist.gov/glossary/term/cin_day","abbrSyn":[{"text":"Cyber Cincinnati-Dayton Cyber Corridor","link":"https://csrc.nist.gov/glossary/term/cyber_cincinnati_dayton_cyber_corridor"}],"definitions":null},{"term":"CIO","link":"https://csrc.nist.gov/glossary/term/cio","abbrSyn":[{"text":"chief information officer","link":"https://csrc.nist.gov/glossary/term/chief_information_officer"},{"text":"Chief information officer"},{"text":"Chief Information Officer"}],"definitions":[{"text":"

Executive agency official responsible for: 

(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the executive agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; 

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and 

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency.

"},{"text":"The senior official that provides advice and other assistance to the head of the agency and other senior management personnel of the agency to ensure that IT is acquired and information resources are managed for the agency in a manner that achieves the agency’s strategic goals and information resources management goals; and is responsible for ensuring agency compliance with, and prompt, efficient, and effective implementation of, the information policies and information resources management responsibilities, including the reduction of information collection burdens on the public.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under chief information officer ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under chief information officer ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under chief information officer ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under chief information officer ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and\n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: \n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; \n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: \n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency; \n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency. \nNote: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and \n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for:\n(i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the agency;\n(ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and\n(iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.\nNote: Organizations subordinate to federal agencies may use the term Chief Information Officer to denote individuals filling positions with similar security responsibilities to agency-level Chief Information Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for:\n\n(i) Providing advice and other assistance to the head of the executive\nagency and other senior management personnel of the agency to ensure\nthat information technology is acquired and information resources are\nmanaged in a manner that is consistent with laws, Executive Orders,\ndirectives, policies, regulations, and priorities established by the head of\nthe agency;\n(ii) Developing, maintaining, and facilitating the implementation of a\nsound and integrated information technology architecture for the agency;\n\nand\n(iii) Promoting the effective and efficient design and operation of all\nmajor information resources management processes for the agency,\nincluding improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"PL 104-106, Sec. 5125(b)","link":"https://www.govinfo.gov/app/details/PLAW-104publ106/"}]}]},{"text":"Agency official responsible for: (i) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, executive orders, directives, policies, regulations, and priorities established by the head of the agency; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Chief Information Officer ","refSources":[{"text":"44 U.S.C., Sec. 5125(b)","link":"https://www.gpo.gov/fdsys/granule/USCODE-2011-title44/USCODE-2011-title44-chap35-subchapI-sec3506/content-detail.html"}]}]},{"text":"Organization’s official responsible for: (i) Providing advice and other assistance to the head of the organization and other senior management personnel of the organization to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, directives, policies, regulations, and priorities established by the head of the organization; (ii) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the organization; and (iii) Promoting the effective and efficient design and operation of all major information resources management processes for the organization, including improvements to work processes of the organization. Note: A subordinate organization may assign a chief information officer to denote an individual filling a position with security responsibilities with respect to the subordinate organization that are similar to those that the chief information officers fills for the organization to which they are subordinate.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Chief information officer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Chief information officer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - adapted"}]}]}]},{"term":"CIP","link":"https://csrc.nist.gov/glossary/term/cip","abbrSyn":[{"text":"Common Industrial Protocol","link":"https://csrc.nist.gov/glossary/term/common_industrial_protocol"},{"text":"Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_protection"}],"definitions":null},{"term":"CIPAC","link":"https://csrc.nist.gov/glossary/term/cipac","abbrSyn":[{"text":"Critical Infrastructure Partnership Advisory Council","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_partnership_advisory_council"}],"definitions":null},{"term":"cipher","link":"https://csrc.nist.gov/glossary/term/cipher","definitions":[{"text":"Series of transformations that converts plaintext to ciphertext using the Cipher Key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1"}]}]},{"text":"Any cryptographic system in which arbitrary symbols or groups of symbols, represent units of plain text, or in which units of plain text are rearranged, or both.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cipher Block Chaining","link":"https://csrc.nist.gov/glossary/term/cipher_block_chaining","abbrSyn":[{"text":"CBC","link":"https://csrc.nist.gov/glossary/term/cbc"}],"definitions":null},{"term":"Cipher Block Chaining - Message Authentication Code (CMAC)","link":"https://csrc.nist.gov/glossary/term/cipher_block_chaining_message_authentication_code","abbrSyn":[{"text":"CBC-MAC","link":"https://csrc.nist.gov/glossary/term/cbc_mac"},{"text":"CCMP","link":"https://csrc.nist.gov/glossary/term/ccmp"}],"definitions":null},{"term":"Cipher Feedback","link":"https://csrc.nist.gov/glossary/term/cipher_feedback","abbrSyn":[{"text":"CFB","link":"https://csrc.nist.gov/glossary/term/cfb"}],"definitions":null},{"term":"cipher text","link":"https://csrc.nist.gov/glossary/term/cipher_text","definitions":[{"text":"Data in its encrypted form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]}],"seeAlso":[{"text":"BLACK","link":"black"}]},{"term":"cipher text auto-key","link":"https://csrc.nist.gov/glossary/term/cipher_text_auto_key","abbrSyn":[{"text":"CTAK","link":"https://csrc.nist.gov/glossary/term/ctak"}],"definitions":[{"text":"Cryptographic logic that uses previous cipher text to generate a key stream.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/cipher_based_message_authentication_code","abbrSyn":[{"text":"CMAC","link":"https://csrc.nist.gov/glossary/term/cmac"}],"definitions":[{"text":"Cipher-based Message Authentication Code (as specified in NIST SP 800-38B).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under CMAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under CMAC "}]}]},{"term":"Ciphering Offset Number","link":"https://csrc.nist.gov/glossary/term/ciphering_offset_number","abbrSyn":[{"text":"COF","link":"https://csrc.nist.gov/glossary/term/cof"}],"definitions":null},{"term":"ciphertext","link":"https://csrc.nist.gov/glossary/term/ciphertext","definitions":[{"text":"Data in its encrypted form.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"Data in its encrypted form.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Ciphertext "},{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Ciphertext "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Ciphertext "},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Ciphertext "},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Ciphertext "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Ciphertext "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Ciphertext "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Ciphertext "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Ciphertext "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Ciphertext "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Ciphertext "}]},{"text":"Encrypted (enciphered) data.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Ciphertext "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Ciphertext "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Ciphertext "}]},{"text":"Encrypted data.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Ciphertext "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Ciphertext "}]},{"text":"The output of the CCM encryption-generation process.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Ciphertext "}]},{"text":"The encrypted form of the plaintext.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Ciphertext "}]},{"text":"The confidential form of the plaintext that is the output of the authenticated-encryption function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"Data in its enciphered form.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Ciphertext "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Ciphertext "}]}],"seeAlso":[{"text":"BLACK","link":"black"}]},{"term":"Ciphertext Integrity","link":"https://csrc.nist.gov/glossary/term/ciphertext_integrity","abbrSyn":[{"text":"CI","link":"https://csrc.nist.gov/glossary/term/ci"}],"definitions":null},{"term":"Ciphertext Integrity with Misuse-resistance","link":"https://csrc.nist.gov/glossary/term/ciphertext_integrity_with_misuse_resistance","abbrSyn":[{"text":"CIM","link":"https://csrc.nist.gov/glossary/term/cim"}],"definitions":null},{"term":"ciphertext-policy attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/ciphertext_policy_attribute_based_encryption","abbrSyn":[{"text":"CP-ABE","link":"https://csrc.nist.gov/glossary/term/cp_abe"}],"definitions":null},{"term":"CIPSEA","link":"https://csrc.nist.gov/glossary/term/cipsea","abbrSyn":[{"text":"Confidential Information Protection and Statistical Efficiency Act","link":"https://csrc.nist.gov/glossary/term/confidential_information_protection_and_statistical_efficiency_act"}],"definitions":null},{"term":"CIR","link":"https://csrc.nist.gov/glossary/term/cir","abbrSyn":[{"text":"Consumer Infrared","link":"https://csrc.nist.gov/glossary/term/consumer_infrared"}],"definitions":null},{"term":"CIRC","link":"https://csrc.nist.gov/glossary/term/circ","abbrSyn":[{"text":"Computer Incident Response Capability","link":"https://csrc.nist.gov/glossary/term/computer_incident_response_capability"},{"text":"Computer Incident Response Center","link":"https://csrc.nist.gov/glossary/term/computer_incident_response_center"},{"text":"Cyber Incident Response Team","link":"https://csrc.nist.gov/glossary/term/cyber_incident_response_team"}],"definitions":null},{"term":"Circuit","link":"https://csrc.nist.gov/glossary/term/circuit","definitions":[{"text":"A dedicated single connection between two endpoints on a network.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Circuit Switch Fallback","link":"https://csrc.nist.gov/glossary/term/circuit_switch_fallback","abbrSyn":[{"text":"CSFB","link":"https://csrc.nist.gov/glossary/term/csfb"}],"definitions":null},{"term":"CIRT","link":"https://csrc.nist.gov/glossary/term/cirt","abbrSyn":[{"text":"Computer Incident Response Team"},{"text":"Cyber Incident Response Team","link":"https://csrc.nist.gov/glossary/term/cyber_incident_response_team"}],"definitions":null},{"term":"CIS","link":"https://csrc.nist.gov/glossary/term/cis","abbrSyn":[{"text":"Center for Internet Security","link":"https://csrc.nist.gov/glossary/term/center_for_internet_security"},{"text":"Critical Infrastructure System","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_system"},{"text":"The Center for Internet Security"}],"definitions":null},{"term":"CISA","link":"https://csrc.nist.gov/glossary/term/cisa","abbrSyn":[{"text":"Center for Enterprise Dissemination-Disclosure Avoidance","link":"https://csrc.nist.gov/glossary/term/center_for_enterprise_dissemination_disclosure_avoidance"},{"text":"Cybersecurity & Infrastructure Security Agency"},{"text":"Cybersecurity and Infrastructure Security Agency","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_infrastructure_security_agency"}],"definitions":null},{"term":"Cisco Global Exploiter","link":"https://csrc.nist.gov/glossary/term/cisco_global_exploiter","abbrSyn":[{"text":"CGE","link":"https://csrc.nist.gov/glossary/term/cge"}],"definitions":null},{"term":"Cisco’s Internetwork Operating System","link":"https://csrc.nist.gov/glossary/term/cisco_internetwork_operating_system","abbrSyn":[{"text":"IOS","link":"https://csrc.nist.gov/glossary/term/cisco_ios"}],"definitions":null},{"term":"CISO","link":"https://csrc.nist.gov/glossary/term/ciso","abbrSyn":[{"text":"Chief Information Security Officer"},{"text":"Computer Information Security Officer","link":"https://csrc.nist.gov/glossary/term/computer_information_security_officer"}],"definitions":[{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "}]},{"text":"See Senior Agency Information Security Officer","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Chief Information Security Officer "}]}]},{"term":"CISQ","link":"https://csrc.nist.gov/glossary/term/cisq","abbrSyn":[{"text":"Consortium for Information & Software Quality","link":"https://csrc.nist.gov/glossary/term/consortium_for_information_and_software_quality"}],"definitions":null},{"term":"Citect SCADA system","link":"https://csrc.nist.gov/glossary/term/citect_scada_system","abbrSyn":[{"text":"U1","link":"https://csrc.nist.gov/glossary/term/u1"}],"definitions":null},{"term":"CJA","link":"https://csrc.nist.gov/glossary/term/cja","abbrSyn":[{"text":"Crown Jewels Analysis","link":"https://csrc.nist.gov/glossary/term/crown_jewels_analysis"}],"definitions":null},{"term":"CJIS","link":"https://csrc.nist.gov/glossary/term/cjis","abbrSyn":[{"text":"Criminal Justice Information Services","link":"https://csrc.nist.gov/glossary/term/criminal_justice_information_services"}],"definitions":null},{"term":"CK","link":"https://csrc.nist.gov/glossary/term/ck","abbrSyn":[{"text":"Confidentiality Key","link":"https://csrc.nist.gov/glossary/term/confidentiality_key"}],"definitions":null},{"term":"CKG","link":"https://csrc.nist.gov/glossary/term/ckg","abbrSyn":[{"text":"Cooperative Key Generation"}],"definitions":null},{"term":"CKL","link":"https://csrc.nist.gov/glossary/term/ckl","abbrSyn":[{"text":"Compromised Key List"}],"definitions":null},{"term":"CKMS","link":"https://csrc.nist.gov/glossary/term/ckms","abbrSyn":[{"text":"Crypto Key Management System","link":"https://csrc.nist.gov/glossary/term/crypto_key_management_system"},{"text":"Cryptographic Key Management System"}],"definitions":[{"text":"A Cryptographic Key Management System that conforms to the requirements of [NIST SP 800-130].","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS component","link":"https://csrc.nist.gov/glossary/term/ckms_component","definitions":[{"text":"Any hardware, software, or firmware that is used to implement a CKMS. In this Recommendation, the major CKMS components discussed are the Central Oversight Authority, Key Processing Facilities, Service Agents, Client Nodes and Tokens.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"CKMS design","link":"https://csrc.nist.gov/glossary/term/ckms_design","definitions":[{"text":"The capabilities that were selected and specified by a CKMS designer to be implemented and supported in a CKMS product.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS designer","link":"https://csrc.nist.gov/glossary/term/ckms_designer","definitions":[{"text":"The entity that selects the capabilities to be included in a CKMS, documents the design in accordance with the requirements specified in [NIST SP 800-130], and specifies a CKMS Security Policy that defines the rules that are to be enforced in the CKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS developer","link":"https://csrc.nist.gov/glossary/term/ckms_developer","definitions":[{"text":"The entity that assembles a CKMS as designed by the CKMS designer.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS hierarchy","link":"https://csrc.nist.gov/glossary/term/ckms_hierarchy","definitions":[{"text":"A system of key processing facilities whereby a key center or certification authority may delegate the authority to issue keys or certificates to subordinate centers or authorities that can, in turn, delegate that authority to their subordinates.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"CKMS implementer","link":"https://csrc.nist.gov/glossary/term/ckms_implementer","definitions":[{"text":"The entity that installs the CKMS for the FCKMS service provider.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS module","link":"https://csrc.nist.gov/glossary/term/ckms_module","definitions":[{"text":"A device that performs a set of key and metadata-management functions for at least one CKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS product","link":"https://csrc.nist.gov/glossary/term/ckms_product","definitions":[{"text":"An implementation of a CKMS design produced by a vendor that conforms to the requirements of [NIST SP 800-130], provides a set of key-management services and cryptographic functions, and operates in accordance with the CKMS designer’s CKMS Security Policy.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS PS","link":"https://csrc.nist.gov/glossary/term/ckms_ps","abbrSyn":[{"text":"Cryptographic Key Management System Practice Statement","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_management_system_practice_statement"}],"definitions":null},{"term":"CKMS Security Policy","link":"https://csrc.nist.gov/glossary/term/ckms_security_policy","definitions":[{"text":"A security policy specific to a CKMS","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"CKMS SP","link":"https://csrc.nist.gov/glossary/term/ckms_sp","abbrSyn":[{"text":"Cryptographic Key Management System Security Policy","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_management_system_security_policy"}],"definitions":null},{"term":"CKMS vendor","link":"https://csrc.nist.gov/glossary/term/ckms_vendor","definitions":[{"text":"The entity that markets the CKMS to CKMS service providers.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"claim","link":"https://csrc.nist.gov/glossary/term/claim","definitions":[{"text":"A true-false statement about the limitations on the values of an unambiguously defined property called the claim’s property; and limitations on the uncertainty of the property’s values falling within these limitations during the claim’s duration of applicability under stated conditions.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 15026"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 15026-1:2019"}]}]}]},{"term":"claimant","link":"https://csrc.nist.gov/glossary/term/claimant","definitions":[{"text":"A subject whose identity is to be verified using one or more authentication protocols.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Claimant "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Claimant "}]},{"text":"The Bluetooth device attempting to prove its identity to the verifier during the Bluetooth connection process.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2","underTerm":" under Claimant "},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]","underTerm":" under Claimant "}]},{"text":"A subject whose identity is to be verified using one or more authentication protocols.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Claimant "}]},{"text":"The person who is asserting his or her identity","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Claimant "}]}]},{"term":"Claimed Address","link":"https://csrc.nist.gov/glossary/term/claimed_address","definitions":[{"text":"The physical location asserted by a subject where they can be reached. It includes the individual’s residential street address and may also include their mailing address. For example, a person with a foreign passport living in the U.S. will need to give an address when going through the identity proofing process. This address would not be an “address of record” but a “claimed address.”","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The physical location asserted by a subject where they can be reached. It includes the individual’s residential street address and may also include their mailing address. \nFor example, a person with a foreign passport living in the U.S. will need to give an address when going through the identity proofing process. This address would not be an “address of record” but a “claimed address.”","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The physical location asserted by an individual (e.g. an applicant) where he/she can be reached. It includes the residential street address of an individual and may also include the mailing address of the individual. \nFor example, a person with a foreign passport, living in the U.S., will need to give an address when going through the identity proofing process. This address would not be an “address of record” but a “claimed address.”","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Claimed Identity","link":"https://csrc.nist.gov/glossary/term/claimed_identity","definitions":[{"text":"An applicant’s declaration of unvalidated and unverified personal attributes.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Claimed signatory","link":"https://csrc.nist.gov/glossary/term/claimed_signatory","definitions":[{"text":"From the verifier’s perspective, the claimed signatory is the entity that purportedly generated a digital signature.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"classified information","link":"https://csrc.nist.gov/glossary/term/classified_information","definitions":[{"text":"Classified information or classified national security information means information that has been determined pursuant to E. O.\n12958 as amended by E.O. 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Classified Information ","refSources":[{"text":"E.O. 13292","link":"https://www.govinfo.gov/app/details/CFR-2004-title3-vol1/CFR-2004-title3-vol1-eo13292"}]}]},{"text":"Information that Executive Order 13526, \"Classified National Security Information,\" December 29, 2009 (3 CFR, 2010 Comp., p. 298), or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended, requires agencies to mark with classified markings and protect against unauthorized disclosure. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Information that has been determined: (i) pursuant to Executive Order 12958 as amended by Executive Order 13526, or any predecessor Order, to be classified national security information; or (ii) pursuant to the Atomic Energy Act of 1954, as amended, to be Restricted Data (RD).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Classified Information "}]},{"text":"Information that has been determined pursuant to Executive Order (E.O.) 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Classified Information "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Classified Information "}]}],"seeAlso":[{"text":"classified national security information","link":"classified_national_security_information"},{"text":"controlled unclassified information"},{"text":"national security information (NSI)","link":"national_security_information"}]},{"term":"classified national security information","link":"https://csrc.nist.gov/glossary/term/classified_national_security_information","abbrSyn":[{"text":"national security information (NSI)","link":"https://csrc.nist.gov/glossary/term/national_security_information"}],"definitions":[{"text":"Information that has been determined pursuant to Executive Order 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Classified National Security Information ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Information that has been determined pursuant to Executive Order (E.O.) 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 13526","link":"https://www.govinfo.gov/app/details/CFR-2010-title3-vol1/CFR-2010-title3-vol1-eo13526"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"E.O. 13526","link":"https://www.govinfo.gov/app/details/CFR-2010-title3-vol1/CFR-2010-title3-vol1-eo13526"}]}]},{"text":"Information that Executive Order 13526, \"Classified National Security Information,\" December 29, 2009 (3 CFR, 2010 Comp., p. 298), or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended, requires agencies to mark with classified markings and protect against unauthorized disclosure. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under national security information (NSI) "}]}],"seeAlso":[{"text":"classified information","link":"classified_information"},{"text":"unclassified","link":"unclassified"}]},{"term":"Classless Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/classless_inter_domain_routing","abbrSyn":[{"text":"CIDR","link":"https://csrc.nist.gov/glossary/term/cidr"}],"definitions":null},{"term":"clean host","link":"https://csrc.nist.gov/glossary/term/clean_host","definitions":[{"text":"A host with an operating system installation that has never been accessed by end users, such as a host freshly built from a fully-patched security baseline image.","sources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167"}]}]},{"term":"clean word list","link":"https://csrc.nist.gov/glossary/term/clean_word_list","definitions":[{"text":"List of words that are acceptable, but would normally be rejected because they contain a word on the dirty word list (e.g., secret within secretary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"dirty word list","link":"dirty_word_list"},{"text":"white list"}]},{"term":"clear","link":"https://csrc.nist.gov/glossary/term/clear","definitions":[{"text":"A method of sanitization that applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"A method of Sanitization by applying logical techniques to sanitizedata in all user-addressable storage locations for protection againstsimple non-invasive data recovery techniques using the sameinterface available to the user; typicallyapplied through the standard read and write commands to the storage device, such as by rewritingwith a new value or using a menu option to reset the device to thefactory state(where rewriting is not supported).","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Clear "}]}]},{"term":"clearance","link":"https://csrc.nist.gov/glossary/term/clearance","definitions":[{"text":"A formal security determination by an authorized adjudicative office that an individual is authorized access, on a need to know basis, to a specific level of classified information (TOP SECRET, SECRET, or CONFIDENTIAL).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"cleartext","link":"https://csrc.nist.gov/glossary/term/cleartext","abbrSyn":[{"text":"plain text"}],"definitions":[{"text":"Information that is not encrypted.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"Unencrypted information that may be input to an encryption operation. \nNote: Plain text is not a synonym for clear text. See clear text.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under plain text ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949","note":" - Adapted"}]}]},{"text":"Information that is not encrypted.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under clear text ","refSources":[{"text":"ISO/IEC 7498-2"}]}]},{"text":"Information that is not encrypted.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Clear Text "}]},{"text":"Intelligible data, the semantic content of which is available.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Clear-text ","refSources":[{"text":"ISO DIS 10181-2"}]}]}],"seeAlso":[{"text":"plain text"}]},{"term":"CLI","link":"https://csrc.nist.gov/glossary/term/cli","abbrSyn":[{"text":"Command Line Interface","link":"https://csrc.nist.gov/glossary/term/command_line_interface"},{"text":"Command-Line Interface"}],"definitions":null},{"term":"Client Application","link":"https://csrc.nist.gov/glossary/term/client_application","definitions":[{"text":"A program running on a computer in communication with a card interface device.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Client Backup-Archive Client","link":"https://csrc.nist.gov/glossary/term/client_backup_archive_client","abbrSyn":[{"text":"BA","link":"https://csrc.nist.gov/glossary/term/ba"}],"definitions":null},{"term":"Client Management Script Library","link":"https://csrc.nist.gov/glossary/term/client_management_script_library","abbrSyn":[{"text":"CMSL","link":"https://csrc.nist.gov/glossary/term/cmsl"}],"definitions":null},{"term":"client node","link":"https://csrc.nist.gov/glossary/term/client_node","abbrSyn":[{"text":"CN","link":"https://csrc.nist.gov/glossary/term/cn"}],"definitions":[{"text":"Enables customers to access primary services nodes (PRSNs) to obtain key management infrastructure (KMI) products and services and to generate, produce, and distribute traditional (symmetric) key products. The management client (MGC) configuration of the client node allows customers to operate locally, independent of a PRSN.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An interface for human users, devices, applications and processes to access CKMS functions, including the requesting of certificates and keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Client node "}]}]},{"term":"Client-to-Authenticator Protocol","link":"https://csrc.nist.gov/glossary/term/client_to_authenticator_protocol","abbrSyn":[{"text":"CTAP","link":"https://csrc.nist.gov/glossary/term/ctap"}],"definitions":null},{"term":"Clinical and Laboratory Standards Institute","link":"https://csrc.nist.gov/glossary/term/clinical_and_laboratory_standards_institute","abbrSyn":[{"text":"CLSI","link":"https://csrc.nist.gov/glossary/term/clsi"}],"definitions":null},{"term":"clock","link":"https://csrc.nist.gov/glossary/term/clock","definitions":[{"text":"A device that generates periodic, accurately spaced signals for timekeeping applications. A clock consists of at least three parts: an oscillator, a device that counts the oscillations and converts them to units of time interval (such as seconds, minutes, hours, and days), and a means of displaying or recording the results.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Cloned Tag","link":"https://csrc.nist.gov/glossary/term/cloned_tag","definitions":[{"text":"A tag that is made to be a duplicate of a legitimate tag. A cloned tag can be created by reading data such as an identifier from a legitimate tag and writing that data to a different tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Closed Circuit Television","link":"https://csrc.nist.gov/glossary/term/closed_circuit_television","abbrSyn":[{"text":"CCTV","link":"https://csrc.nist.gov/glossary/term/cctv"}],"definitions":null},{"term":"closed security environment","link":"https://csrc.nist.gov/glossary/term/closed_security_environment","definitions":[{"text":"Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system life cycle. Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Closed Source Operating System","link":"https://csrc.nist.gov/glossary/term/closed_source_operating_system","definitions":[{"text":"Source code for an operating system is not publically available.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"closed storage","link":"https://csrc.nist.gov/glossary/term/closed_storage","definitions":[{"text":"The storage of classified information in properly secured General Services Administration-approved security containers.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"Closed System","link":"https://csrc.nist.gov/glossary/term/closed_system","definitions":[{"text":"A system that is self-contained within an enterprise. Closed systems do not have an inter-enterprise subsystem.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"cloud access security broker","link":"https://csrc.nist.gov/glossary/term/cloud_access_security_broker","abbrSyn":[{"text":"CASB","link":"https://csrc.nist.gov/glossary/term/casb"}],"definitions":null},{"term":"Cloud Auditor","link":"https://csrc.nist.gov/glossary/term/cloud_auditor","definitions":[{"text":"A party that can conduct an independent assessment of cloud services, information system operations, performance, and security of the cloud implementation","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 500-292","link":"https://doi.org/10.6028/NIST.SP.500-292"}]}]}]},{"term":"Cloud Broker","link":"https://csrc.nist.gov/glossary/term/cloud_broker","definitions":[{"text":"An entity that manages the use, performance, and delivery of cloud services and negotiates relationships between Cloud Providers and Cloud Consumers","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 500-292","link":"https://doi.org/10.6028/NIST.SP.500-292"}]}]}]},{"term":"Cloud Carrier","link":"https://csrc.nist.gov/glossary/term/cloud_carrier","definitions":[{"text":"An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 500-292","link":"https://doi.org/10.6028/NIST.SP.500-292"}]}]}]},{"term":"cloud computing","link":"https://csrc.nist.gov/glossary/term/cloud_computing","definitions":[{"text":"A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cloud Computing ","refSources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cloud Computing ","refSources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cloud Computing ","refSources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]},{"text":"A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service Provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","underTerm":" under Cloud computing ","refSources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145","note":" - Adapted"}]}]}]},{"term":"Cloud Consumer","link":"https://csrc.nist.gov/glossary/term/cloud_consumer","definitions":[{"text":"A person or organization that maintains a business relationship with and uses service from Cloud Providers","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 500-292","link":"https://doi.org/10.6028/NIST.SP.500-292"}]}]}]},{"term":"cloud infrastructure","link":"https://csrc.nist.gov/glossary/term/cloud_infrastructure","definitions":[{"text":"the collection of hardware and software that enables the five essential characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a physical layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary to support the cloud services being provided, and typically includes server, storage and network components. The abstraction layer consists of the software deployed across the physical layer, which manifests the essential cloud characteristics. Conceptually the abstraction layer sits above the physical layer.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Cloud Native Computing Foundation","link":"https://csrc.nist.gov/glossary/term/cloud_native_computing_foundation","abbrSyn":[{"text":"CNCF","link":"https://csrc.nist.gov/glossary/term/cncf"}],"definitions":null},{"term":"Cloud Provider","link":"https://csrc.nist.gov/glossary/term/cloud_provider","definitions":[{"text":"The entity (a person or an organization) responsible for making a service available to interested parties","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 500-292","link":"https://doi.org/10.6028/NIST.SP.500-292"}]}]}]},{"term":"Cloud Security Alliance","link":"https://csrc.nist.gov/glossary/term/cloud_security_alliance","abbrSyn":[{"text":"CSA","link":"https://csrc.nist.gov/glossary/term/csa"}],"definitions":null},{"term":"Cloud Security Policy Framework","link":"https://csrc.nist.gov/glossary/term/cloud_security_policy_framework","abbrSyn":[{"text":"CloudSPF","link":"https://csrc.nist.gov/glossary/term/cloudspf"}],"definitions":null},{"term":"Cloud Security Rubik’s Cube","link":"https://csrc.nist.gov/glossary/term/cloud_security_rubiks_cube","abbrSyn":[{"text":"CSRC","link":"https://csrc.nist.gov/glossary/term/csrc"}],"definitions":null},{"term":"cloud service customer","link":"https://csrc.nist.gov/glossary/term/cloud_service_customer","abbrSyn":[{"text":"CSC","link":"https://csrc.nist.gov/glossary/term/csc"}],"definitions":null},{"term":"Cloud Service Provider","link":"https://csrc.nist.gov/glossary/term/cloud_service_provider","abbrSyn":[{"text":"CSP","link":"https://csrc.nist.gov/glossary/term/csp"}],"definitions":null},{"term":"Cloud workload","link":"https://csrc.nist.gov/glossary/term/cloud_workload","definitions":[{"text":"A logical bundle of software and data that is present in, and processed by, a cloud computing technology.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19"}]}]},{"term":"CloudSPF","link":"https://csrc.nist.gov/glossary/term/cloudspf","abbrSyn":[{"text":"Cloud Security Policy Framework","link":"https://csrc.nist.gov/glossary/term/cloud_security_policy_framework"}],"definitions":null},{"term":"CLR","link":"https://csrc.nist.gov/glossary/term/clr","abbrSyn":[{"text":"Common Language Runtime","link":"https://csrc.nist.gov/glossary/term/common_language_runtime"}],"definitions":null},{"term":"CLSI","link":"https://csrc.nist.gov/glossary/term/clsi","abbrSyn":[{"text":"Clinical and Laboratory Standards Institute","link":"https://csrc.nist.gov/glossary/term/clinical_and_laboratory_standards_institute"}],"definitions":null},{"term":"Cluster","link":"https://csrc.nist.gov/glossary/term/cluster","definitions":[{"text":"A group of contiguous sectors.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Clustered Regularly Interspaced Short Palindromic Repeats","link":"https://csrc.nist.gov/glossary/term/clustered_regularly_interspaced_short_palindromic_repeats","abbrSyn":[{"text":"CRISPR","link":"https://csrc.nist.gov/glossary/term/crispr"}],"definitions":null},{"term":"CM","link":"https://csrc.nist.gov/glossary/term/cm_uppercase","abbrSyn":[{"text":"Configuration Management"}],"definitions":[{"text":"A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Management "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Management "}]}]},{"term":"cm","link":"https://csrc.nist.gov/glossary/term/cm_lowercase","abbrSyn":[{"text":"Centimeter","link":"https://csrc.nist.gov/glossary/term/centimeter"}],"definitions":null},{"term":"CMaaS","link":"https://csrc.nist.gov/glossary/term/cmaas","abbrSyn":[{"text":"Continuous Monitoring as a Service","link":"https://csrc.nist.gov/glossary/term/continuous_monitoring_as_a_service"}],"definitions":[{"text":"See Continuous Monitoring as a Service","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"CMAC","link":"https://csrc.nist.gov/glossary/term/cmac","abbrSyn":[{"text":"Block Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/block_cipher_based_message_authentication_code"},{"text":"Cipher-based MAC"},{"text":"Cipher-based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/cipher_based_message_authentication_code"},{"text":"Cipher-Based Message Authentication Code"}],"definitions":[{"text":"Cipher-based Message Authentication Code (as specified in NIST SP 800-38B).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"CMC","link":"https://csrc.nist.gov/glossary/term/cmc","abbrSyn":[{"text":"Chassis Management Controller","link":"https://csrc.nist.gov/glossary/term/chassis_management_controller"}],"definitions":null},{"term":"CMCS","link":"https://csrc.nist.gov/glossary/term/cmcs","abbrSyn":[{"text":"COMSEC material control system","link":"https://csrc.nist.gov/glossary/term/comsec_material_control_system"}],"definitions":null},{"term":"CMDAUTH","link":"https://csrc.nist.gov/glossary/term/cmdauth","abbrSyn":[{"text":"Command Authority","link":"https://csrc.nist.gov/glossary/term/command_authority"}],"definitions":null},{"term":"CMDB","link":"https://csrc.nist.gov/glossary/term/cmdb","abbrSyn":[{"text":"Configuration Management Database","link":"https://csrc.nist.gov/glossary/term/configuration_management_database"}],"definitions":null},{"term":"CMIA","link":"https://csrc.nist.gov/glossary/term/cmia","abbrSyn":[{"text":"Cyber Mission Impact Analysis","link":"https://csrc.nist.gov/glossary/term/cyber_mission_impact_analysis"}],"definitions":null},{"term":"CMMI","link":"https://csrc.nist.gov/glossary/term/cmmi","abbrSyn":[{"text":"Capability Maturity Model Integration","link":"https://csrc.nist.gov/glossary/term/capability_maturity_model_integration"}],"definitions":null},{"term":"CMOS","link":"https://csrc.nist.gov/glossary/term/cmos","abbrSyn":[{"text":"Complementary Metal Oxide Semiconductor","link":"https://csrc.nist.gov/glossary/term/complementary_metal_oxide_semiconductor"}],"definitions":null},{"term":"CMRR","link":"https://csrc.nist.gov/glossary/term/cmrr","definitions":[{"text":"The Center for Magnetic Recording Research, located at the University of California, San Diego,advances the state-of-the-art inmagnetic storageand trains graduate students and postdoctoralprofessionals(CMRR homepage:http://cmrr.ucsd.edu/).","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"CMS","link":"https://csrc.nist.gov/glossary/term/cms","abbrSyn":[{"text":"Centers for Medicare and Medicaid Services","link":"https://csrc.nist.gov/glossary/term/centers_for_medicare_and_medicaid_services"},{"text":"Certificate Management Service","link":"https://csrc.nist.gov/glossary/term/certificate_management_service"},{"text":"Content Management System","link":"https://csrc.nist.gov/glossary/term/content_management_system"},{"text":"Credential Management System","link":"https://csrc.nist.gov/glossary/term/credential_management_system"},{"text":"Cryptographic Message Syntax","link":"https://csrc.nist.gov/glossary/term/cryptographic_message_syntax"}],"definitions":null},{"term":"CMSL","link":"https://csrc.nist.gov/glossary/term/cmsl","abbrSyn":[{"text":"Client Management Script Library","link":"https://csrc.nist.gov/glossary/term/client_management_script_library"}],"definitions":null},{"term":"CMTC","link":"https://csrc.nist.gov/glossary/term/cmtc","abbrSyn":[{"text":"Card Management System to the Card","link":"https://csrc.nist.gov/glossary/term/card_management_system_to_the_card"},{"text":"Card Management System to Card","link":"https://csrc.nist.gov/glossary/term/card_management_system_to_card"}],"definitions":null},{"term":"CMUF","link":"https://csrc.nist.gov/glossary/term/cmuf","abbrSyn":[{"text":"Cryptographic Modules User Forum","link":"https://csrc.nist.gov/glossary/term/cryptographic_modules_user_forum"}],"definitions":null},{"term":"CMVP","link":"https://csrc.nist.gov/glossary/term/cmvp","abbrSyn":[{"text":"Cryptographic Module Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_module_validation_program"}],"definitions":null},{"term":"CMYK","link":"https://csrc.nist.gov/glossary/term/cmyk","abbrSyn":[{"text":"Cyan, Magenta, Yellow, and Key (or blacK)","link":"https://csrc.nist.gov/glossary/term/cyan_magenta_yellow_and_key_or_black"}],"definitions":null},{"term":"CN","link":"https://csrc.nist.gov/glossary/term/cn","abbrSyn":[{"text":"Client Node"},{"text":"Common Name","link":"https://csrc.nist.gov/glossary/term/common_name"}],"definitions":[{"text":"An attribute type that is commonly found within a Subject Distinguished Name in an X.500 directory information tree. When identifying machines, it is composed of a fully qualified domain name or IP address.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Common Name "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Common Name "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Common Name "}]}]},{"term":"CNA","link":"https://csrc.nist.gov/glossary/term/cna","abbrSyn":[{"text":"Computer Network Attack"},{"text":"CVE Naming Authorities"},{"text":"CVE Naming Authority","link":"https://csrc.nist.gov/glossary/term/cve_naming_authority"},{"text":"CVE Numbering Authority","link":"https://csrc.nist.gov/glossary/term/cve_numbering_authority"}],"definitions":null},{"term":"CNAP","link":"https://csrc.nist.gov/glossary/term/cnap","abbrSyn":[{"text":"Cybersecurity National Action Plan","link":"https://csrc.nist.gov/glossary/term/cybersecurity_national_action_plan"}],"definitions":null},{"term":"CNC","link":"https://csrc.nist.gov/glossary/term/cnc","abbrSyn":[{"text":"Computer Numerical Control","link":"https://csrc.nist.gov/glossary/term/computer_numerical_control"}],"definitions":null},{"term":"CNCF","link":"https://csrc.nist.gov/glossary/term/cncf","abbrSyn":[{"text":"Cloud Native Computing Foundation","link":"https://csrc.nist.gov/glossary/term/cloud_native_computing_foundation"}],"definitions":null},{"term":"CND","link":"https://csrc.nist.gov/glossary/term/cnd","abbrSyn":[{"text":"Computer Network Defense"}],"definitions":null},{"term":"CNE","link":"https://csrc.nist.gov/glossary/term/cne","abbrSyn":[{"text":"Computer Network Exploitation"}],"definitions":null},{"term":"CNG","link":"https://csrc.nist.gov/glossary/term/cng","abbrSyn":[{"text":"Cryptographic API: Next Generation","link":"https://csrc.nist.gov/glossary/term/cryptographic_api_next_generation"}],"definitions":null},{"term":"CNI","link":"https://csrc.nist.gov/glossary/term/cni","abbrSyn":[{"text":"Container Network Interface","link":"https://csrc.nist.gov/glossary/term/container_network_interface"}],"definitions":null},{"term":"CNIC","link":"https://csrc.nist.gov/glossary/term/cnic","abbrSyn":[{"text":"Cellular Network Isolation Card"}],"definitions":null},{"term":"CNO","link":"https://csrc.nist.gov/glossary/term/cno","abbrSyn":[{"text":"Computer Network Operations"}],"definitions":null},{"term":"CNP","link":"https://csrc.nist.gov/glossary/term/cnp","abbrSyn":[{"text":"Card Not Present","link":"https://csrc.nist.gov/glossary/term/card_not_present"}],"definitions":null},{"term":"CNSS","link":"https://csrc.nist.gov/glossary/term/cnss","abbrSyn":[{"text":"Committee for National Security Systems"},{"text":"Committee on National Security Systems","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems"}],"definitions":null},{"term":"CNSS Directive","link":"https://csrc.nist.gov/glossary/term/cnss_directive","abbrSyn":[{"text":"CNSSD","link":"https://csrc.nist.gov/glossary/term/cnssd"}],"definitions":null},{"term":"CNSSAM","link":"https://csrc.nist.gov/glossary/term/cnssam","abbrSyn":[{"text":"Committee on National Security Systems Advisory Memorandum","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_advisory_memorandum"}],"definitions":null},{"term":"CNSSD","link":"https://csrc.nist.gov/glossary/term/cnssd","abbrSyn":[{"text":"CNSS Directive","link":"https://csrc.nist.gov/glossary/term/cnss_directive"},{"text":"Committee on National Security Systems Directive","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_directive"}],"definitions":null},{"term":"CNSSI","link":"https://csrc.nist.gov/glossary/term/cnssi","abbrSyn":[{"text":"Committee on National Security Systems Instruction","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_instruction"}],"definitions":null},{"term":"CNSSP","link":"https://csrc.nist.gov/glossary/term/cnssp","abbrSyn":[{"text":"Committee on National Security Systems Policy","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_policy"}],"definitions":null},{"term":"CO","link":"https://csrc.nist.gov/glossary/term/co","abbrSyn":[{"text":"Cyberspace Operations"}],"definitions":null},{"term":"COA","link":"https://csrc.nist.gov/glossary/term/coa","abbrSyn":[{"text":"Central Oversight Authority","link":"https://csrc.nist.gov/glossary/term/central_oversight_authority"},{"text":"Change of Authorization","link":"https://csrc.nist.gov/glossary/term/change_of_authorization"},{"text":"Course of Action","link":"https://csrc.nist.gov/glossary/term/course_of_action"}],"definitions":[{"text":"The cryptographic key management system (CKMS) entity that provides overall CKMS data synchronization and system security oversight for an organization or set of organizations.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Central Oversight Authority "}]},{"text":"A time-phased or situation-dependent combination of risk response measures.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Course of Action ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"coalition partner","link":"https://csrc.nist.gov/glossary/term/coalition_partner","definitions":[{"text":"A nation in an ad hoc defense arrangement with the United States.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"CoAP","link":"https://csrc.nist.gov/glossary/term/coap","abbrSyn":[{"text":"Constrained Application Protocol","link":"https://csrc.nist.gov/glossary/term/constrained_application_protocol"}],"definitions":null},{"term":"COBIT","link":"https://csrc.nist.gov/glossary/term/cobit","abbrSyn":[{"text":"Control Objectives for Information and Related Technologies","link":"https://csrc.nist.gov/glossary/term/control_objectives_for_information_and_related_technologies"},{"text":"Control Objectives for Information and Related Technology"}],"definitions":null},{"term":"code","link":"https://csrc.nist.gov/glossary/term/code","definitions":[{"text":"System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSI No. 7002","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer instructions and data definitions expressed in a programming language or in a form output by an assembler, compiler, or other translator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]}]}]},{"term":"code analysis","link":"https://csrc.nist.gov/glossary/term/code_analysis","definitions":[{"text":"The act of reverse-engineering the malicious program to understand the code that implements the software behavior. For example, when looking at compiled programs, the process involves using a disassembler, a debugger, and perhaps a decompiler to examine the program’s low-level assembly or byte-code instructions. A disassembler converts the instructions from their binary form into the human-readable assembly form. A decompiler attempts to recreate the original source code of the program. A debugger allows the analyst to step through the code, interacting with it, and observing the effects of its instructions to understand its purpose.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Code Division Multiple Access (CDMA)","link":"https://csrc.nist.gov/glossary/term/code_division_multiple_access","abbrSyn":[{"text":"CDMA","link":"https://csrc.nist.gov/glossary/term/cdma"}],"definitions":[{"text":"A spread spectrum technology for cellular networks based on the Interim Standard-95 (IS-95) from the Telecommunications Industry Association (TIA).","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Code Division Multiple Access "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Code Division Multiple Access "}]}]},{"term":"code group","link":"https://csrc.nist.gov/glossary/term/code_group","note":"(C.F.D.)","definitions":[{"text":"Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Code of Federal Regulations","link":"https://csrc.nist.gov/glossary/term/code_of_federal_regulations","abbrSyn":[{"text":"C.F.R.","link":"https://csrc.nist.gov/glossary/term/cfr"},{"text":"CFR"}],"definitions":null},{"term":"Code Signing Key","link":"https://csrc.nist.gov/glossary/term/code_signing_key","abbrSyn":[{"text":"CSK","link":"https://csrc.nist.gov/glossary/term/csk"}],"definitions":null},{"term":"code vocabulary","link":"https://csrc.nist.gov/glossary/term/code_vocabulary","note":"(C.F.D.)","definitions":[{"text":"Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"codebook","link":"https://csrc.nist.gov/glossary/term/codebook","definitions":[{"text":"Document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique or algorithm that encrypts data in blocks of a specified length.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Codec","link":"https://csrc.nist.gov/glossary/term/codec","abbrSyn":[{"text":"Coder Decoder"},{"text":"Coder-Decoder","link":"https://csrc.nist.gov/glossary/term/coder_decoder"}],"definitions":[{"text":"coder/decoder, which converts analog voice into digital data and back again, and may also compress and decompress the data for more efficient transmission.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"Coder-Decoder","link":"https://csrc.nist.gov/glossary/term/coder_decoder","abbrSyn":[{"text":"Codec","link":"https://csrc.nist.gov/glossary/term/codec"},{"text":"CODEC"}],"definitions":[{"text":"coder/decoder, which converts analog voice into digital data and back again, and may also compress and decompress the data for more efficient transmission.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58","underTerm":" under Codec "}]}]},{"term":"COF","link":"https://csrc.nist.gov/glossary/term/cof","abbrSyn":[{"text":"Ciphering Offset Number","link":"https://csrc.nist.gov/glossary/term/ciphering_offset_number"}],"definitions":null},{"term":"Cofactor Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/cofactor_diffie_hellman","abbrSyn":[{"text":"CDH","link":"https://csrc.nist.gov/glossary/term/cdh"}],"definitions":[{"text":"The cofactor ECC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under CDH "}]}]},{"term":"COFB","link":"https://csrc.nist.gov/glossary/term/cofb","abbrSyn":[{"text":"Combined Feedback","link":"https://csrc.nist.gov/glossary/term/combined_feedback"}],"definitions":null},{"term":"COG","link":"https://csrc.nist.gov/glossary/term/cog","abbrSyn":[{"text":"Continuity of Government"}],"definitions":null},{"term":"Cognitive-based Approach to System Security Assessment","link":"https://csrc.nist.gov/glossary/term/cognitive_based_approach_to_system_security_assessment","abbrSyn":[{"text":"CASSA","link":"https://csrc.nist.gov/glossary/term/cassa"}],"definitions":null},{"term":"cognizant security officer/authority","link":"https://csrc.nist.gov/glossary/term/cognizant_security_officer_authority","definitions":[{"text":"An entity charged with responsibility for physical, technical, personnel, and information security affecting that organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The single principal designated by a Senior Official of the Intelligence Community (SOIC) to serve as the responsible official for all aspects of security program management concerning the protection of national intelligence, sources and methods, under SOIC responsibility.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"COI","link":"https://csrc.nist.gov/glossary/term/coi","abbrSyn":[{"text":"community of interest"},{"text":"Community of Interest"}],"definitions":null},{"term":"cold site","link":"https://csrc.nist.gov/glossary/term/cold_site","definitions":[{"text":"A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Cold Site "}]}]},{"term":"Collaborative Research and Development Agreement","link":"https://csrc.nist.gov/glossary/term/collaborative_research_and_development_agreement","abbrSyn":[{"text":"CRADA","link":"https://csrc.nist.gov/glossary/term/crada"}],"definitions":null},{"term":"Collaborative Robotic System","link":"https://csrc.nist.gov/glossary/term/collaborative_robotic_system","abbrSyn":[{"text":"CRS","link":"https://csrc.nist.gov/glossary/term/crs"}],"definitions":null},{"term":"Collateral Damage Potential","link":"https://csrc.nist.gov/glossary/term/collateral_damage_potential","definitions":[{"text":"measures the potential for loss of life or physical assets through damage or theft of property or equipment.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"collateral information","link":"https://csrc.nist.gov/glossary/term/collateral_information","definitions":[{"text":"National security information (including intelligence information) classified Top Secret, Secret, or Confidential that is not in the Sensitive Compartmented Information (SCI) or Special Access Program (SAP) category.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"Collecting and Communicating Audit Trails","link":"https://csrc.nist.gov/glossary/term/collecting_and_communicating_audit_trails","definitions":[{"text":"To define and identify security-relevant events and the data to be collected and communicated as determined by policy, regulation, or risk analysis to support identification of those security-relevant events.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"Collection","link":"https://csrc.nist.gov/glossary/term/collection","definitions":[{"text":"The first phase of the computer and network forensics process, which involves identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following guidelines and procedures that preserve the integrity of the data.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Collection System","link":"https://csrc.nist.gov/glossary/term/collection_system","definitions":[{"text":"A system that collects actual state data and compares the collected actual state data to the desired state specification to find security defects.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Collector","link":"https://csrc.nist.gov/glossary/term/collector","definitions":[{"text":"Typically, an automated sensor that gathers actual state data. Part of the collection system.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"collision","link":"https://csrc.nist.gov/glossary/term/collision","definitions":[{"text":"An event in which two different messages have the same message digest.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Collision "},{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Collision "}]},{"text":"For a given function, a pair of distinct input values that yield the same output value.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Collision "}]},{"text":"In a given context, the equality of two values, usually out of a large number of possible values.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"An instance of duplicate sample values occurring in a dataset.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Collision "}]},{"text":"Two or more distinct inputs produce the same output. Also see hash function.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Collision "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Collision "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Collision "}]}],"seeAlso":[{"text":"Collision resistance","link":"collision_resistance"},{"text":"hash function","link":"hash_function"},{"text":"Hash function"}]},{"term":"Collision resistance","link":"https://csrc.nist.gov/glossary/term/collision_resistance","definitions":[{"text":"An expected property of a cryptographic hash function whereby it is computationally infeasible to find a collision, See “Collision”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"An expected property of a hash function whereby it is computationally infeasible to find a collision, See “Collision”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}],"seeAlso":[{"text":"Collision"},{"text":"Hash function"}]},{"term":"COM","link":"https://csrc.nist.gov/glossary/term/com","abbrSyn":[{"text":"Component Object Model","link":"https://csrc.nist.gov/glossary/term/component_object_model"}],"definitions":null},{"term":"Combined Communications-Electronics Board","link":"https://csrc.nist.gov/glossary/term/combined_communications_electronics_board","abbrSyn":[{"text":"CCEB","link":"https://csrc.nist.gov/glossary/term/cceb"}],"definitions":null},{"term":"Combined Feedback","link":"https://csrc.nist.gov/glossary/term/combined_feedback","abbrSyn":[{"text":"COFB","link":"https://csrc.nist.gov/glossary/term/cofb"}],"definitions":null},{"term":"Command and Control","link":"https://csrc.nist.gov/glossary/term/command_and_control","abbrSyn":[{"text":"C2","link":"https://csrc.nist.gov/glossary/term/c2"}],"definitions":[{"text":"Command and Control' is the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission. Command and control functions are performed through an arrangement of personnel, equipment, communications, facilities, and procedures employed by a commander in planning, directing, coordinating, and controlling forces and operations in the accomplishment of the mission.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"Command Authority","link":"https://csrc.nist.gov/glossary/term/command_authority","abbrSyn":[{"text":"CMDAUTH","link":"https://csrc.nist.gov/glossary/term/cmdauth"}],"definitions":[{"text":"The command authority is responsible for the appointment of user representatives for a department, agency, or organization and their key and granting of modern (electronic) key ordering privileges for those User Representatives.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under command authority ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Command Line Interface","link":"https://csrc.nist.gov/glossary/term/command_line_interface","abbrSyn":[{"text":"CLI","link":"https://csrc.nist.gov/glossary/term/cli"}],"definitions":null},{"term":"Command, Control, and Communications","link":"https://csrc.nist.gov/glossary/term/command_control_and_communications","abbrSyn":[{"text":"C3","link":"https://csrc.nist.gov/glossary/term/c3"}],"definitions":null},{"term":"Command, Control, Communications and Computers","link":"https://csrc.nist.gov/glossary/term/command_control_communications_and_computers","abbrSyn":[{"text":"C4","link":"https://csrc.nist.gov/glossary/term/c4"}],"definitions":null},{"term":"Command, Control, Communications and Intelligence","link":"https://csrc.nist.gov/glossary/term/command_control_communications_and_intelligence","abbrSyn":[{"text":"C3I","link":"https://csrc.nist.gov/glossary/term/c3i"}],"definitions":null},{"term":"Comma-Separated Value","link":"https://csrc.nist.gov/glossary/term/comma_separated_value","abbrSyn":[{"text":".csv","link":"https://csrc.nist.gov/glossary/term/_csv"},{"text":"CSV","link":"https://csrc.nist.gov/glossary/term/csv"}],"definitions":null},{"term":"commercial COMSEC evaluation program (CCEP)","link":"https://csrc.nist.gov/glossary/term/commercial_comsec_evaluation_program","abbrSyn":[{"text":"CCEP","link":"https://csrc.nist.gov/glossary/term/ccep"}],"definitions":[{"text":"Relationship between National Security Agency (NSA) and industry, in which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a NSA-approved product. Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)","note":" - Adapted"}]}]}]},{"term":"Commercial Remote Sensing Regulatory Affairs","link":"https://csrc.nist.gov/glossary/term/commercial_remote_sensing_regulatory_affairs","abbrSyn":[{"text":"CRSRA","link":"https://csrc.nist.gov/glossary/term/crsra"}],"definitions":null},{"term":"commercial solutions for classified (CSfC)","link":"https://csrc.nist.gov/glossary/term/commercial_solutions_for_classified","abbrSyn":[{"text":"CSfC","link":"https://csrc.nist.gov/glossary/term/csfc"}],"definitions":[{"text":"A COTS end-to-end strategy and process in which two or more COTS products can be combined into a solution to protect classified information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Policy 3-14","note":" - Adapted"}]}]}],"seeAlso":[{"text":"layered COTS product solutions","link":"layered_cots_product_solutions"}]},{"term":"commercial-off-the-shelf (COTS)","link":"https://csrc.nist.gov/glossary/term/commercial_off_the_shelf","abbrSyn":[{"text":"COTS","link":"https://csrc.nist.gov/glossary/term/cots"}],"definitions":[{"text":"Software and hardware that already exists and is available from commercial sources. It is also referred to as off-the-shelf.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Commercial off-the-shelf (COTS) ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Commercial off-the-shelf ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]}]},{"text":"A software and/or hardware product that is commercially ready-made and available for sale, lease, or license to the general public.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Policy 3-14"}]}]},{"text":"Hardware and software IT products that are ready-made and available for purchase by the general public.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Commercial-Off-The-Shelf "}]}]},{"term":"Commit-Chain","link":"https://csrc.nist.gov/glossary/term/commit_chain","definitions":[{"text":"A scheme that enables the off-chain processing of transactions by one or more operators with on-chain state update commitments that do not contain per-transaction data.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Committee Draft","link":"https://csrc.nist.gov/glossary/term/committee_draft","abbrSyn":[{"text":"CD","link":"https://csrc.nist.gov/glossary/term/cd"}],"definitions":[{"text":"A Compact Disc(CD)is a class of media from which data are readby optical means.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD "}]}]},{"term":"Committee of Sponsoring Organizations","link":"https://csrc.nist.gov/glossary/term/committee_of_sponsoring_organizations","abbrSyn":[{"text":"COSO","link":"https://csrc.nist.gov/glossary/term/coso"}],"definitions":null},{"term":"Committee of Sponsoring Organizations of the Treadway Commission","link":"https://csrc.nist.gov/glossary/term/committee_of_sponsoring_organizations_treadway_commission","abbrSyn":[{"text":"COSO","link":"https://csrc.nist.gov/glossary/term/coso"}],"definitions":null},{"term":"Committee on National Security Systems","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems","abbrSyn":[{"text":"CNSS","link":"https://csrc.nist.gov/glossary/term/cnss"}],"definitions":null},{"term":"Committee on National Security Systems Advisory Memorandum","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_advisory_memorandum","abbrSyn":[{"text":"CNSSAM","link":"https://csrc.nist.gov/glossary/term/cnssam"}],"definitions":null},{"term":"Committee on National Security Systems Directive","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_directive","abbrSyn":[{"text":"CNSSD","link":"https://csrc.nist.gov/glossary/term/cnssd"}],"definitions":null},{"term":"Committee on National Security Systems Instruction","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_instruction","abbrSyn":[{"text":"CNSSI","link":"https://csrc.nist.gov/glossary/term/cnssi"}],"definitions":null},{"term":"Committee on National Security Systems Policy","link":"https://csrc.nist.gov/glossary/term/committee_on_national_security_systems_policy","abbrSyn":[{"text":"CNSSP","link":"https://csrc.nist.gov/glossary/term/cnssp"}],"definitions":null},{"term":"commodity service","link":"https://csrc.nist.gov/glossary/term/commodity_service","definitions":[{"text":"An information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Commodity Service "}]},{"text":"A system service provided by a commercial service provider to a large and diverse set of consumers. The organization acquiring or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not able to require that the provider implement specific controls.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A system service provided by a commercial service provider to a large and diverse set of consumers. The organization acquiring or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not able to require that the provider implement specific security or privacy controls.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"common access card (CAC)","link":"https://csrc.nist.gov/glossary/term/common_access_card","abbrSyn":[{"text":"CAC","link":"https://csrc.nist.gov/glossary/term/cac"}],"definitions":[{"text":"Standard identification/smart card issued by the Department of Defense (DoD) that has an embedded integrated chip storing public key infrastructure (PKI) certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 1000.13","link":"https://www.esd.whs.mil/Directives/issuances/dodi/","note":" - Adapted"}]}]}]},{"term":"Common Attack Pattern Enumeration and Classification","link":"https://csrc.nist.gov/glossary/term/common_attack_pattern_enumeration_and_classification","abbrSyn":[{"text":"CAPEC","link":"https://csrc.nist.gov/glossary/term/capec"}],"definitions":null},{"term":"Common Biometric Exchange Formats Framework","link":"https://csrc.nist.gov/glossary/term/common_biometric_exchange_formats_framework","abbrSyn":[{"text":"CBEFF","link":"https://csrc.nist.gov/glossary/term/cbeff"}],"definitions":null},{"term":"common carrier","link":"https://csrc.nist.gov/glossary/term/common_carrier","definitions":[{"text":"In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. \nNote: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Carrier "}]},{"text":"In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services.\nNote: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Carrier "}]},{"text":"A telecommunications company that holds itself out to the public for hire to provide communications transmission services.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"common configuration enumeration (CCE)","link":"https://csrc.nist.gov/glossary/term/common_configuration_enumeration","abbrSyn":[{"text":"CCE","link":"https://csrc.nist.gov/glossary/term/cce"}],"definitions":[{"text":"A nomenclature and dictionary of software security configurations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"A SCAP specification that provides unique, common identifiers for configuration settings found in a wide variety of hardware and software products.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Configuration Enumeration (CCE) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"common configuration scoring system (CCSS)","link":"https://csrc.nist.gov/glossary/term/common_configuration_scoring_system","abbrSyn":[{"text":"CCSS","link":"https://csrc.nist.gov/glossary/term/ccss"}],"definitions":[{"text":"A SCAP specification for measuring the severity of software security configuration issues.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Configuration Scoring System (CCSS) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"common control","link":"https://csrc.nist.gov/glossary/term/common_control","definitions":[{"text":"A security control that is inherited by one or more organizational information systems.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Common Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Common Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Common Control "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Common Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Common Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A security control that is inheritable by one or more organizational information systems. See Security Control Inheritance.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"},{"text":"CNSSI 4009"}]}]},{"text":"A security control or privacy control that is inherited by one or more organizational information systems. See Security Control Inheritance or Privacy Control Inheritance.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Common Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]},{"text":"A security control that is inherited by one or more organizational information systems. \nSee security control inheritance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"A security or privacy control that is inherited by multiple information systems or programs.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"control inheritance","link":"control_inheritance"},{"text":"Hybrid Control"},{"text":"hybrid security control","link":"hybrid_security_control"},{"text":"Hybrid Security Control"},{"text":"Privacy Control Inheritance","link":"privacy_control_inheritance"},{"text":"security control inheritance","link":"security_control_inheritance"},{"text":"Security Control Inheritance"}]},{"term":"common control provider","link":"https://csrc.nist.gov/glossary/term/common_control_provider","definitions":[{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inherited by information systems).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Common Control Provider ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Common Control Provider ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Common Control Provider "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Common Control Provider ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Common Control Provider ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inheritable by information systems).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Control Provider ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls and privacy controls inherited by information systems).","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Common Control Provider ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]},{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., controls inheritable by organizational systems).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security or privacy controls inheritable by systems).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]}],"seeAlso":[{"text":"security control provider","link":"security_control_provider"}]},{"term":"common criteria","link":"https://csrc.nist.gov/glossary/term/common_criteria","abbrSyn":[{"text":"CC","link":"https://csrc.nist.gov/glossary/term/cc"}],"definitions":[{"text":"Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Criteria ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A set of internationally accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Common Criteria "}]}]},{"term":"Common Criteria Evaluation and Validation Scheme","link":"https://csrc.nist.gov/glossary/term/common_criteria_evaluation_and_validation_scheme","abbrSyn":[{"text":"CCEVS","link":"https://csrc.nist.gov/glossary/term/ccevs"}],"definitions":null},{"term":"Common Event Format","link":"https://csrc.nist.gov/glossary/term/common_event_format","abbrSyn":[{"text":"CEF","link":"https://csrc.nist.gov/glossary/term/cef"}],"definitions":null},{"term":"common fill device (CFD)","link":"https://csrc.nist.gov/glossary/term/common_fill_device","abbrSyn":[{"text":"CFD"}],"definitions":[{"text":"A COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)","note":" - Adapted"}]}]}]},{"term":"Common Gateway Interface","link":"https://csrc.nist.gov/glossary/term/common_gateway_interface","abbrSyn":[{"text":"CGI","link":"https://csrc.nist.gov/glossary/term/cgi"}],"definitions":null},{"term":"Common Industrial Protocol","link":"https://csrc.nist.gov/glossary/term/common_industrial_protocol","abbrSyn":[{"text":"CIP","link":"https://csrc.nist.gov/glossary/term/cip"}],"definitions":null},{"term":"Common Internet File System","link":"https://csrc.nist.gov/glossary/term/common_internet_file_system","abbrSyn":[{"text":"CIFS","link":"https://csrc.nist.gov/glossary/term/cifs"}],"definitions":null},{"term":"Common Language Runtime","link":"https://csrc.nist.gov/glossary/term/common_language_runtime","abbrSyn":[{"text":"CLR","link":"https://csrc.nist.gov/glossary/term/clr"}],"definitions":null},{"term":"Common Name","link":"https://csrc.nist.gov/glossary/term/common_name","abbrSyn":[{"text":"CN","link":"https://csrc.nist.gov/glossary/term/cn"}],"definitions":[{"text":"An attribute type that is commonly found within a Subject Distinguished Name in an X.500 directory information tree. When identifying machines, it is composed of a fully qualified domain name or IP address.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Common Object Request Broker Architecture","link":"https://csrc.nist.gov/glossary/term/common_object_request_broker_architecture","abbrSyn":[{"text":"CORBA","link":"https://csrc.nist.gov/glossary/term/corba"}],"definitions":null},{"term":"common platform enumeration (CPE)","link":"https://csrc.nist.gov/glossary/term/common_platform_enumeration","abbrSyn":[{"text":"CPE","link":"https://csrc.nist.gov/glossary/term/cpe"}],"definitions":[{"text":"A nomenclature and dictionary of hardware, operating systems, and applications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"A SCAP specification that provides a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Platform Enumeration (CPE) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"common secure configuration","link":"https://csrc.nist.gov/glossary/term/common_secure_configuration","definitions":[{"text":"Recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those system components to meet operational requirements. These benchmarks are also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, and security technical implementation guides.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A recognized standardized and established benchmark (e.g., National Checklist Program, DISA STIGs, CIS Benchmarks, etc.) that stipulates specific secure configuration settings for a given IT platform.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Secure Configuration "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A recognized standardized and established benchmark that stipulates specific secure configuration settings for a given information technology platform.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Common Secure Configuration "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]}]},{"term":"Common Security Control","link":"https://csrc.nist.gov/glossary/term/common_security_control","definitions":[{"text":"Security control that can be applied to one or more agency information systems and has the following properties: (i) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and (ii) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]}]},{"term":"common services provider (CSP)","link":"https://csrc.nist.gov/glossary/term/common_services_provider","definitions":[{"text":"A federal organization that provides National Security System-Public Key Infrastructure (NSS-PKI) support to other federal organizations, academia and industrial partners requiring classified NSS-PKI support but without their own self-managed infrastructures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 507","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"Common Tier 1","link":"https://csrc.nist.gov/glossary/term/common_tier_1","abbrSyn":[{"text":"CT1","link":"https://csrc.nist.gov/glossary/term/ct1"}],"definitions":null},{"term":"common user application software (CUAS)","link":"https://csrc.nist.gov/glossary/term/common_user_application_software","abbrSyn":[{"text":"CUAS","link":"https://csrc.nist.gov/glossary/term/cuas"}],"definitions":[{"text":"User application software developed to run on top of the local COMSEC management software (LCMS) on the local management device/key processor (LMD/KP).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"common vulnerabilities and exposures (CVE)","link":"https://csrc.nist.gov/glossary/term/common_vulnerabilities_and_exposures","abbrSyn":[{"text":"CVE","link":"https://csrc.nist.gov/glossary/term/cve"}],"definitions":[{"text":"A list of entries-each containing an identification number, a description, and at least one public reference-for publicly known CS vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]},{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"An SCAP specification that provides unique, common names for publicly known information system vulnerabilities.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Vulnerabilities and Exposures (CVE) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A dictionary of common names for publicly known information system vulnerabilities.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Common Vulnerabilities and Exposures ","refSources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"}]}]},{"text":"A list of entries, each containing a unique identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities [CVENVD]. This list feeds the National Vulnerability Database (NVD).","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4","refSources":[{"text":"CVE NVD","link":"https://cve.mitre.org/about/cve_and_nvd_relationship.html"}]}]}]},{"term":"Common Vulnerabilities and Exposures identifiers","link":"https://csrc.nist.gov/glossary/term/common_vulnerabilities_and_exposures_identifiers","abbrSyn":[{"text":"CVE ID","link":"https://csrc.nist.gov/glossary/term/cve_id"}],"definitions":[{"text":"An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under CVE ID "}]}]},{"term":"Common Vulnerability Enumeration","link":"https://csrc.nist.gov/glossary/term/common_vulnerability_enumeration","abbrSyn":[{"text":"CVE","link":"https://csrc.nist.gov/glossary/term/cve"}],"definitions":null},{"term":"common vulnerability scoring system (CVSS)","link":"https://csrc.nist.gov/glossary/term/common_vulnerability_scoring_system","abbrSyn":[{"text":"CVSS","link":"https://csrc.nist.gov/glossary/term/cvss"}],"definitions":[{"text":"A system for measuring the relative severity of software flaw vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"An SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Common Vulnerability Scoring System  (CVSS) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"common weakness enumeration (CWE)","link":"https://csrc.nist.gov/glossary/term/common_weakness_enumeration","abbrSyn":[{"text":"CWE","link":"https://csrc.nist.gov/glossary/term/cwe"}],"definitions":[{"text":"A taxonomy for identifying the common sources of software flaws (e.g., buffer overflows, failure to check input data).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST ITL Bulletin, Dec. 2013","link":"/CSRC/media/Publications/Shared/documents/itl-bulletin/itlbul2013-12.pdf"}]},{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A list of known poor coding practices that may be present in software [CWE].","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]},{"text":"See also, weakness.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Common Weakness Scoring System","link":"https://csrc.nist.gov/glossary/term/common_weakness_scoring_system","abbrSyn":[{"text":"CWSS","link":"https://csrc.nist.gov/glossary/term/cwss"}],"definitions":null},{"term":"Communicate-P (Function)","link":"https://csrc.nist.gov/glossary/term/communicate_pf","definitions":[{"text":"Develop and implement appropriate activities to enable organizations and individuals to have a reliable understanding and engage in a dialogue about how data are processed and associated privacy risks.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Communicating group","link":"https://csrc.nist.gov/glossary/term/communicating_group","definitions":[{"text":"A set of communicating entities that employ cryptographic services and need cryptographic keying relationships to enable cryptographically protected communications.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Communications","link":"https://csrc.nist.gov/glossary/term/communications","definitions":[{"text":"The actions and associated activities that are used to exchange information, provide instructions, give details, etc. In the context of this paper, communications refers to the full range of activities involved with providing information to support the secure use of IoT devices. Communications include using such tools as phone calls, emails, user guides, in-person classes, instruction manuals, webinars, written instructions, videos, quizzes, frequently asked questions (FAQ) documents, and any other type of tool for such information exchanges.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"}]}]},{"term":"communications cover","link":"https://csrc.nist.gov/glossary/term/communications_cover","abbrSyn":[{"text":"cover (TRANSEC)","link":"https://csrc.nist.gov/glossary/term/cover"}],"definitions":[{"text":"Result of measures used to obfuscate message externals to resist traffic analysis.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cover (TRANSEC) ","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See cover (TRANSEC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"communications deception","link":"https://csrc.nist.gov/glossary/term/communications_deception","definitions":[{"text":"Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"manipulative communications deception","link":"manipulative_communications_deception"}]},{"term":"Communications Module","link":"https://csrc.nist.gov/glossary/term/communications_module","definitions":[{"text":"The sub-component of a Smart Meter responsible for AMI communications between Smart Meters in the field and the Network Management System. The Communications Module may or may not be a separate electronic element, and/or may include the HAN Interface.","sources":[{"text":"NISTIR 7823","link":"https://doi.org/10.6028/NIST.IR.7823","refSources":[{"text":"SG-AMI 1-2009"}]}]}]},{"term":"Communications Router","link":"https://csrc.nist.gov/glossary/term/communications_router","definitions":[{"text":"A communications device that transfers messages between two networks. Common uses for routers include connecting a LAN to a WAN, and connecting MTUs and RTUs to a long-distance network medium for SCADA communication.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"term":"Communications Satellite","link":"https://csrc.nist.gov/glossary/term/communications_satellite","abbrSyn":[{"text":"COMSAT","link":"https://csrc.nist.gov/glossary/term/comsat"}],"definitions":null},{"term":"communications security","link":"https://csrc.nist.gov/glossary/term/communications_security","abbrSyn":[{"text":"COMSEC","link":"https://csrc.nist.gov/glossary/term/comsec"}],"definitions":[{"text":"A component of Information Assurance that deals with measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes cryptographic security, transmission security, emissions security, and physical security of COMSEC material.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]},{"text":"A component of CS that deals with measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes cryptographic security, transmission security, emissions security, and physical security of COMSEC material and information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under communications security (COMSEC) ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Communications Security Establishment","link":"https://csrc.nist.gov/glossary/term/communications_security_establishment","abbrSyn":[{"text":"CSE","link":"https://csrc.nist.gov/glossary/term/cse"}],"definitions":null},{"term":"Communications Security, Reliability and Interoperability Council","link":"https://csrc.nist.gov/glossary/term/communications_security_reliability_and_interoperability_council","abbrSyn":[{"text":"CSRIC","link":"https://csrc.nist.gov/glossary/term/csric"}],"definitions":null},{"term":"Community cloud","link":"https://csrc.nist.gov/glossary/term/community_cloud","definitions":[{"text":"The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Community Enterprise Operating System","link":"https://csrc.nist.gov/glossary/term/community_enterprise_operating_system","abbrSyn":[{"text":"CentOS","link":"https://csrc.nist.gov/glossary/term/centos"}],"definitions":null},{"term":"community of interest (COI)","link":"https://csrc.nist.gov/glossary/term/community_of_interest","abbrSyn":[{"text":"COI","link":"https://csrc.nist.gov/glossary/term/coi"}],"definitions":[{"text":"A collaborative group of users (working at the appropriate security level or levels) who exchange information in pursuit of their shared goals, interests, missions, or business processes, and must have a shared vocabulary for the information exchanged. The group exchanges information within and between systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Community of Practice","link":"https://csrc.nist.gov/glossary/term/community_of_practice","abbrSyn":[{"text":"CoP","link":"https://csrc.nist.gov/glossary/term/cop"}],"definitions":null},{"term":"community risk","link":"https://csrc.nist.gov/glossary/term/community_risk","definitions":[{"text":"Probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Compact Disc Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/compact_disc_read_only_memory","abbrSyn":[{"text":"CD-ROM","link":"https://csrc.nist.gov/glossary/term/cd_rom"}],"definitions":null},{"term":"Compact Disc-Recordable","link":"https://csrc.nist.gov/glossary/term/compact_disc_recordable","abbrSyn":[{"text":"CD-R","link":"https://csrc.nist.gov/glossary/term/cd_r"}],"definitions":[{"text":"ACompact Disc Recordable(CD-R) is aCD thatcan be written on only once but read manytimes. Also known as WORM.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD-R "}]}]},{"term":"Compact Flash","link":"https://csrc.nist.gov/glossary/term/compact_flash","abbrSyn":[{"text":"CF","link":"https://csrc.nist.gov/glossary/term/cf"}],"definitions":null},{"term":"Comparison","link":"https://csrc.nist.gov/glossary/term/comparison","definitions":[{"text":"Estimation, calculation, or measurement of similarity or dissimilarity between biometric probe(s) and biometric reference(s).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html"}]}]},{"text":"See also Identification.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"The process of comparing a biometric with a previously stored reference. See also “Identification” and “Identity Verification”.","sources":[{"text":"FIPS 201","note":" [version unknown]","refSources":[{"text":"INCITS/M1-040211","link":"https://standards.incits.org/a/public/group/m1"}]}]}],"seeAlso":[{"text":"Identification"},{"text":"Identity Verification"}]},{"term":"compartmentalization","link":"https://csrc.nist.gov/glossary/term/compartmentalization","definitions":[{"text":"A nonhierarchical grouping of information used to control access to data more finely than with hierarchical security classification alone.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Compatible security domains","link":"https://csrc.nist.gov/glossary/term/compatible_security_domains","definitions":[{"text":"Two Security Domains are compatible if they can exchange a key and its metadata without violating (or altering) either domain’s FCKMS security policy.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"compensating controls","link":"https://csrc.nist.gov/glossary/term/compensating_controls","definitions":[{"text":"The security and privacy controls implemented in lieu of the controls in the baselines described in NIST Special Publication 800-53 that provide equivalent or comparable protection for a system or organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The security and privacy controls employed in lieu of the controls in the baselines described in NIST Special Publication 800-53B that provide equivalent or comparable protection for a system or organization.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]}]},{"term":"compensating security control","link":"https://csrc.nist.gov/glossary/term/compensating_security_control","definitions":[{"text":"A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Compensating Security Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Compensating Security Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The security controls employed in lieu of the recommended controls in the security control baselines described in NIST Special Publication 800-53 and CNSS Instruction 1253 that provide equivalent or comparable protection for an information system or organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Compensating Security Controls ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Compensating Security Controls ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST SP 800-53, that provide equivalent or comparable protection for an information system.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Compensating Security Controls "}]},{"text":"The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Compensating Security Controls ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Compensating Security Controls "}]}]},{"term":"Competency","link":"https://csrc.nist.gov/glossary/term/competency","definitions":[{"text":"A mechanism for organizations to assess learners.","sources":[{"text":"NIST SP 800-181 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-181r1"}]},{"text":"defines a competency as the capability of applying or using knowledge, skills, abilities, behaviors, and personal characteristics to successfully perform critical work tasks, specific functions, or operate in a given role or position.","sources":[{"text":"NIST SP 800-181","link":"https://doi.org/10.6028/NIST.SP.800-181","note":" [Superseded]","refSources":[{"text":"DoL Employment and Training Administration","link":"https://www.dol.gov/agencies/eta"}]}]}]},{"term":"competency area","link":"https://csrc.nist.gov/glossary/term/competency_area","definitions":[{"text":"A cluster of related Knowledge and Skill statements that correlates with one’s capability to perform Tasks in a particular domain. Competency Areas can help learners discover areas of interest, inform career planning and development, identify gaps for knowledge and skills development, and provide a means of assessing or demonstrating a learner’s capabilities in the domain.","sources":[{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]}]},{"term":"competent security official","link":"https://csrc.nist.gov/glossary/term/competent_security_official","definitions":[{"text":"Any cognizant security authority or person designated by the cognizant security authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Competition for Authenticated Encryption: Security, Applicability, and Robustness","link":"https://csrc.nist.gov/glossary/term/competition_for_authenticated_encryption_security_applicability_and_robustness","abbrSyn":[{"text":"CAESAR","link":"https://csrc.nist.gov/glossary/term/caesar"}],"definitions":null},{"term":"Complementary Error Function","link":"https://csrc.nist.gov/glossary/term/complementary_error_function","abbrSyn":[{"text":"Erfc","link":"https://csrc.nist.gov/glossary/term/erfc"}],"definitions":[{"text":"See Erfc.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The complementary error function erfc(z) is defined in Section 5.5.3. This function is related to the normal cdf.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Erfc "}]}]},{"term":"Complementary Metal Oxide Semiconductor","link":"https://csrc.nist.gov/glossary/term/complementary_metal_oxide_semiconductor","abbrSyn":[{"text":"CMOS","link":"https://csrc.nist.gov/glossary/term/cmos"}],"definitions":null},{"term":"Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)","link":"https://csrc.nist.gov/glossary/term/completely_automated_public_turing_test_to_tell_computers_and_humans_apart","abbrSyn":[{"text":"CAPTCHA","link":"https://csrc.nist.gov/glossary/term/captcha"}],"definitions":[{"text":"An interactive feature added to web forms to distinguish whether a human or automated agent is using the form. Typically, it requires entering text corresponding to a distorted image or a sound stream.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An interactive feature added to web-forms to distinguish use of the form by humans as opposed to automated agents. Typically, it requires entering text corresponding to a distorted image or from a sound stream.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"complex system","link":"https://csrc.nist.gov/glossary/term/complex_system","definitions":[{"text":"A system in which there are non-trivial relationships between cause and effect: each effect may be due to multiple causes; each cause may contribute to multiple effects; causes and effects may be related as feedback loops, both positive and negative; and cause-effect chains are cyclic and highly entangled rather than linear and separable.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"}]}]}]},{"term":"Compliance audit","link":"https://csrc.nist.gov/glossary/term/compliance_audit","definitions":[{"text":"A comprehensive review of an organization's adherence to governing documents such as whether a Certification Practice Statement satisfies the requirements of a Certificate Policy and whether an organization adheres to its Certification Practice Statement.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Compliance Mapping","link":"https://csrc.nist.gov/glossary/term/compliance_mapping","definitions":[{"text":"The process of correlating CCE settings defined in a source data stream with the security control identifiers defined in [NIST SP 800-53 Rev. 4].","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Component Object Model","link":"https://csrc.nist.gov/glossary/term/component_object_model","abbrSyn":[{"text":"COM","link":"https://csrc.nist.gov/glossary/term/com"}],"definitions":null},{"term":"Component schema","link":"https://csrc.nist.gov/glossary/term/component_schema","definitions":[{"text":"The schema for an SCAP component specification (e.g. XCCDF, CPE, CVSS). Within this document, this term is distinct from “OVAL component schema”, which is defined by the OVAL specification.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Component specification","link":"https://csrc.nist.gov/glossary/term/component_specification","definitions":[{"text":"One of the individual specifications that comprises SCAP.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Component Test","link":"https://csrc.nist.gov/glossary/term/component_test","definitions":[{"text":"A test of individual hardware and software components or groups of related components.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"composed commercial solution","link":"https://csrc.nist.gov/glossary/term/composed_commercial_solution","definitions":[{"text":"Two or more commercial Information Assurance (IA) products layered together to address the security requirements of an operational use case according to National Security Agency (NSA) guidance. A composed solution, once approved by NSA, may take the place of a single certified Government-off-the-Shelf (GOTS) IA product to provide the confidentiality and/or other security services necessary to protect National Security Systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4031","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Comprehensive Test","link":"https://csrc.nist.gov/glossary/term/comprehensive_test","definitions":[{"text":"A test of all systems and components that support a particular IT plan, such as a contingency plan or computer security incident response plan.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"comprehensive testing","link":"https://csrc.nist.gov/glossary/term/comprehensive_testing","abbrSyn":[{"text":"White Box Testing","link":"https://csrc.nist.gov/glossary/term/white_box_testing"}],"definitions":[{"text":"A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Comprehensive Testing ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Comprehensive Testing "}]},{"text":"See Comprehensive Testing.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under White Box Testing "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under White Box Testing "}]},{"text":"(also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing).","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under White Box Testing "}]}],"seeAlso":[{"text":"White Box Testing","link":"white_box_testing"}]},{"term":"Compressed File","link":"https://csrc.nist.gov/glossary/term/compressed_file","definitions":[{"text":"A file reduced in size through the application of a compression algorithm, commonly performed to save disk space. The act of compressing a file makes it unreadable to most programs until the file is uncompressed.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A file reduced in size through the application of a compression algorithm, commonly performed to save disk space. The act of compressing a file will make it unreadable to most programs until the file is uncompressed. Most common compression utilities are PKZIP and WinZip with an extension of .zip.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"compromise","link":"https://csrc.nist.gov/glossary/term/compromise","definitions":[{"text":"A judgment, based on the preponderance of the evidence, that a disclosure of information to unauthorized persons or a violation of the security policy for a system in which unauthorized, intentional or unintentional disclosure, modification, destruction, or loss of an object has occurred.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"The disclosure of classified data to persons not authorized to receive that data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"The unauthorized disclosure, modification or use of sensitive data (e.g., keying material and other security-related information).","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Compromise "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device or process in order to gain unauthorized access.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Compromise (noun) "}]},{"text":"To reduce the trust associated with a key, its metadata, a system, device or process.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Compromise (verb) "}]},{"text":"Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Compromise "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Compromise ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Compromise ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"The unauthorized disclosure, modification, substitution or use of sensitive data (e.g., keying material and other security-related information).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Compromise "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keying material and other security related information).","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, substitution, or use of sensitive information (e.g., a secret key, private key or secret metadata).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., a secret key, private key, or secret metadata).","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, substitution or use of sensitive key information (e.g., a secret key, private key, or secret metadata).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Compromise "}]},{"text":"The unauthorized disclosure, modification, or use of sensitive data (e.g., keying material and other security-related information).","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Compromise "}]}]},{"term":"Compromise recovery","link":"https://csrc.nist.gov/glossary/term/compromise_recovery","definitions":[{"text":"The procedures and processes of restoring a system, device or process that has been compromised back to a secure or trusted state, including destroying compromised keys, replacing compromised keys (as needed), and verifying the secure state of the recovered system.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"compromised key list (CKL)","link":"https://csrc.nist.gov/glossary/term/compromised_key_list","abbrSyn":[{"text":"CKL","link":"https://csrc.nist.gov/glossary/term/ckl"}],"definitions":[{"text":"The set of Key Material Identification Numbers (KMIDs) of all keys in a universal that have been reported compromised. Cryptographic devices will not establish a secure connection with equipment whose KMID is on the CKL.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4032","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A list of named keys that are known or suspected of being compromised.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Compromised key list (CKL) "}]}]},{"term":"Compromised state","link":"https://csrc.nist.gov/glossary/term/compromised_state","definitions":[{"text":"A lifecycle state for a key that is known or suspected of being known by an unauthorized entity.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A key state to which a key is transitioned when there is a suspicion or confirmation of the key’s compromise.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"compromising emanations","link":"https://csrc.nist.gov/glossary/term/compromising_emanations","definitions":[{"text":"Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or information systems equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"COMPUSEC","link":"https://csrc.nist.gov/glossary/term/compusec","note":"(C.F.D.)","abbrSyn":[{"text":"Computer Security"}],"definitions":null},{"term":"Computed Tomography","link":"https://csrc.nist.gov/glossary/term/computed_tomography","abbrSyn":[{"text":"CT","link":"https://csrc.nist.gov/glossary/term/ct"}],"definitions":null},{"term":"Computer","link":"https://csrc.nist.gov/glossary/term/computer","definitions":[{"text":"A device that accepts digital data and manipulates the information based on a program or sequence of instructions for how data is to be processed.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"computer abuse","link":"https://csrc.nist.gov/glossary/term/computer_abuse","definitions":[{"text":"Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer and Financial Investigations","link":"https://csrc.nist.gov/glossary/term/computer_and_financial_investigations","abbrSyn":[{"text":"CFI","link":"https://csrc.nist.gov/glossary/term/cfi"}],"definitions":null},{"term":"Computer Crime and Intellectual Property Section","link":"https://csrc.nist.gov/glossary/term/computer_crime_and_intellectual_property_section","abbrSyn":[{"text":"CCIPS","link":"https://csrc.nist.gov/glossary/term/ccips"}],"definitions":null},{"term":"computer cryptography","link":"https://csrc.nist.gov/glossary/term/computer_cryptography","definitions":[{"text":"Use of a crypto-algorithm program by a computer to authenticate or encrypt/decrypt information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer Emergency Readiness Team","link":"https://csrc.nist.gov/glossary/term/computer_emergency_readiness_team","abbrSyn":[{"text":"CERT","link":"https://csrc.nist.gov/glossary/term/cert"}],"definitions":null},{"term":"Computer Emergency Response Team","link":"https://csrc.nist.gov/glossary/term/computer_emergency_response_team","abbrSyn":[{"text":"CERT","link":"https://csrc.nist.gov/glossary/term/cert"}],"definitions":null},{"term":"Computer Emergency Response Team/Coordination Center","link":"https://csrc.nist.gov/glossary/term/computer_emergency_response_team_coordination_center","abbrSyn":[{"text":"CERT/CC","link":"https://csrc.nist.gov/glossary/term/cert_cc"},{"text":"CERT®/CC"}],"definitions":null},{"term":"Computer Forensic Reference Data Sets","link":"https://csrc.nist.gov/glossary/term/computer_forensic_reference_data_sets","abbrSyn":[{"text":"CFReDS","link":"https://csrc.nist.gov/glossary/term/cfreds"}],"definitions":null},{"term":"Computer Forensic Tool Testing","link":"https://csrc.nist.gov/glossary/term/computer_forensic_tool_testing","abbrSyn":[{"text":"CFTT","link":"https://csrc.nist.gov/glossary/term/cftt"}],"definitions":null},{"term":"computer forensics","link":"https://csrc.nist.gov/glossary/term/computer_forensics","abbrSyn":[{"text":"digital forensics","link":"https://csrc.nist.gov/glossary/term/digital_forensics"}],"definitions":[{"text":"In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence - following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under digital forensics ","refSources":[{"text":"DoDD 5505.13E","link":"https://www.esd.whs.mil/Directives/issuances/dodd/"}]}]},{"text":"See digital forensics.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer Forensics Reference Data Sets","link":"https://csrc.nist.gov/glossary/term/computer_forensics_reference_data_sets","abbrSyn":[{"text":"CFReDS","link":"https://csrc.nist.gov/glossary/term/cfreds"}],"definitions":null},{"term":"Computer Forensics Research and Development Center","link":"https://csrc.nist.gov/glossary/term/computer_forensics_research_and_development_center","abbrSyn":[{"text":"CFRDC","link":"https://csrc.nist.gov/glossary/term/cfrdc"}],"definitions":null},{"term":"Computer Forensics Tool Testing","link":"https://csrc.nist.gov/glossary/term/computer_forensics_tool_testing","abbrSyn":[{"text":"CFTT","link":"https://csrc.nist.gov/glossary/term/cftt"}],"definitions":null},{"term":"Computer Incident Response Capability","link":"https://csrc.nist.gov/glossary/term/computer_incident_response_capability","abbrSyn":[{"text":"CIRC","link":"https://csrc.nist.gov/glossary/term/circ"}],"definitions":null},{"term":"Computer Incident Response Center","link":"https://csrc.nist.gov/glossary/term/computer_incident_response_center","abbrSyn":[{"text":"CIRC","link":"https://csrc.nist.gov/glossary/term/circ"}],"definitions":null},{"term":"computer incident response team (CIRT)","link":"https://csrc.nist.gov/glossary/term/computer_incident_response_team","abbrSyn":[{"text":"CIRT","link":"https://csrc.nist.gov/glossary/term/cirt"}],"definitions":[{"text":"Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team).","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Computer Incident Response Team (CIRT) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Group of individuals usually consisting of security analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Cyber Incident Response Team, Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center or Computer Incident Response Capability).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer Information Security Officer","link":"https://csrc.nist.gov/glossary/term/computer_information_security_officer","abbrSyn":[{"text":"CISO","link":"https://csrc.nist.gov/glossary/term/ciso"}],"definitions":null},{"term":"Computer Integrated Manufacturing","link":"https://csrc.nist.gov/glossary/term/computer_integrated_manufacturing","abbrSyn":[{"text":"CIM","link":"https://csrc.nist.gov/glossary/term/cim"}],"definitions":null},{"term":"computer network attack (CNA)","link":"https://csrc.nist.gov/glossary/term/computer_network_attack","abbrSyn":[{"text":"CNA","link":"https://csrc.nist.gov/glossary/term/cna"},{"text":"Cyber Attack","link":"https://csrc.nist.gov/glossary/term/cyber_attack"}],"definitions":[{"text":"An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Cyber Attack ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Cyber Attack ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Cyber Attack ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Cyber Attack ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. \nNote: Within DoD, Joint Publication 3-13, \"Information Operations, \" 27 November 2012 approved the removal the terms and definitions of computer network attack (CNA), computer network defense (CND), computer network exploitation, and computer network operations (CNO) from JP -1-02, \"Department of Defense Dictionary of Military Terms and Associated Terms.\" This term and definition is no longer published in JP 1-02. This publication is the primary terminology source when preparing correspondence, to include policy, strategy, doctrine, and planning documents. The terms are no longer used in issuances being updated within DoD. JP 1-02, following publication of JP 3-12, \"Cyberspace Operations\" provides new terms and definitions such as cyberspace, cyberspace operations, cyberspace superiority, defensive cyberspace operation response action, defensive cyberspace operations, Department of Defense information network operations, and offensive cyberspace operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"computer network defense (CND)","link":"https://csrc.nist.gov/glossary/term/computer_network_defense","abbrSyn":[{"text":"CND","link":"https://csrc.nist.gov/glossary/term/cnd"},{"text":"cyberspace defense","link":"https://csrc.nist.gov/glossary/term/cyberspace_defense"}],"definitions":[{"text":"Actions taken within protected cyberspace to defeat specific threats that have breached or are threatening to breach cyberspace security measures and include actions to detect, characterize, counter, and mitigate threats, including malware or the unauthorized activities of users, and to restore the system to a secure configuration.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cyberspace defense ","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"Actions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities. \nNote: Within DoD, term was approved for deletion from JP 1-02 (DoD Dictionary) by issuance of JP 3-13, \"Information Operations\". This term has been replaced by the use of “cyberspace defense\" used in JP 3-12, \"Cyberspace Operations.\" Original source of term was JP 1-02 (DoD Dictionary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"computer network exploitation (CNE)","link":"https://csrc.nist.gov/glossary/term/computer_network_exploitation","abbrSyn":[{"text":"CNE","link":"https://csrc.nist.gov/glossary/term/cne"},{"text":"cyberspace exploitation","link":"https://csrc.nist.gov/glossary/term/cyberspace_exploitation"}],"definitions":[{"text":"Actions taken in cyberspace to gain intelligence, maneuver, collect information, or perform other enabling actions required to prepare for future military operations."},{"text":"Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary information systems or networks. \nNote: Within the Department of Defense (DoD), term was approved for deletion from JP 1-02 (DoD Dictionary). Original source of term was JP 1-02 (DoD Dictionary). The military no longer uses this term to describe these operations, but it is still used outside of military operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"computer network operations (CNO)","link":"https://csrc.nist.gov/glossary/term/computer_network_operations","abbrSyn":[{"text":"CNO","link":"https://csrc.nist.gov/glossary/term/cno"},{"text":"cyberspace operations (CO)","link":"https://csrc.nist.gov/glossary/term/cyberspace_operations"}],"definitions":[{"text":"The employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cyberspace operations (CO) ","refSources":[{"text":"DoD JP 3-0","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. \nNote: Within the Department of Defense (DoD), term was approved for deletion from JP 1-02 (DoD Dictionary). This term has been replaced by the use of \" cyberspace operations\" used in JP 3-12, \"Cyberspace Operations.\" Original source of term was JP 1-02 (DoD Dictionary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer Numerical Control","link":"https://csrc.nist.gov/glossary/term/computer_numerical_control","abbrSyn":[{"text":"CNC","link":"https://csrc.nist.gov/glossary/term/cnc"}],"definitions":null},{"term":"Computer Security Division","link":"https://csrc.nist.gov/glossary/term/computer_security_division","abbrSyn":[{"text":"CSD","link":"https://csrc.nist.gov/glossary/term/csd"}],"definitions":null},{"term":"Computer Security Incident","link":"https://csrc.nist.gov/glossary/term/computer_security_incident","abbrSyn":[{"text":"incident","link":"https://csrc.nist.gov/glossary/term/incident"}],"definitions":[{"text":"An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. See cyber incident. See also event, security-relevant, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"See “incident.”","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]},{"text":"See incident.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under computer security incident ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under incident ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of a system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of a project, product, service, or system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Computer Security Incident Response Capability","link":"https://csrc.nist.gov/glossary/term/computer_security_incident_response_capability","abbrSyn":[{"text":"CSIRC","link":"https://csrc.nist.gov/glossary/term/csirc"}],"definitions":null},{"term":"Computer Security Incident Response Team (CSIRT)","link":"https://csrc.nist.gov/glossary/term/computer_security_incident_response_team","abbrSyn":[{"text":"CSIRT","link":"https://csrc.nist.gov/glossary/term/csirt"}],"definitions":[{"text":"A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability).","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]}]},{"term":"Computer Security Log Management","link":"https://csrc.nist.gov/glossary/term/computer_security_log_management","definitions":[{"text":"Log management for computer security log data only.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"computer security object","link":"https://csrc.nist.gov/glossary/term/computer_security_object","abbrSyn":[{"text":"CSO","link":"https://csrc.nist.gov/glossary/term/cso"}],"definitions":[{"text":"A resource, tool, or mechanism used to maintain a condition of security in a computerized environment. These objects are defined in terms of attributes they possess, operations they perform or are performed on them, and their relationship with other objects.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 188","link":"https://doi.org/10.6028/NIST.FIPS.188"}]}]},{"text":"Information object used to maintain a condition of security in computerized environments.  Examples are: representations of computer or communications systems resources, security label semantics, modes of operation for cryptographic algorithms, and one-way hashing functions.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308"}]}]},{"term":"Computer Security Program","link":"https://csrc.nist.gov/glossary/term/computer_security_program","definitions":[{"text":"synonymous withIT Security Program.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Computer Security Resource Center","link":"https://csrc.nist.gov/glossary/term/computer_security_resource_center","abbrSyn":[{"text":"CSRC","link":"https://csrc.nist.gov/glossary/term/csrc"}],"definitions":null},{"term":"computer security subsystem","link":"https://csrc.nist.gov/glossary/term/computer_security_subsystem","note":"(C.F.D.)","definitions":[{"text":"Hardware/software designed to provide computer security features in a larger system environment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Computer System Security and Privacy Advisory Board","link":"https://csrc.nist.gov/glossary/term/computer_system_security_and_privacy_advisory_board","abbrSyn":[{"text":"CSSPAB","link":"https://csrc.nist.gov/glossary/term/csspab"}],"definitions":null},{"term":"Computer-aided Dispatch","link":"https://csrc.nist.gov/glossary/term/computer_aided_dispatch","abbrSyn":[{"text":"CAD","link":"https://csrc.nist.gov/glossary/term/cad"}],"definitions":null},{"term":"computerized telephone system (CTS)","link":"https://csrc.nist.gov/glossary/term/computerized_telephone_system","abbrSyn":[{"text":"CTS","link":"https://csrc.nist.gov/glossary/term/cts"}],"definitions":[{"text":"A generic term used to describe any telephone system that uses centralized stored program computer technology to provide switched telephone networking features and/or VoIP services."},{"text":"A generic term used to describe any telephone system that uses centralized stored program computer technology to provide switched telephone networking features and services. CTSs are referred to commercially, by such terms, as: computerized private branch exchange (CPBX); private branch exchange (PBX); private automatic branch exchange (PABX); electronic private automatic branch exchange (EABX); computerized branch exchange (CBX); computerized key telephone systems (CKTS); hybrid key systems; business communications systems; and office communications systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 5002","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Computing Device","link":"https://csrc.nist.gov/glossary/term/computing_device","definitions":[{"text":"A functional unit that can perform substantial computations, including numerous arithmetic operations and logic operations without human intervention. A computing device can consist of a standalone unit or several interconnected units. It can also be a device that provides a specific set of functions, such as a phone or a personal organizer, or more general functions such as a laptop or desktop computer.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"A machine (real or virtual) for performing calculations automatically (including, but not limited to, computer, servers, routers, switches, etc.)","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"computing environment","link":"https://csrc.nist.gov/glossary/term/computing_environment","definitions":[{"text":"Workstation or server (host) and its operating system, peripherals, and applications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSAT","link":"https://csrc.nist.gov/glossary/term/comsat","abbrSyn":[{"text":"Communications Satellite","link":"https://csrc.nist.gov/glossary/term/communications_satellite"}],"definitions":null},{"term":"COMSEC","link":"https://csrc.nist.gov/glossary/term/comsec","abbrSyn":[{"text":"Communications Security"}],"definitions":null},{"term":"COMSEC account","link":"https://csrc.nist.gov/glossary/term/comsec_account","definitions":[{"text":"An administrative entity identified by an account number, used to maintain accountability, custody and control of COMSEC material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC account audit","link":"https://csrc.nist.gov/glossary/term/comsec_account_audit","definitions":[{"text":"Inventory and reconciliation of the holdings, records, and procedures of a COMSEC account ensuring all accountable COMSEC material is properly handled and safeguarded. An audit must include an administrative review of procedures, a 100% sighting of all TOP SECRET keying material marked CRYPTO (both physical and electronic) to include hand receipt holders, and a random sampling of all other applicable material (including other keying material, classified and unclassified COMSEC equipment on hand in the account, and on hand receipt).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)","note":" - Adapted"}]}]}]},{"term":"COMSEC account manager","link":"https://csrc.nist.gov/glossary/term/comsec_account_manager","abbrSyn":[{"text":"COMSEC custodian","link":"https://csrc.nist.gov/glossary/term/comsec_custodian"},{"text":"COMSEC manager","link":"https://csrc.nist.gov/glossary/term/comsec_manager"}],"definitions":[{"text":"An individual designated by proper authority to be responsible for the receipt, transfer, accountability, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. This applies to both primary accounts and subaccounts. The equivalent key management infrastructure (KMI) position is the KMI operating account (KOA) manager.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. \nRationale: Term has been replaced by the term “COMSEC account manager”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC custodian ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"Individual who manages the COMSEC resources of an organization. \nRationale: The more accurate and used term is “COMSEC account manager”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC manager "}]}]},{"term":"COMSEC aids","link":"https://csrc.nist.gov/glossary/term/comsec_aids","definitions":[{"text":"All COMSEC material other than equipment or devices, which assist in securing telecommunications and is required in the production, operation, and maintenance of COMSEC systems and their components. Some examples are: COMSEC keying material, and supporting documentation, such as operating and maintenance manuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC assembly","link":"https://csrc.nist.gov/glossary/term/comsec_assembly","note":"(C.F.D.)","definitions":[{"text":"Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC boundary","link":"https://csrc.nist.gov/glossary/term/comsec_boundary","note":"(C.F.D.)","definitions":[{"text":"Definable perimeter encompassing all hardware, firmware, and software components performing critical COMSEC functions, such as key generation, handling, and storage. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC chip set","link":"https://csrc.nist.gov/glossary/term/comsec_chip_set","note":"(C.F.D.)","definitions":[{"text":"Collection of NSA approved microchips. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC control program","link":"https://csrc.nist.gov/glossary/term/comsec_control_program","note":"(C.F.D.)","definitions":[{"text":"Computer instructions or routines controlling or affecting the externally performed functions of key generation, key distribution, message encryption/decryption, or authentication. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC custodian","link":"https://csrc.nist.gov/glossary/term/comsec_custodian","note":"(C.F.D.)","abbrSyn":[{"text":"COMSEC account manager","link":"https://csrc.nist.gov/glossary/term/comsec_account_manager"}],"definitions":[{"text":"An individual designated by proper authority to be responsible for the receipt, transfer, accountability, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. This applies to both primary accounts and subaccounts. The equivalent key management infrastructure (KMI) position is the KMI operating account (KOA) manager.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC account manager ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. \nRationale: Term has been replaced by the term “COMSEC account manager”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC demilitarization","link":"https://csrc.nist.gov/glossary/term/comsec_demilitarization","note":"(C.F.D.)","abbrSyn":[{"text":"demilitarize","link":"https://csrc.nist.gov/glossary/term/demilitarize"}],"definitions":[{"text":"The process of preparing National Security System equipment for disposal by extracting all CCI, classified, or CRYPTO-marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under demilitarize ","refSources":[{"text":"CNSSI 4004.1","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"Process of preparing COMSEC equipment for disposal by extracting all controlled cryptographic item (CCI), classified, or CRYPTO marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk. \nRationale: Demilitarize is the proper term and does not apply solely to COMSEC.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSEC element","link":"https://csrc.nist.gov/glossary/term/comsec_element","note":"(C.F.D.)","definitions":[{"text":"Removable item of COMSEC equipment, assembly, or subassembly; normally consisting of a single piece or group of replaceable parts. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC emergency","link":"https://csrc.nist.gov/glossary/term/comsec_emergency","definitions":[{"text":"A tactical operational situation, as perceived by the responsible person/officer in charge, in which the alternative to strict compliance with procedural restrictions affecting use of a COMSEC equipment would be plain text communication.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA NAG 16F"}]}]}]},{"term":"COMSEC end-item","link":"https://csrc.nist.gov/glossary/term/comsec_end_item","definitions":[{"text":"Equipment or combination of components ready for use in a COMSEC application.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC equipment","link":"https://csrc.nist.gov/glossary/term/comsec_equipment","definitions":[{"text":"Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes cryptographic-equipment, crypto-ancillary equipment, cryptographic production equipment, and authentication equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC facility","link":"https://csrc.nist.gov/glossary/term/comsec_facility","definitions":[{"text":"The space used for generating, storing, repairing, or using COMSEC material. The COMSEC material may be in either physical or electronic form. Unless otherwise noted, the term \"COMSEC facility\" refers to all types of COMSEC facilities, including telecommunications facilities, and includes platforms such as ships, aircraft, and vehicles.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"COMSEC incident","link":"https://csrc.nist.gov/glossary/term/comsec_incident","definitions":[{"text":"Any occurrence that potentially jeopardizes the security of COMSEC material or the secure transmission of national security information. COMSEC Incident includes Cryptographic Incident, Personnel Incident, Physical Incident, and Protective Technology/Package Incident.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - NSA/CSS Manual Number 3-16 (COMSEC) "}]}]}]},{"term":"COMSEC Incident Monitoring Activity","link":"https://csrc.nist.gov/glossary/term/comsec_incident_monitoring_activity","abbrSyn":[{"text":"CIMA","link":"https://csrc.nist.gov/glossary/term/cima"}],"definitions":[{"text":"The office within a department or agency maintaining a record of COMSEC incidents caused by elements of that department or agency, and ensuring all actions required of those elements are completed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC Incident Monitoring Activity (CIMA) ","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"CNSSI 4032","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"COMSEC insecurity","link":"https://csrc.nist.gov/glossary/term/comsec_insecurity","definitions":[{"text":"A COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"COMSEC manager","link":"https://csrc.nist.gov/glossary/term/comsec_manager","note":"(C.F.D.)","abbrSyn":[{"text":"COMSEC account manager","link":"https://csrc.nist.gov/glossary/term/comsec_account_manager"}],"definitions":[{"text":"An individual designated by proper authority to be responsible for the receipt, transfer, accountability, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. This applies to both primary accounts and subaccounts. The equivalent key management infrastructure (KMI) position is the KMI operating account (KOA) manager.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC account manager ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Individual who manages the COMSEC resources of an organization. \nRationale: The more accurate and used term is “COMSEC account manager”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSEC material","link":"https://csrc.nist.gov/glossary/term/comsec_material","definitions":[{"text":"Item(s) designed to secure or authenticate telecommunications. COMSEC material includes, but is not limited to key, equipment, modules, devices, documents, hardware, firmware, or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. This includes Controlled Cryptographic Item (CCI) equipment, Cryptographic High Value Products (CHVP) and other Commercial National Security Algorithm (CNSA) equipment, etc. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"COMSEC assembly","link":"comsec_assembly"},{"text":"COMSEC boundary","link":"comsec_boundary"},{"text":"COMSEC chip set","link":"comsec_chip_set"},{"text":"COMSEC control program","link":"comsec_control_program"},{"text":"COMSEC element","link":"comsec_element"},{"text":"COMSEC module","link":"comsec_module"}]},{"term":"COMSEC material control system","link":"https://csrc.nist.gov/glossary/term/comsec_material_control_system","abbrSyn":[{"text":"CMCS","link":"https://csrc.nist.gov/glossary/term/cmcs"}],"definitions":[{"text":"The logistics and accounting system through which COMSEC material marked CRYPTO is distributed, controlled, and safeguarded. Included are the COMSEC central offices of record (COR), cryptologistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS. Electronic Key Management System (EKMS) and Key Management Infrastructure (KMI) are examples of tools used by the CMCS to accomplish its functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC material control system (CMCS) ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"COMSEC module","link":"https://csrc.nist.gov/glossary/term/comsec_module","note":"(C.F.D.)","definitions":[{"text":"Removable component that performs COMSEC functions in a telecommunications equipment or system. \nRationale: The term falls under the broader term “COMSEC material”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"COMSEC material","link":"comsec_material"}]},{"term":"COMSEC monitoring","link":"https://csrc.nist.gov/glossary/term/comsec_monitoring","definitions":[{"text":"The act of listening to, copying, or recording transmissions of one's own official telecommunications to provide material for analysis in order to determine the degree of security being provided to those transmissions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSD 600","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"COMSEC profile","link":"https://csrc.nist.gov/glossary/term/comsec_profile","note":"(C.F.D.)","definitions":[{"text":"Statement of COMSEC measures and materials used to protect a given operation, system, or organization. \nRationale: No known reference for this term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSEC service authority","link":"https://csrc.nist.gov/glossary/term/comsec_service_authority","abbrSyn":[{"text":"service authority","link":"https://csrc.nist.gov/glossary/term/service_authority"}],"definitions":[{"text":"See service authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"COMSEC software","link":"https://csrc.nist.gov/glossary/term/comsec_software","definitions":[{"text":"Includes all types of COMSEC material, except key, in electronic or physical form. This includes all classifications of unencrypted software, and all associated data used to design, create, program, or run that software. It also, includes all types of source/executable/object code and associated files that implement, execute, embody, contain, or describe cryptographic mechanisms, functions, capabilities, or requirements. COMSEC software also includes transmission security (TRANSEC) software and may include any software used for purposes of providing confidentiality, integrity, authentication, authorization, or availability services to information in electronic form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"COMSEC survey","link":"https://csrc.nist.gov/glossary/term/comsec_survey","note":"(C.F.D.)","definitions":[{"text":"Organized collection of COMSEC and communications information relative to a given operation, system, or organization. \nRationale: No known reference for this term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSEC system data","link":"https://csrc.nist.gov/glossary/term/comsec_system_data","note":"(C.F.D.)","definitions":[{"text":"Information required by a COMSEC equipment or system to enable it to properly handle and control key. \nRationale: No known reference for this term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"COMSEC training","link":"https://csrc.nist.gov/glossary/term/comsec_training","definitions":[{"text":"Teaching of skills relating to COMSEC accounting and the use of COMSEC aids.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"CONAUTH","link":"https://csrc.nist.gov/glossary/term/conauth","abbrSyn":[{"text":"Controlling Authority"}],"definitions":null},{"term":"Concatenation","link":"https://csrc.nist.gov/glossary/term/concatenation","definitions":[{"text":"The concatenation of bit strings A and B.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under A || B "}]},{"text":"As used in this Recommendation, the concatenation X || Y of bit string X followed by bit string Y is the ordered sequence of bits formed by appending Y to X in such a way that the leftmost (i.e., initial) bit of Y follows the rightmost (i.e., final) bit of X.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"The concatenation of two bit strings X and Y.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under X || Y "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under X || Y "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under X || Y "}]},{"text":"The concatenation of bit strings X and Y.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under X || Y "}]},{"text":"Concatenation; e.g. A || B is the concatenation of bit strings A and B.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under || "}]},{"text":"The concatenation of binary strings A and B.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under A || B "}]},{"text":"Concatenation","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under || "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under || "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under || "}]},{"text":"Concatenation operation; for example, a || b means that string b is appended after string a.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under || "}]},{"text":"For strings X and Y, X || Y is the concatenation of X and Y. For example, 11001 || 010 = 11001010.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under X || Y "}]},{"text":"Concatenation of two bit strings X and Y.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under X || Y "}]},{"text":"Concatenation of two strings X and Y.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under X || Y "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under X || Y "}]},{"text":"Concatenation of two strings X and Y. X andYare either both bitstrings or both byte strings.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under X || Y "}]}]},{"term":"concept crosswalk","link":"https://csrc.nist.gov/glossary/term/concept_crosswalk","definitions":[{"text":"A concept relationship style that identifies that a relationship exists between two concepts without any additional characterization of that relationship.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]},{"text":"An OLIR that indicates relationships between pairs of elements without additional characterization of those relationships.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Concept Crosswalk OLIR "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Concept Crosswalk OLIR "}]}]},{"term":"concept mapping","link":"https://csrc.nist.gov/glossary/term/concept_mapping","abbrSyn":[{"text":"Mapping","link":"https://csrc.nist.gov/glossary/term/mapping"}],"definitions":[{"text":"An indication that one concept is related to another concept.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]},{"text":"Depiction of how data from one information source maps to data from another information source.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Mapping "},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Mapping "}]}]},{"term":"concept of operations","link":"https://csrc.nist.gov/glossary/term/concept_of_operations","abbrSyn":[{"text":"CONOP","link":"https://csrc.nist.gov/glossary/term/conop"},{"text":"CONOPS"},{"text":"operational concept","link":"https://csrc.nist.gov/glossary/term/operational_concept"},{"text":"security concept of operations"}],"definitions":[{"text":"Verbal and graphic statement, in broad outline, of an organization’s assumptions or intent in regard to an operation or series of operations of new, modified, or existing organizational systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ANSI/AIAA G-043B-2018","link":"https://webstore.ansi.org/standards/aiaa/ansiaiaa043b2018"}]}]},{"text":"Verbal and graphic statement of an organization’s assumptions or intent in regard to an operation or series of operations of a specific system or a related set of specific new, existing, or modified systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under operational concept ","refSources":[{"text":"ANSI/AIAA G-043B-2018","link":"https://webstore.ansi.org/standards/aiaa/ansiaiaa043b2018"}]}]},{"text":"See security concept of operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A security-focused description of a system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission. \nNote 1: The security concept of operations may address security for other life cycle concepts associated with the deployed system. These include, for example, concepts for sustainment, logistics, maintenance, and training. \nNote 2: Security concept of operations is not the same as concept for secure function. Concept for secure function addresses the design philosophy for the system and is intended to achieve a system that is able to be used in a trustworthy secure manner. The security concept of operations must be consistent with the concept for secure function.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security concept of operations ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"A security-focused description of a system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.\nNote 1: The security concept of operations may address security for other life cycle concepts associated with the deployed system. These include, for example, concepts for sustainment, logistics, maintenance, and training.\nNote 2: Security concept of operations is not the same as concept for secure function. Concept for secure function addresses the design philosophy for the system and is intended to achieve a system that is able to be used in a trustworthy secure manner. The security concept of operations must be consistent with the concept for secure function.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security concept of operations ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"concept of secure function","link":"https://csrc.nist.gov/glossary/term/concept_of_secure_function","definitions":[{"text":"A strategy for the achievement of secure system function that embodies the preemptive and reactive protection capabilities of the system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A strategy for achievement of secure system function that embodies proactive and reactive protection capability of the system. \nNote 1: This strategy strives to prevent, minimize, or detect the events and conditions that can lead to the loss of an asset and the resultant adverse impact; prevent, minimize, or detect the loss of an asset or adverse asset impact; continuously deliver system capability at some acceptable level despite the impact of threats or uncertainty; and recover from an adverse asset impact to restore full system capability or to recover to some acceptable level of system capability. \nNote 2: The concept of secure function is adapted from historical and other secure system concepts such as Philosophy of Protection, Theory of Design and Operation, and Theory of Compliance.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A strategy for achievement of secure system function that embodies proactive and reactive protection capability of the system.\nNote 1: This strategy strives to prevent, minimize, or detect the events and conditions that can lead to the loss of an asset and the resultant adverse impact; prevent, minimize, or detect the loss of an asset or adverse asset impact; continuously deliver system capability at some acceptable level despite the impact of threats or uncertainty; and recover from an adverse asset impact to restore full system capability or to recover to some acceptable level of system capability.\nNote 2: The concept of secure function is adapted from historical and other secure system concepts such as Philosophy of Protection, Theory of Design and Operation, and Theory of Compliance.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"concept relationship style","link":"https://csrc.nist.gov/glossary/term/concept_relationship_style","abbrSyn":[{"text":"relationship style","link":"https://csrc.nist.gov/glossary/term/relationship_style"}],"definitions":[{"text":"An explicitly defined convention for characterizing relationships for a use case.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]},{"text":"An explicitly defined convention for characterizing relationships for a user case. OLIR supports three concept relationship styles: concept crosswalk, set theory relationship mapping, and supportive relationship mapping.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Concept Relationship Style "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Concept Relationship Style "}]}]},{"term":"concept source","link":"https://csrc.nist.gov/glossary/term/concept_source","definitions":[{"text":"A document or other resource that contains definitions of concepts.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]}]},{"term":"concept system","link":"https://csrc.nist.gov/glossary/term/concept_system","definitions":[{"text":"A “set of concepts structured in one or more related domains according to the concept relations among its concepts.”","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477","refSources":[{"text":"ISO 1087:2019","link":"https://www.iso.org/standard/62330.html"}]}]}]},{"term":"concept type","link":"https://csrc.nist.gov/glossary/term/concept_type","definitions":[{"text":"A category of concepts found within a particular domain.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]}]},{"term":"concern","link":"https://csrc.nist.gov/glossary/term/concern","definitions":[{"text":"Matter of interest or importance to a stakeholder.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"concern (system)","link":"https://csrc.nist.gov/glossary/term/concern_system","definitions":[{"text":"Interest in a system relevant to one or more of its stakeholders.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"Concise Binary Object Representation","link":"https://csrc.nist.gov/glossary/term/concise_binary_object_representation","abbrSyn":[{"text":"CBOR","link":"https://csrc.nist.gov/glossary/term/cbor"}],"definitions":null},{"term":"Condition coverage","link":"https://csrc.nist.gov/glossary/term/condition_coverage","definitions":[{"text":"The percentage of conditions within decision expressions that have been evaluated to both true and false. Note that 100% condition coverage does not guarantee 100% decision coverage. For example, “if (A || B) {do something} else {do something else}” is tested with [0 1], [1 0], then A and B will both have been evaluated to 0 and 1, but the else branch will not be taken because neither test leaves both A and B false.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"conditioning function","link":"https://csrc.nist.gov/glossary/term/conditioning_function","definitions":[{"text":"A deterministic function used to reduce bias and/or improve the entropy per bit.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]}]},{"term":"Confidential Compute Architecture","link":"https://csrc.nist.gov/glossary/term/confidential_compute_architecture","note":"(Arm)","abbrSyn":[{"text":"CCA","link":"https://csrc.nist.gov/glossary/term/cca"}],"definitions":null},{"term":"Confidential Computing","link":"https://csrc.nist.gov/glossary/term/confidential_computing","definitions":[{"text":"Hardware-enabled features that isolate and process encrypted data in memory so that the data is at less risk of exposure and compromise from concurrent workloads or the underlying system and platform.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"Confidentiality Impact","link":"https://csrc.nist.gov/glossary/term/confidentiality_impact","definitions":[{"text":"measures the potential impact on confidentiality of a successfully exploited misuse vulnerability. Confidentiality refers to limiting information access and disclosure and system access to only authorized users, as well as preventing access by, or disclosure to, unauthorized parties.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Confidentiality Key","link":"https://csrc.nist.gov/glossary/term/confidentiality_key","abbrSyn":[{"text":"CK","link":"https://csrc.nist.gov/glossary/term/ck"}],"definitions":null},{"term":"Confidentiality Mode","link":"https://csrc.nist.gov/glossary/term/confidentiality_mode","definitions":[{"text":"A mode that is used to encipher plaintext and decipher ciphertext. The confidentiality modes in this recommendation are the ECB, CBC, CFB, OFB, and CTR modes.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"confidentiality, integrity, availability","link":"https://csrc.nist.gov/glossary/term/confidentiality_integrity_availability","abbrSyn":[{"text":"CIA","link":"https://csrc.nist.gov/glossary/term/cia"}],"definitions":[{"text":"C = Confidentiality assurance, I = Integrity assurance, A = Availability assurance","sources":[{"text":"NISTIR 7609","link":"https://doi.org/10.6028/NIST.IR.7609","underTerm":" under CIA "}]}]},{"term":"Configurable","link":"https://csrc.nist.gov/glossary/term/configurable","definitions":[{"text":"A characteristic of a system, device, or software that allows it to be changed by an entity authorized to select or reject specific capabilities to be included in an operational, configured version.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"configuration","link":"https://csrc.nist.gov/glossary/term/configuration","definitions":[{"text":"A collection of an item's descriptive and governing characteristics, which can be expressed in functional terms - i.e., what performance the item is expected to achieve - and in physical terms - i.e., what the item should look like and consist of when it is built. Represents the requirements, design, and implementation that define a particular version of a system or system component."},{"text":"Step in system design; for example, selecting functional units, assigning their locations, and defining their interconnections.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Configuration (of a system or device) ","refSources":[{"text":"IEC/PAS 62409","link":"https://webstore.iec.ch/publication/20717"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Configuration (of a system or device) "}]},{"text":"The possible conditions, parameters, and specifications with which an information system or system component can be described or arranged.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration "},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Configuration ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"The selection of one of the sets of possible combinations of features of a system.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Configuration ","refSources":[{"text":"ITSEC Ver. 1.2"}]}]},{"text":"“The possible conditions, parameters, and specifications with which an information system or system component can be described or arranged.” The Device Configuration capability does not define which configuration settings should exist, simply that a mechanism to manage configuration settings exists.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","underTerm":" under Configuration ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"The possible conditions, parameters, and specifications with which an information system or system component can be described or arranged. The Device Configuration capability does not define which configuration settings should exist, simply that a mechanism to manage configuration settings exists.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under Configuration ","refSources":[{"text":"IoT Safety Architecture and Risk Toolkit v4.0","link":"https://www.agelight.com/iot","note":" - Adapted"}]},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Configuration ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]}]},{"term":"configuration baseline","link":"https://csrc.nist.gov/glossary/term/configuration_baseline","abbrSyn":[{"text":"Baseline Configuration"}],"definitions":[{"text":"A documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Baseline Configuration "}]},{"text":"A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Baseline Configuration "}]},{"text":"See Baseline Configuration.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Baseline "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"configuration control","link":"https://csrc.nist.gov/glossary/term/configuration_control","definitions":[{"text":"Process for controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modifications before, during, and after system implementation.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Configuration Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Configuration Control (or Configuration Management) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Process for controlling modifications to hardware, firmware, software, and documentation to ensure that the information system is protected against improper modifications before, during, and after system implementation.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Configuration Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications before, during, and after system implementation.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Configuration Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Configuration Control "}]},{"text":"Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modifications prior to, during, and after system implementation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"Process for controlling modifications to hardware, firmware, software, and documentation to protect the system against improper modifications before, during, and after system implementation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]}]},{"term":"configuration control board (CCB)","link":"https://csrc.nist.gov/glossary/term/configuration_control_board","abbrSyn":[{"text":"CCB","link":"https://csrc.nist.gov/glossary/term/ccb"}],"definitions":[{"text":"A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under configuration control board ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system. ","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Control Board ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Establishment of and charter for a group of qualified people with responsibility for the process of controlling and approving changes throughout the development and operational lifecycle of products and systems; may also be referred to as a change control board.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Configuration Control Review Board","link":"https://csrc.nist.gov/glossary/term/configuration_control_review_board","abbrSyn":[{"text":"CCRB","link":"https://csrc.nist.gov/glossary/term/ccrb"}],"definitions":null},{"term":"configuration item","link":"https://csrc.nist.gov/glossary/term/configuration_item","abbrSyn":[{"text":"CI","link":"https://csrc.nist.gov/glossary/term/ci"}],"definitions":[{"text":"An aggregation of information system components that is designated for configuration management and treated as a single entity in the configuration management process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Item "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Item "}]},{"text":"An aggregation of system components that is designated for configuration management and treated as a single entity in the configuration management process.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"An item or aggregation of hardware or software or both that is designed to be managed as a single entity. Configuration items may vary widely in complexity, size and type, ranging from an entire system including all hardware, software and documentation, to a single module, a minor hardware component or a single software package.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Configuration Item ","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"Item or aggregation of hardware, software, or both, that is designated for configuration management and treated as a single entity in the configuration management process.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"configuration management","link":"https://csrc.nist.gov/glossary/term/configuration_management","abbrSyn":[{"text":"CM","link":"https://csrc.nist.gov/glossary/term/cm_uppercase"}],"definitions":[{"text":"A management process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design and operational information throughout its life."},{"text":"A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Management "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Configuration Management ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A collection of activities focused on establishing and maintaining the integrity of information technology products and systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Management "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A collection of activities focused on establishing and maintaining the integrity of information technology products and systems through the control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"Configuration Management Database","link":"https://csrc.nist.gov/glossary/term/configuration_management_database","abbrSyn":[{"text":"CMDB","link":"https://csrc.nist.gov/glossary/term/cmdb"}],"definitions":null},{"term":"configuration management plan","link":"https://csrc.nist.gov/glossary/term/configuration_management_plan","definitions":[{"text":"A comprehensive description of the roles, responsibilities, policies, and procedures that apply when managing the configuration of products and systems.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Management Plan "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Configuration Payload","link":"https://csrc.nist.gov/glossary/term/configuration_payload","abbrSyn":[{"text":"CP","link":"https://csrc.nist.gov/glossary/term/cp"}],"definitions":null},{"term":"configuration settings","link":"https://csrc.nist.gov/glossary/term/configuration_settings","definitions":[{"text":"The set of parameters that can be changed in hardware, software, or firmware that affect the security posture and/or functionality of the information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Configuration Settings "}]},{"text":"The set of parameters that can be changed in hardware, software, and/or firmware that affect the security posture and/or functionality of the information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Configuration Settings "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"The set of parameters that can be changed in hardware, software, or firmware that affect the security posture and/or functionality of the system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The set of parameters that can be changed in hardware, software, or firmware that affect the security posture or functionality of the system.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"Configuration Settings Management","link":"https://csrc.nist.gov/glossary/term/configuration_settings_management","abbrSyn":[{"text":"Capability, Configuration Settings Management","link":"https://csrc.nist.gov/glossary/term/capability_configuration_settings_management"},{"text":"CSM","link":"https://csrc.nist.gov/glossary/term/csm"}],"definitions":[{"text":"An ISCM capability that identifies configuration settings (Common Configuration Enumerations [CCEs]) on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Configuration Settings Management "}]},{"text":"See Capability, Configuration Settings Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Confirmed","link":"https://csrc.nist.gov/glossary/term/confirmed","definitions":[{"text":"State of a transaction or block when consensus has been reached about its status of inclusion into the blockchain.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Conflict","link":"https://csrc.nist.gov/glossary/term/conflict","definitions":[{"text":"One or more participants disagree on the state of the system.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Conflict resolution","link":"https://csrc.nist.gov/glossary/term/conflict_resolution","definitions":[{"text":"A predefined method for coming to a consensus on the state of the system. For example, when portions of the system participants claim there is State_A and the rest of the participants claim there is State_B, there is a conflict. The system will automatically resolve this conflict by choosing the “valid” state as being the one from whichever group adds the next block of data. Any transactions “lost” by the state not chosen are added back into the pending transaction pool.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Confluent Hypergeometric Function","link":"https://csrc.nist.gov/glossary/term/confluent_hypergeometric_function","definitions":[{"text":"The confluent hypergeometric function is defined as\nΦ(a;b;z)=(Γ(b))/(Γ(a)Γ(b-a)) ∫_0^1〖e^zt t^(a-1) 〖(1-t)〗^(b-a-1) dt,0Consuming application (for an RBG) "}]}]},{"term":"Contagion Research Center","link":"https://csrc.nist.gov/glossary/term/contagion_research_center","note":"(fictional)","abbrSyn":[{"text":"CRC","link":"https://csrc.nist.gov/glossary/term/crc"}],"definitions":null},{"term":"Container","link":"https://csrc.nist.gov/glossary/term/container","definitions":[{"text":"A method for packaging and securely running an application within an application virtualization environment. Also known as an application container or a server application container.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]}]},{"term":"Container Network Interface","link":"https://csrc.nist.gov/glossary/term/container_network_interface","abbrSyn":[{"text":"CNI","link":"https://csrc.nist.gov/glossary/term/cni"}],"definitions":null},{"term":"Container runtime","link":"https://csrc.nist.gov/glossary/term/container_runtime","definitions":[{"text":"The environment for each container; comprised of binaries coordinating multiple operating system components that isolate resources and resource usage for running containers.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"Container Runtime Interface","link":"https://csrc.nist.gov/glossary/term/container_runtime_interface","abbrSyn":[{"text":"CRI","link":"https://csrc.nist.gov/glossary/term/cri"}],"definitions":null},{"term":"Container Storage Interface","link":"https://csrc.nist.gov/glossary/term/container_storage_interface","abbrSyn":[{"text":"CSI","link":"https://csrc.nist.gov/glossary/term/csi"}],"definitions":null},{"term":"Container-as-a-Service","link":"https://csrc.nist.gov/glossary/term/container_as_a_service","abbrSyn":[{"text":"CaaS","link":"https://csrc.nist.gov/glossary/term/caas"}],"definitions":null},{"term":"Container-specific operating system","link":"https://csrc.nist.gov/glossary/term/container_specific_operating_system","definitions":[{"text":"A minimalistic host operating system explicitly designed to only run containers.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"contamination","link":"https://csrc.nist.gov/glossary/term/contamination","abbrSyn":[{"text":"spillage","link":"https://csrc.nist.gov/glossary/term/spillage"}],"definitions":[{"text":"See spillage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Security incident that results in the transfer of classified information onto an information system not authorized to store or process that information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under spillage "}]}]},{"term":"Content Addressable Storage","link":"https://csrc.nist.gov/glossary/term/content_addressable_storage","abbrSyn":[{"text":"CAS","link":"https://csrc.nist.gov/glossary/term/cas"}],"definitions":null},{"term":"Content consumer","link":"https://csrc.nist.gov/glossary/term/content_consumer","definitions":[{"text":"A product that accepts existing SCAP source data stream content, processes it, and produces SCAP result data streams","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Content Delivery Networks","link":"https://csrc.nist.gov/glossary/term/content_delivery_networks","abbrSyn":[{"text":"CDN","link":"https://csrc.nist.gov/glossary/term/cdn"}],"definitions":null},{"term":"Content Generator","link":"https://csrc.nist.gov/glossary/term/content_generator","definitions":[{"text":"A program on a Web server that will dynamically generate HyperText Markup Language (HTML) pages for users. Content generators can range from simple Common Gateway Interface (CGI) scripts executed by the Web server to Java EE or .NET application servers in which most—if not all—HTML pages served are dynamically generated.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}]},{"term":"Content producer","link":"https://csrc.nist.gov/glossary/term/content_producer","definitions":[{"text":"A product that generates SCAP source data stream content.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"content signing certificate","link":"https://csrc.nist.gov/glossary/term/content_signing_certificate","definitions":[{"text":"A certificate issued for the purpose of digitally signing information (content) to confirm the author and guarantee that the content has not been altered or corrupted since it was signed by use of a cryptographic hash.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Content Type","link":"https://csrc.nist.gov/glossary/term/content_type","definitions":[{"text":"The form of the checklist content in terms of the degree of automation and standardization. Examples include Prose, Automated, and SCAP Content.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"contested cyber environment","link":"https://csrc.nist.gov/glossary/term/contested_cyber_environment","definitions":[{"text":"An environment in which APT actors, competing entities, and entities with similar resource needs contend for control or use of cyber resources.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"Context","link":"https://csrc.nist.gov/glossary/term/context","definitions":[{"text":"The circumstances surrounding the system's processing of PII.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]},{"text":"The environment in which the enterprise operates and is influenced by the risks involved.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Context of Use","link":"https://csrc.nist.gov/glossary/term/context_of_use","definitions":[{"text":"The purpose for which PII is collected, stored, used, processed, disclosed, or disseminated.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]},{"text":"Users, tasks, equipment (hardware, software and materials), and the physical and social environments in which a product is used.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under Context of use ","refSources":[{"text":"ISO 9241-11:1998"}]}]}]},{"term":"contingency key","link":"https://csrc.nist.gov/glossary/term/contingency_key","definitions":[{"text":"Key held for use under specific operational conditions or in support of specific contingency plans.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}],"seeAlso":[{"text":"reserve keying material","link":"reserve_keying_material"}]},{"term":"contingency plan","link":"https://csrc.nist.gov/glossary/term/contingency_plan","abbrSyn":[{"text":"disaster recovery plan (DRP)","link":"https://csrc.nist.gov/glossary/term/disaster_recovery_plan"}],"definitions":[{"text":"2. A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under disaster recovery plan (DRP) ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the continuity of operations plan (COOP) or disaster recovery plan (DRP) for major disruptions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under disaster recovery plan (DRP) "}]},{"text":"A plan that is maintained for disaster response, backup operations, and post-disaster recovery to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Contingency plan "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Contingency plan "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Contingency plan "}]}],"seeAlso":[{"text":"disaster recovery plan (DRP)","link":"disaster_recovery_plan"}]},{"term":"Contingency Planning","link":"https://csrc.nist.gov/glossary/term/contingency_planning","abbrSyn":[{"text":"CP","link":"https://csrc.nist.gov/glossary/term/cp"},{"text":"Information System Contingency Plan"}],"definitions":[{"text":"See Information System Contingency Plan.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"The development of a contingency plan.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Contingency planning "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Contingency planning "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Contingency planning "}]}]},{"term":"continuity","link":"https://csrc.nist.gov/glossary/term/continuity","definitions":[{"text":"The probability that the specified PNT system performance will be maintained for the duration of a phase of operation, presuming that the PNT system was available at the beginning of that phase of operation.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"continuity of government (COG)","link":"https://csrc.nist.gov/glossary/term/continuity_of_government","abbrSyn":[{"text":"COG","link":"https://csrc.nist.gov/glossary/term/cog"}],"definitions":[{"text":"A coordinated effort within the Federal Government's executive branch to ensure that national essential functions continue to be performed during a catastrophic emergency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Continuity of Operations","link":"https://csrc.nist.gov/glossary/term/continuity_of_operations","abbrSyn":[{"text":"COOP","link":"https://csrc.nist.gov/glossary/term/coop"}],"definitions":null},{"term":"continuity of operations plan (COOP)","link":"https://csrc.nist.gov/glossary/term/continuity_of_operations_plan","abbrSyn":[{"text":"COOP","link":"https://csrc.nist.gov/glossary/term/coop"},{"text":"disaster recovery plan (DRP)","link":"https://csrc.nist.gov/glossary/term/disaster_recovery_plan"}],"definitions":[{"text":"A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"2. A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under disaster recovery plan (DRP) ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under disaster recovery plan (DRP) "}]},{"text":"A predetermined set of instructions or procedures that describe how an organization’s mission essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Continuity of Operations (COOP) Plan "}]}],"seeAlso":[{"text":"disaster recovery plan (DRP)","link":"disaster_recovery_plan"}]},{"term":"Continuous Asset Evaluation, Situational Awareness, and Risk Scoring","link":"https://csrc.nist.gov/glossary/term/continuous_asset_evaluation_situational_awareness_and_risk_scoring","abbrSyn":[{"text":"CAESARS","link":"https://csrc.nist.gov/glossary/term/caesars"}],"definitions":null},{"term":"continuous authority to operate","link":"https://csrc.nist.gov/glossary/term/continuous_authority_to_operate","abbrSyn":[{"text":"C-ATO","link":"https://csrc.nist.gov/glossary/term/c_ato"}],"definitions":null},{"term":"Continuous Data Protection","link":"https://csrc.nist.gov/glossary/term/continuous_data_protection","abbrSyn":[{"text":"CDP","link":"https://csrc.nist.gov/glossary/term/cdp"}],"definitions":null},{"term":"continuous delivery/continuous deployment","link":"https://csrc.nist.gov/glossary/term/continuous_delivery_continuous_deployment","abbrSyn":[{"text":"CI/CD","link":"https://csrc.nist.gov/glossary/term/ci_cd"}],"definitions":null},{"term":"Continuous Diagnostics and Mitigation (CDM)","link":"https://csrc.nist.gov/glossary/term/continuous_diagnostics_and_mitigation","abbrSyn":[{"text":"CDM","link":"https://csrc.nist.gov/glossary/term/cdm"}],"definitions":[{"text":"See Continuous Diagnostics and Mitigation.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under CDM "}]},{"text":"A Congressionally established program to provide adequate, risk-based, and cost-effective cybersecurity assessments and more efficiently allocate cybersecurity resources targeted at federal civilian organizations.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"continuous integration and continuous deployment","link":"https://csrc.nist.gov/glossary/term/continuous_integration_and_continuous_deployment","abbrSyn":[{"text":"CI/CD","link":"https://csrc.nist.gov/glossary/term/ci_cd"}],"definitions":null},{"term":"continuous monitoring","link":"https://csrc.nist.gov/glossary/term/continuous_monitoring","abbrSyn":[{"text":"automated security monitoring","link":"https://csrc.nist.gov/glossary/term/automated_security_monitoring"}],"definitions":[{"text":"Maintaining ongoing awareness to support organizational risk decisions. \nSee information security continuous monitoring, risk monitoring, and status monitoring","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Continuous Monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Continuous Monitoring ","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"text":"Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under automated security monitoring "}]},{"text":"Maintaining ongoing awareness to support organizational risk decisions. \nSee Information Security Continuous Monitoring, Risk Monitoring, and Status Monitoring.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Continuous Monitoring "}]},{"text":"Maintaining ongoing awareness to support organizational risk decisions.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Continuous Monitoring "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Continuous Monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Continuous Monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Continuous Monitoring ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]}],"seeAlso":[{"text":"automated monitoring","link":"automated_monitoring"},{"text":"information security continuous monitoring"},{"text":"Information Security Continuous Monitoring"},{"text":"risk monitoring","link":"risk_monitoring"},{"text":"Risk Monitoring"},{"text":"status monitoring","link":"status_monitoring"},{"text":"Status Monitoring"}]},{"term":"Continuous Monitoring as a Service","link":"https://csrc.nist.gov/glossary/term/continuous_monitoring_as_a_service","abbrSyn":[{"text":"CMaaS","link":"https://csrc.nist.gov/glossary/term/cmaas"}],"definitions":[{"text":"See Continuous Monitoring as a Service","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under CMaaS "}]}]},{"term":"continuous monitoring program","link":"https://csrc.nist.gov/glossary/term/continuous_monitoring_program","definitions":[{"text":"A program established to collect information in accordance with preestablished metrics, utilizing information readily available in part through implemented security controls. Note: Privacy and security continuous monitoring strategies and programs can be the same or different strategies and programs.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Continuous Threat Detection","link":"https://csrc.nist.gov/glossary/term/continuous_threat_detection","abbrSyn":[{"text":"CTD","link":"https://csrc.nist.gov/glossary/term/ctd"}],"definitions":null},{"term":"Contract","link":"https://csrc.nist.gov/glossary/term/contract","definitions":[{"text":"A mutually binding legal relationship obligating the seller to furnish the supplies or services (including construction) and the buyer to pay for them. It includes all types of commitments that obligate the Government to an expenditure of appropriated funds and that, except as otherwise authorized, are in writing. In addition to bilateral instruments, contracts include (but are not limited to) awards and notices of awards; job orders or task letters issued under basic ordering agreements; letter contracts; orders, such as purchase orders, under which the contract becomes effective by written acceptance or performance; and bilateral contract modifications. Contracts do not include grants and cooperative agreements covered by 31 U.S.C. 6301, et seq.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]}]},{"term":"Contract administration office","link":"https://csrc.nist.gov/glossary/term/contract_administration_office","definitions":[{"text":"An office that performs— (1) Assigned post-award functions related to the administration of contracts; and (2) Assigned pre-award functions.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]},{"text":" An office that performs— (1) Assigned post-award functions related to the administration of contracts; and (2) Assigned pre-award functions.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]}]},{"term":"Contracting Officer Representative","link":"https://csrc.nist.gov/glossary/term/contracting_officer_representative","abbrSyn":[{"text":"COR","link":"https://csrc.nist.gov/glossary/term/cor"}],"definitions":null},{"term":"Control Algorithm","link":"https://csrc.nist.gov/glossary/term/control_algorithm","definitions":[{"text":"A mathematical representation of the control action to be performed.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"Control and Provisioning of Wireless Access Points","link":"https://csrc.nist.gov/glossary/term/control_and_provisioning_of_wireless_access_points","abbrSyn":[{"text":"CAPWAP","link":"https://csrc.nist.gov/glossary/term/capwap"}],"definitions":null},{"term":"Control and Status","link":"https://csrc.nist.gov/glossary/term/control_and_status","abbrSyn":[{"text":"C&S","link":"https://csrc.nist.gov/glossary/term/c_and_s"}],"definitions":null},{"term":"control assessment","link":"https://csrc.nist.gov/glossary/term/control_assessment","abbrSyn":[{"text":"assessment","link":"https://csrc.nist.gov/glossary/term/assessment"}],"definitions":[{"text":"An evidence-based evaluation and judgement on the nature, characteristics, quality, effectiveness, intent, impact, or capabilities of an item, organization, group, policy, activity, or person."},{"text":"See Security Control Assessment.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under assessment "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under assessment "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under assessment "}]},{"text":"See control assessment or risk assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under assessment "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under assessment "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under assessment "}]},{"text":"The testing or evaluation of the controls in an information system or an organization to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security or privacy requirements for the system or the organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"See security control assessment or risk assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under assessment "}]},{"text":"The vehicle or template or worksheet that is used for each evaluation.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under assessment "}]}]},{"term":"control assessment report","link":"https://csrc.nist.gov/glossary/term/control_assessment_report","definitions":[{"text":"Documentation of the results of security and privacy control assessments, including information based on assessor findings and recommendations for correcting deficiencies in the implemented controls.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"See control assessment report.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under assessment report "}]}]},{"term":"control assessor","link":"https://csrc.nist.gov/glossary/term/control_assessor","definitions":[{"text":"The individual, group, or organization responsible for conducting a control assessment. See assessor.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"See assessor.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}],"seeAlso":[{"text":"assessor","link":"assessor"},{"text":"risk assessor","link":"risk_assessor"}]},{"term":"control baseline","link":"https://csrc.nist.gov/glossary/term/control_baseline","abbrSyn":[{"text":"baseline","link":"https://csrc.nist.gov/glossary/term/baseline"}],"definitions":[{"text":"Hardware, software, databases, and relevant documentation for an information system at a given point in time.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under baseline ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item’s life cycle.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under baseline ","refSources":[{"text":"IEEE Std. 828-2012","link":"https://standards.ieee.org/standard/828-2012.html"}]}]},{"text":"Hardware, software, and relevant documentation for an information system at a given point in time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under baseline "}]},{"text":"See control baseline.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under baseline "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under baseline "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under baseline "}]},{"text":"The set of controls that are applicable to information or an information system to meet legal, regulatory, or policy requirements, as well as address protection needs for the purpose of managing risk.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"Predefined sets of controls specifically assembled to address the protection needs of groups, organizations, or communities of interest. See privacy control baseline or security control baseline.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"text":"The set of security and privacy controls defined for a low-impact, moderate-impact, or high-impact system or selected based on the privacy selection criteria that provide a starting point for the tailoring process.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle. \nNote: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under baseline ","refSources":[{"text":"IEEE 828","link":"https://standards.ieee.org/findstds/standard/828-2012.html"}]}]},{"text":"Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item's life cycle.\nNote: The engineering process generates many artifacts that are maintained as a baseline over the course of the engineering effort and after its completion. The configuration control processes of the engineering effort manage baselined artifacts. Examples include stakeholder requirements baseline, system requirements baseline, architecture/design baseline, and configuration baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under baseline ","refSources":[{"text":"IEEE 828","link":"https://standards.ieee.org/findstds/standard/828-2012.html"}]}]}],"seeAlso":[{"text":"security control baseline","link":"security_control_baseline"}]},{"term":"Control Cell","link":"https://csrc.nist.gov/glossary/term/control_cell","definitions":[{"text":"A central location for exercise coordination, typically in a separate area from the exercise participants.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"control correlation identifier (CCI)","link":"https://csrc.nist.gov/glossary/term/control_correlation_identifier","abbrSyn":[{"text":"CCI","link":"https://csrc.nist.gov/glossary/term/cci"}],"definitions":[{"text":"Decomposition of a National Institute of Standards and Technology (NIST) control into a single, actionable, measurable statement.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"control designation","link":"https://csrc.nist.gov/glossary/term/control_designation","definitions":[{"text":"The process of assigning a control to one of three control types: common, hybrid, or system-specific.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"control effectiveness","link":"https://csrc.nist.gov/glossary/term/control_effectiveness","definitions":[{"text":"A measure of whether a given control is contributing to the reduction of information security or privacy risk.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A measure of whether a security or privacy control contributes to the reduction of information security or privacy risk.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"control enhancement","link":"https://csrc.nist.gov/glossary/term/control_enhancement","definitions":[{"text":"Augmentation of a control to build in additional, but related, functionality to the control; increase the strength of the control; or add assurance to the control.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"Augmentation of a security or privacy control to build in additional but related functionality to the control, increase the strength of the control, or add assurance to the control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"Control Group","link":"https://csrc.nist.gov/glossary/term/control_group","abbrSyn":[{"text":"cgroup","link":"https://csrc.nist.gov/glossary/term/cgroup"}],"definitions":null},{"term":"control inheritance","link":"https://csrc.nist.gov/glossary/term/control_inheritance","definitions":[{"text":"A situation in which a system or application receives protection from controls (or portions of controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A situation in which a system or application receives protection from security or privacy controls (or portions of controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}],"seeAlso":[{"text":"common control","link":"common_control"}]},{"term":"Control Item","link":"https://csrc.nist.gov/glossary/term/control_item","abbrSyn":[{"text":"Security Control Item","link":"https://csrc.nist.gov/glossary/term/security_control_item"}],"definitions":[{"text":"See Security Control Item.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"All or part of a SP 800-53 security control requirement, expressed as a statement for implementation and assessment. Both controls and control enhancements are treated as control items. Controls and control enhancements are further subdivided if multiple security requirements within the control or control enhancement in SP 800-53 are in listed format: a, b, c, etc.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Security Control Item "}]}]},{"term":"Control Objectives for Information and Related Technologies","link":"https://csrc.nist.gov/glossary/term/control_objectives_for_information_and_related_technologies","abbrSyn":[{"text":"COBIT","link":"https://csrc.nist.gov/glossary/term/cobit"}],"definitions":null},{"term":"Control of Interaction Frequency","link":"https://csrc.nist.gov/glossary/term/control_of_interaction_frequency","abbrSyn":[{"text":"CIF","link":"https://csrc.nist.gov/glossary/term/cif"}],"definitions":null},{"term":"control parameter","link":"https://csrc.nist.gov/glossary/term/control_parameter","abbrSyn":[{"text":"organization-defined control parameter","link":"https://csrc.nist.gov/glossary/term/organization_defined_control_parameter"}],"definitions":[{"text":"See organization-defined parameter.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"See organization-defined control parameter.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"The variable part of a control or control enhancement that can be instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a pre-defined list provided as part of the control or control enhancement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under organization-defined control parameter "}]},{"text":"The variable part of a control or control enhancement that is instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement. See assignment operation and selection operation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under organization-defined control parameter "},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under organization-defined control parameter "}]}]},{"term":"controlled","link":"https://csrc.nist.gov/glossary/term/controlled","definitions":[{"text":"The online repository of information and policy regarding how authorized holders of CUI should handle such information. \nNote: The Controlled Unclassified Information (CUI) Registry: (i) identifies all categories and subcategories of information that require safeguarding or dissemination controls consistent with law, regulation and Government-wide policies; (ii) provides descriptions for each category and subcategory; (iii) identifies the basis for safeguarding and dissemination controls;(iv) contains associated markings and applicable safeguarding, disseminating, and (v) specifies CUI that may be originated only by certain executive branch agencies and organizations. The CUI Executive Agent is the approval authority for all categories/subcategories of information identified as CUI in the CUI Registry and only those categories/subcategories listed are considered CUI.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556","note":" - Adapted"}]}]}]},{"term":"controlled access area","link":"https://csrc.nist.gov/glossary/term/controlled_access_area","definitions":[{"text":"The complete building or facility area under direct physical control within which unauthorized persons are denied unrestricted access and are either escorted by authorized personnel or are under continuous physical or electronic surveillance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSI No. 7003","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Controlled Access Program Coordination Office","link":"https://csrc.nist.gov/glossary/term/controlled_access_program_coordination_office","abbrSyn":[{"text":"CAPCO","link":"https://csrc.nist.gov/glossary/term/capco"}],"definitions":null},{"term":"controlled access protection","link":"https://csrc.nist.gov/glossary/term/controlled_access_protection","definitions":[{"text":"Minimum set of security functionality that enforces access control on individual users and makes them accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"controlled area","link":"https://csrc.nist.gov/glossary/term/controlled_area","definitions":[{"text":"Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information or system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Any area or space for which an organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Controlled Area "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"controlled cryptographic item (CCI)","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item","abbrSyn":[{"text":"CCI","link":"https://csrc.nist.gov/glossary/term/cci"}],"definitions":[{"text":"Secure telecommunications or information system, or associated cryptographic component, that is unclassified and handled through the COMSEC material control system (CMCS), an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked “Controlled Cryptographic Item”, or, where space is limited, “CCI”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"controlled cryptographic item (CCI) assembly","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item_assembly","abbrSyn":[{"text":"controlled cryptographic item (CCI) component","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item_component"}],"definitions":[{"text":"A device approved by the National Security Agency (NSA) as a controlled cryptographic item, that embodies a cryptographic logic or other cryptographic design, and performs the entire COMSEC function, but is dependent upon the host equipment to operate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"A device approved by the National Security Agency as a controlled cryptographic item that embodies a cryptographic logic or other cryptographic design. A CCI component does not perform the entire COMSEC function, and is dependent upon a host equipment or assembly to complete and operate the COMSEC function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under controlled cryptographic item (CCI) component ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}],"seeAlso":[{"text":"controlled cryptographic item (CCI) component","link":"controlled_cryptographic_item_component"}]},{"term":"controlled cryptographic item (CCI) component","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item_component","abbrSyn":[{"text":"controlled cryptographic item (CCI) assembly","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item_assembly"}],"definitions":[{"text":"A device approved by the National Security Agency (NSA) as a controlled cryptographic item, that embodies a cryptographic logic or other cryptographic design, and performs the entire COMSEC function, but is dependent upon the host equipment to operate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under controlled cryptographic item (CCI) assembly ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"A device approved by the National Security Agency as a controlled cryptographic item that embodies a cryptographic logic or other cryptographic design. A CCI component does not perform the entire COMSEC function, and is dependent upon a host equipment or assembly to complete and operate the COMSEC function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}],"seeAlso":[{"text":"controlled cryptographic item (CCI) assembly","link":"controlled_cryptographic_item_assembly"}]},{"term":"controlled cryptographic item (CCI) equipment","link":"https://csrc.nist.gov/glossary/term/controlled_cryptographic_item_equipment","definitions":[{"text":"A telecommunications or information handling equipment that embodies a CCI component or CCI assembly and performs the entire COMSEC function without dependence on host equipment to operate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"controlled interface","link":"https://csrc.nist.gov/glossary/term/controlled_interface","definitions":[{"text":"A boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Controlled Interface ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Controlled Interface "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Controlled Interface ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An interface to a system with a set of mechanisms that enforces the security policies and controls the flow of information between connected systems.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"controlled reception patterned antenna","link":"https://csrc.nist.gov/glossary/term/controlled_reception_patterned_antenna","abbrSyn":[{"text":"CRPA","link":"https://csrc.nist.gov/glossary/term/crpa"}],"definitions":null},{"term":"controlled space","link":"https://csrc.nist.gov/glossary/term/controlled_space","definitions":[{"text":"Three-dimensional space surrounding information system equipment, within which unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are under continuous physical or electronic surveillance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"controlled unclassified information (CUI)","link":"https://csrc.nist.gov/glossary/term/controlled_unclassified_information","abbrSyn":[{"text":"CUI","link":"https://csrc.nist.gov/glossary/term/cui"}],"definitions":[{"text":"Information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]}]},{"text":"A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Controlled Unclassified Information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]}]},{"text":"Information that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under controlled unclassified information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]}]},{"text":"Information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Controlled Unclassified Information ","refSources":[{"text":"NIST SP 800-171","link":"https://doi.org/10.6028/NIST.SP.800-171"}]}]},{"text":"Information that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. However, CUI does not include classified information or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under controlled unclassified information ","refSources":[{"text":"Title 32 CFR, Part 2002","link":"https://www.govinfo.gov/content/pkg/CFR-2018-title32-vol6/pdf/CFR-2018-title32-vol6-part2002.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under controlled unclassified information ","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]},{"text":"Information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. However, CUI does not include classified information (see paragraph (e) of this section) or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency. Law, regulation, or Government-wide policy may require or permit safeguarding or dissemination controls in three ways: Requiring or permitting agencies to control or protect the information but providing no specific controls, which makes the information CUI Basic; requiring or permitting agencies to control or protect the information and providing specific controls for doing so, which makes the information CUI Specified; or requiring or permitting agencies to control the information and specifying only some of those controls, which makes the information CUI Specified, but with CUI Basic controls where the authority does not specify.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces Sensitive But Unclassified (SBU).","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Controlled Unclassified Information "}]}],"seeAlso":[{"text":"classified information","link":"classified_information"},{"text":"sensitive information","link":"sensitive_information"},{"text":"unclassified","link":"unclassified"}]},{"term":"Controlled Variable","link":"https://csrc.nist.gov/glossary/term/controlled_variable","definitions":[{"text":"The variable that the control system attempts to keep at the set point value. The set point may be constant or variable.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"Controller","link":"https://csrc.nist.gov/glossary/term/controller","definitions":[{"text":"A device or program that operates automatically to regulate a controlled variable.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"ANSI/ISA-51.1-1979","link":"https://www.isa.org/store/isa-511-1979-r1993-process-instrumentation-terminology/116810"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"ANSI/ISA-51.1-1979","link":"https://www.isa.org/store/isa-511-1979-r1993-process-instrumentation-terminology/116810"}]}]},{"text":"A functional exercise staff member who monitors, manages, and controls exercise activity to meet established objectives.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Controller Area Network","link":"https://csrc.nist.gov/glossary/term/controller_area_network","abbrSyn":[{"text":"CAN","link":"https://csrc.nist.gov/glossary/term/can"}],"definitions":null},{"term":"controlling authority (CONAUTH)","link":"https://csrc.nist.gov/glossary/term/controlling_authority","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"},{"text":"CONAUTH","link":"https://csrc.nist.gov/glossary/term/conauth"}],"definitions":[{"text":"The official responsible for directing the operation of a cryptonet using traditional key and for managing the operational use and control of keying material assigned to the cryptonet.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)","note":" - Adapted"}]}]}]},{"term":"controlling domain","link":"https://csrc.nist.gov/glossary/term/controlling_domain","definitions":[{"text":"The domain that assumes the greater risk and thus enforces the most restrictive policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Control-P (Function)","link":"https://csrc.nist.gov/glossary/term/control_pf","definitions":[{"text":"Develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to manage privacy risks.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Conventional BIOS","link":"https://csrc.nist.gov/glossary/term/conventional_bios","definitions":[{"text":"Legacy boot firmware used in many x86-compatible computer systems. Also known as the legacy BIOS.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"Conversation","link":"https://csrc.nist.gov/glossary/term/conversation","definitions":[{"text":"Where Web services maintain some state during an interaction that involves multiple messages or participants.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"COO","link":"https://csrc.nist.gov/glossary/term/coo","abbrSyn":[{"text":"Chief Operating Officer","link":"https://csrc.nist.gov/glossary/term/chief_operating_officer"}],"definitions":null},{"term":"cookie","link":"https://csrc.nist.gov/glossary/term/cookie","definitions":[{"text":"A piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-28","link":"https://doi.org/10.6028/NIST.SP.800-28"}]},{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Cookie "}]},{"text":"A small file that stores information for a Web site.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Cookie "}]},{"text":"A small file that stores information for a Web site on a user’s computer.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Cookie "}]},{"text":"A character string, placed in a web browser’s memory, which is available to websites within the same Internet domain as the server that placed them in the web browser. \nCookies are used for many purposes and may be assertions or may contain pointers to assertions. See Section 9.1.1 for more information.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cookie "}]}]},{"term":"COOP","link":"https://csrc.nist.gov/glossary/term/coop","abbrSyn":[{"text":"Continuity of Operations","link":"https://csrc.nist.gov/glossary/term/continuity_of_operations"},{"text":"Continuity of Operations Plan"}],"definitions":null},{"term":"cooperative key generation (CKG)","link":"https://csrc.nist.gov/glossary/term/cooperative_key_generation","abbrSyn":[{"text":"CKG","link":"https://csrc.nist.gov/glossary/term/ckg"}],"definitions":[{"text":"Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. See per-call key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"per-call key","link":"per_call_key"}]},{"term":"cooperative remote rekeying","link":"https://csrc.nist.gov/glossary/term/cooperative_remote_rekeying","abbrSyn":[{"text":"manual remote rekeying","link":"https://csrc.nist.gov/glossary/term/manual_remote_rekeying"}],"definitions":[{"text":"Synonymous with manual remote rekeying.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Procedure by which a distant crypto-equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. See automatic remote rekeying.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under manual remote rekeying "}]}]},{"term":"Cooperative Research and Development Agreement","link":"https://csrc.nist.gov/glossary/term/cooperative_research_and_development_agreement","abbrSyn":[{"text":"CRADA","link":"https://csrc.nist.gov/glossary/term/crada"}],"definitions":null},{"term":"Coordinated Universal Time","link":"https://csrc.nist.gov/glossary/term/coordinated_universal_time","abbrSyn":[{"text":"UTC","link":"https://csrc.nist.gov/glossary/term/utc"}],"definitions":null},{"term":"Coordination","link":"https://csrc.nist.gov/glossary/term/coordination","definitions":[{"text":"Refers to the building, from a set of Web services, of something at a higher level, typically itself exposed as a larger Web service. Also referred to as “Composability.” Choreography and orchestration are two approaches to coordination.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Program Integration across Application and Organization Boundaries (24 July 2004)","link":"https://www.w3.org/DesignIssues/WebServices.html"}]}]}]},{"term":"Coordination Center","link":"https://csrc.nist.gov/glossary/term/coordination_center","abbrSyn":[{"text":"CERT®/CC"}],"definitions":null},{"term":"COP","link":"https://csrc.nist.gov/glossary/term/c_o_p","abbrSyn":[{"text":"Call Oriented Programming","link":"https://csrc.nist.gov/glossary/term/call_oriented_programming"}],"definitions":null},{"term":"CoP","link":"https://csrc.nist.gov/glossary/term/cop","abbrSyn":[{"text":"Community of Practice","link":"https://csrc.nist.gov/glossary/term/community_of_practice"}],"definitions":null},{"term":"COPE","link":"https://csrc.nist.gov/glossary/term/cope","abbrSyn":[{"text":"Corporately Owned, Personally Enabled"},{"text":"Corporate-owned Personally-Enabled"},{"text":"Corporate-Owned Personally-Enabled"}],"definitions":null},{"term":"COPPA","link":"https://csrc.nist.gov/glossary/term/coppa","abbrSyn":[{"text":"Children‘s Online Privacy Protection Act","link":"https://csrc.nist.gov/glossary/term/childrens_online_privacy_protection_act"}],"definitions":null},{"term":"Copy (data)","link":"https://csrc.nist.gov/glossary/term/copy","definitions":[{"text":"To replicate data in another location while maintaining it in its original location.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"COR","link":"https://csrc.nist.gov/glossary/term/cor","abbrSyn":[{"text":"central office of record","link":"https://csrc.nist.gov/glossary/term/central_office_of_record"},{"text":"Central Office of Record (COMSEC)"},{"text":"Contracting Officer Representative","link":"https://csrc.nist.gov/glossary/term/contracting_officer_representative"}],"definitions":[{"text":"The entity that keeps records of accountable COMSEC material held by COMSEC accounts subject to its oversight.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under central office of record ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"CORBA","link":"https://csrc.nist.gov/glossary/term/corba","abbrSyn":[{"text":"Common Object Request Broker Architecture","link":"https://csrc.nist.gov/glossary/term/common_object_request_broker_architecture"}],"definitions":null},{"term":"Core","link":"https://csrc.nist.gov/glossary/term/core","definitions":[{"text":"A set of privacy protection activities and outcomes. The Framework Core comprises three elements: Functions, Categories, and Subcategories.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Core Baseline","link":"https://csrc.nist.gov/glossary/term/core_baseline","definitions":[{"text":"A set of device cybersecurity capabilities and non-technical supporting capabilities needed to support common cybersecurity controls that protect the customer’s devices and device data, systems, and ecosystems.","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425","underTerm":" under core baseline "}]},{"text":"A set of technical device capabilities needed to support common cybersecurity controls that protect the customer’s devices and device data, systems, and ecosystems.","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"},{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"},{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Core Root of Trust for Measurement (CRTM)","link":"https://csrc.nist.gov/glossary/term/core_root_of_trust_for_measurement","abbrSyn":[{"text":"CRTM","link":"https://csrc.nist.gov/glossary/term/crtm"}],"definitions":[{"text":"The first piece of BIOS code that executes on the main processor during the boot process. On a system with a Trusted Platform Module the CRTM is implicitly trusted to bootstrap the process of building a measurement chain for subsequent attestation of other firmware and software that is executed on the computer system.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"}]}]},{"term":"Core Root of Trust for Verification","link":"https://csrc.nist.gov/glossary/term/core_root_of_trust_for_verification","abbrSyn":[{"text":"CRTV","link":"https://csrc.nist.gov/glossary/term/crtv"}],"definitions":null},{"term":"Core Software","link":"https://csrc.nist.gov/glossary/term/core_software","definitions":[{"text":"An organizationally defined set of software that, at a minimum, includes firmware and root operating system elements used to boot the system. Core software merits specialized monitoring as it may be difficult for commonly used whitelisting software to check.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"term":"Core Specification Addendum","link":"https://csrc.nist.gov/glossary/term/core_specification_addendum","abbrSyn":[{"text":"CSA","link":"https://csrc.nist.gov/glossary/term/csa"}],"definitions":null},{"term":"Core Specification Addendum 5","link":"https://csrc.nist.gov/glossary/term/core_specification_addendum_5","abbrSyn":[{"text":"CSA5","link":"https://csrc.nist.gov/glossary/term/csa5"}],"definitions":null},{"term":"Corporate-Owned Personally-Enabled (COPE)","link":"https://csrc.nist.gov/glossary/term/corporate_owned_personally_enabled","abbrSyn":[{"text":"COPE","link":"https://csrc.nist.gov/glossary/term/cope"}],"definitions":[{"text":"A device owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21"},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]}]},{"term":"correct re-identifications","link":"https://csrc.nist.gov/glossary/term/correct_re_identifications","definitions":[{"text":"Putative re-identifications that correctly infer an individual's identity and associated data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"correctness proof","link":"https://csrc.nist.gov/glossary/term/correctness_proof","definitions":[{"text":"Formal technique used to prove mathematically that a computer program satisfies its specified requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Correlation","link":"https://csrc.nist.gov/glossary/term/correlation","abbrSyn":[{"text":"Event Correlation","link":"https://csrc.nist.gov/glossary/term/event_correlation"}],"definitions":[{"text":"See “Event Correlation”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"Finding relationships between two or more log entries.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Event Correlation "}]}]},{"term":"Correlation Power Analysis","link":"https://csrc.nist.gov/glossary/term/correlation_power_analysis","abbrSyn":[{"text":"CPA","link":"https://csrc.nist.gov/glossary/term/cpa"}],"definitions":null},{"term":"CORS","link":"https://csrc.nist.gov/glossary/term/cors","abbrSyn":[{"text":"Cross-Origin Resource Sharing","link":"https://csrc.nist.gov/glossary/term/cross_origin_resource_sharing"}],"definitions":null},{"term":"COSO","link":"https://csrc.nist.gov/glossary/term/coso","abbrSyn":[{"text":"Committee of Sponsoring Organizations","link":"https://csrc.nist.gov/glossary/term/committee_of_sponsoring_organizations"},{"text":"Committee of Sponsoring Organizations of the Treadway Commission","link":"https://csrc.nist.gov/glossary/term/committee_of_sponsoring_organizations_treadway_commission"}],"definitions":null},{"term":"Cost/Benefit Analysis","link":"https://csrc.nist.gov/glossary/term/cost_benefit_analysis","abbrSyn":[{"text":"CBA","link":"https://csrc.nist.gov/glossary/term/cba"}],"definitions":null},{"term":"CoT","link":"https://csrc.nist.gov/glossary/term/cot","abbrSyn":[{"text":"Chain of Trust"}],"definitions":[{"text":"A method for maintaining valid trust boundaries by applying a principle of transitive trust, where each software module in a system boot process is required to measure the next module before transitioning control.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320","underTerm":" under Chain of Trust "}]},{"text":"See “authentication chain.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2","underTerm":" under Chain of Trust "}]}]},{"term":"COTR","link":"https://csrc.nist.gov/glossary/term/cotr","abbrSyn":[{"text":"Contracting Officer’s Technical Representative"},{"text":"Contracting Officer's Technical Representative","link":"https://csrc.nist.gov/glossary/term/contracting_officers_technical_representative"}],"definitions":null},{"term":"COTS","link":"https://csrc.nist.gov/glossary/term/cots","abbrSyn":[{"text":"Commercial Off The Shelf"},{"text":"Commercial off the Shelf Product"},{"text":"Commercial off-the-shelf"},{"text":"Commercial off-the-Shelf"},{"text":"Commercial Off-the-Shelf"},{"text":"Commercial Off-The-Shelf"},{"text":"Commercial-Off-The-Shelf"}],"definitions":[{"text":"A product that is commercially available.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under COTS product "}]},{"text":"Software and hardware that already exists and is available from commercial sources. It is also referred to as off-the-shelf.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Commercial off-the-shelf ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]}]},{"text":"Hardware and software IT products that are ready-made and available for purchase by the general public.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Commercial-Off-The-Shelf "}]}]},{"term":"Counter","link":"https://csrc.nist.gov/glossary/term/counter","abbrSyn":[{"text":"CTR","link":"https://csrc.nist.gov/glossary/term/ctr"}],"definitions":null},{"term":"Counter Mode","link":"https://csrc.nist.gov/glossary/term/counter_mode","abbrSyn":[{"text":"CTR","link":"https://csrc.nist.gov/glossary/term/ctr"}],"definitions":null},{"term":"Counter mode for a block cipher algorithm","link":"https://csrc.nist.gov/glossary/term/counter_mode_for_a_block_cipher_algorithm","abbrSyn":[{"text":"CTR","link":"https://csrc.nist.gov/glossary/term/ctr"}],"definitions":null},{"term":"Counter Mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC) Protocol","link":"https://csrc.nist.gov/glossary/term/counter_mode_with_cbc_mac_protocol","abbrSyn":[{"text":"CCMP","link":"https://csrc.nist.gov/glossary/term/ccmp"}],"definitions":null},{"term":"counterfeit","link":"https://csrc.nist.gov/glossary/term/counterfeit","definitions":[{"text":"An unauthorized copy or substitute that has been identified, marked, and/or altered by a source other than the item's legally authorized source and has been misrepresented to be an authorized item of the legally authorized source.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Counterfeit (Goods) ","refSources":[{"text":"18 U.S.C.","link":"https://www.govinfo.gov/app/details/USCODE-2009-title18"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]}]}]},{"term":"counterintelligence","link":"https://csrc.nist.gov/glossary/term/counterintelligence","definitions":[{"text":"Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 12333 (As amended by E.O.s 13284 (2003), 13355 (2004) and 13470 (2008))","link":"https://fas.org/irp/offdocs/eo/eo-12333-2008.pdf"}]}]},{"text":"Information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Counterintelligence "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Counterintelligence "}]},{"text":"The term 'counterintelligence' means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Counterintelligence ","refSources":[{"text":"50 U.S.C., Sec 401a","link":"https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title50-section401a&num=0&edition=prelim"}]}]}]},{"term":"countermeasures","link":"https://csrc.nist.gov/glossary/term/countermeasures","abbrSyn":[{"text":"safeguards","link":"https://csrc.nist.gov/glossary/term/safeguards"},{"text":"SAFEGUARDS"},{"text":"security controls","link":"https://csrc.nist.gov/glossary/term/security_controls"}],"definitions":[{"text":"Any action, device, procedure, technique, or other measure that reduces the vulnerability of or threat to a system."},{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under COUNTERMEASURES ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SAFEGUARDS ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Countermeasures ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Countermeasures ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Countermeasures ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Countermeasures ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Protective measures prescribed to meet the security objectives (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management controls, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under safeguards ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security controls ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under security controls ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under security controls ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under safeguards ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under security controls ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under security controls ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of a system. Synonymous with security controls and safeguards.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}]},{"term":"Country-code Top-level Domain","link":"https://csrc.nist.gov/glossary/term/country_code_top_level_domain","abbrSyn":[{"text":"ccTLD","link":"https://csrc.nist.gov/glossary/term/cctld"}],"definitions":null},{"term":"courier","link":"https://csrc.nist.gov/glossary/term/courier","definitions":[{"text":"A duly authorized and trustworthy individual who has been officially designated to transport/carry material, and if the material is classified, is cleared to the level of material being transported.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"Course of Action","link":"https://csrc.nist.gov/glossary/term/course_of_action","abbrSyn":[{"text":"COA","link":"https://csrc.nist.gov/glossary/term/coa"}],"definitions":[{"text":"A time-phased or situation-dependent combination of risk response measures.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Course of Action (Risk Response) "}]},{"text":"A time-phased or situation-dependent combination of risk response measures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under course of action (risk response) ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}],"seeAlso":[{"text":"risk response","link":"risk_response"},{"text":"Risk Response"}]},{"term":"cover (TRANSEC)","link":"https://csrc.nist.gov/glossary/term/cover","abbrSyn":[{"text":"communications cover","link":"https://csrc.nist.gov/glossary/term/communications_cover"}],"definitions":[{"text":"Result of measures used to obfuscate message externals to resist traffic analysis.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See cover (TRANSEC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under communications cover "}]}]},{"term":"coverage","link":"https://csrc.nist.gov/glossary/term/coverage","definitions":[{"text":"The surface area or space volume in which the signals are adequate to permit the user to determine a position to a specified level of accuracy. Coverage is influenced by system geometry, signal power levels, receiver sensitivity, atmospheric noise conditions, and other factors that affect signal availability.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]},{"text":"An attribute associated with an assessment method that addresses the scope or breadth of the assessment objects included in the assessment (e.g., types of objects to be assessed and the number of objects to be assessed by type). The values for the coverage attribute, hierarchically from less coverage to more coverage, are basic, focused, and comprehensive.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Coverage ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Coverage "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The surface area or space volume in which the signals are adequate to permit the user to determine a position to a specified level of accuracy. Coverage is influenced by system geometry, signal power levels, receiver sensitivity, atmospheric noise conditions, and other factors that affect signal availability.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Coverage ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"Cover-Coding","link":"https://csrc.nist.gov/glossary/term/cover_coding","definitions":[{"text":"A technique to reduce the risks of eavesdropping by obscuring the information that is transmitted. The EPCglobal Class- 1 Generation-2 and ISO/IEC 18000-6C standards use cover-coding to obscure certain transmissions from readers to tags. A more detailed description of how cover-coding is used in these two standards can be found in Section 5.3.2.1 on cover-coding.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"covert channel","link":"https://csrc.nist.gov/glossary/term/covert_channel","definitions":[{"text":"An unintended or unauthorized intra-system channel that enables two cooperating entities to transfer information in a way that violates the system's security policy but does not exceed the entities' access authorizations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"covert storage channel","link":"covert_storage_channel"},{"text":"covert timing channel","link":"covert_timing_channel"},{"text":"exploitable channel","link":"exploitable_channel"},{"text":"overt channel","link":"overt_channel"}]},{"term":"covert channel analysis","link":"https://csrc.nist.gov/glossary/term/covert_channel_analysis","definitions":[{"text":"Analysis of the ability of an insider to exfiltrate data based on the design of a security device."},{"text":"Determination of the extent to which the security policy model and subsequent lower-level program descriptions may allow unauthorized access to information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Covert Channel Analysis ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"covert storage channel","link":"https://csrc.nist.gov/glossary/term/covert_storage_channel","definitions":[{"text":"Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Covert Storage Channel ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A system feature that enables one system entity to signal information to another entity by directly or indirectly writing a storage location that is later directly or indirectly read by the second entity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A system feature that enables one system entity to signal information to another entity by directly or indirectly writing to a storage location that is later directly or indirectly read by the second entity.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"covert channel","link":"covert_channel"}]},{"term":"Covert Testing","link":"https://csrc.nist.gov/glossary/term/covert_testing","definitions":[{"text":"Testing performed using covert methods and without the knowledge of the organization’s IT staff, but with full knowledge and permission of upper management.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"covert timing channel","link":"https://csrc.nist.gov/glossary/term/covert_timing_channel","definitions":[{"text":"Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Covert Timing Channel ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A system feature that enables one system entity to signal information to another by modulating its own use of a system resource in such a way as to affect system response time observed by the second entity. See: covert channel.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A system feature that enables one system entity to signal information to another by modulating its own use of a system resource in such a way as to affect system response time observed by the second entity.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}],"seeAlso":[{"text":"covert channel","link":"covert_channel"}]},{"term":"COW","link":"https://csrc.nist.gov/glossary/term/cow","abbrSyn":[{"text":"Cell on Wheels","link":"https://csrc.nist.gov/glossary/term/cell_on_wheels"}],"definitions":null},{"term":"CP","link":"https://csrc.nist.gov/glossary/term/cp","abbrSyn":[{"text":"certificate policy","link":"https://csrc.nist.gov/glossary/term/certificate_policy"},{"text":"Certificate Policy"},{"text":"Configuration Payload","link":"https://csrc.nist.gov/glossary/term/configuration_payload"},{"text":"Contingency Planning","link":"https://csrc.nist.gov/glossary/term/contingency_planning"}],"definitions":[{"text":"A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular CP might indicate applicability of a type of certificate to the authentication of parties engaging in business-to-business transactions for the trading of goods or services within a given price range."},{"text":"A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular certificate policy might indicate applicability of a type of certificate to the authentication of electronic data interchange transactions for the trading of goods within a given price range.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under certificate policy "}]},{"text":"See Information System Contingency Plan.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Contingency Planning "}]},{"text":"A named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications with common security requirements.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certificate Policy "}]}]},{"term":"CP Assist for Cryptographic Functions","link":"https://csrc.nist.gov/glossary/term/cp_assist_for_cryptographic_functions","abbrSyn":[{"text":"CPACF","link":"https://csrc.nist.gov/glossary/term/cpacf"}],"definitions":null},{"term":"CPA","link":"https://csrc.nist.gov/glossary/term/cpa","abbrSyn":[{"text":"Chosen Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/chosen_plaintext_attack"},{"text":"Correlation Power Analysis","link":"https://csrc.nist.gov/glossary/term/correlation_power_analysis"}],"definitions":null},{"term":"CP-ABE","link":"https://csrc.nist.gov/glossary/term/cp_abe","abbrSyn":[{"text":"ciphertext-policy attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/ciphertext_policy_attribute_based_encryption"}],"definitions":null},{"term":"CPACF","link":"https://csrc.nist.gov/glossary/term/cpacf","abbrSyn":[{"text":"CP Assist for Cryptographic Functions","link":"https://csrc.nist.gov/glossary/term/cp_assist_for_cryptographic_functions"}],"definitions":null},{"term":"CPE","link":"https://csrc.nist.gov/glossary/term/cpe","abbrSyn":[{"text":"Common Platform Enumeration"},{"text":"Common Platform Enumerations"},{"text":"Customer Premise Equipment","link":"https://csrc.nist.gov/glossary/term/customer_premise_equipment"}],"definitions":null},{"term":"CPE Attribute Comparison","link":"https://csrc.nist.gov/glossary/term/cpe_attribute_comparison","definitions":[{"text":"The first phase of CPE name matching, where a matching engine compares each of the A-V pairs of a source CPE name to the corresponding A-V pair of a target name in order to specify one of four possible logical attribute comparison relations for each attribute in a CPE name.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"CPE Dictionary","link":"https://csrc.nist.gov/glossary/term/cpe_dictionary","definitions":[{"text":"A repository of identifier CPE names (WFNs in bound form) and associated metadata.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"CPE Name","link":"https://csrc.nist.gov/glossary/term/cpe_name","definitions":[{"text":"An identifier for a unique uniform resource identifier (URI) assigned to a specific platform type that conforms to the CPE specification.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"CPE Name Comparison","link":"https://csrc.nist.gov/glossary/term/cpe_name_comparison","definitions":[{"text":"The second phase of CPE name matching, where the individual attribute comparison results from the first phase are analyzed as a collection to determine an overall comparison result for the two names. The result of a name comparison is the identification of the relationship between a source CPE name and target CPE name.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"CPE Name Matching","link":"https://csrc.nist.gov/glossary/term/cpe_name_matching","definitions":[{"text":"A one-to-one source-to-target comparison of CPE names. CPE name matching has two phases","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"CPIC","link":"https://csrc.nist.gov/glossary/term/cpic","abbrSyn":[{"text":"Capital Planning and Investment Control"},{"text":"Capital Planning Investment Control"}],"definitions":null},{"term":"CPNI","link":"https://csrc.nist.gov/glossary/term/cpni","abbrSyn":[{"text":"Centre for the Protection of National Infrastructure","link":"https://csrc.nist.gov/glossary/term/centre_for_the_protection_of_national_infrastructure"}],"definitions":null},{"term":"CPO","link":"https://csrc.nist.gov/glossary/term/cpo","abbrSyn":[{"text":"Chief Privacy Officer","link":"https://csrc.nist.gov/glossary/term/chief_privacy_officer"}],"definitions":[{"text":"See Senior Agency Official for Privacy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Privacy Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Privacy Officer "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Chief Privacy Officer "}]}]},{"term":"CPRT","link":"https://csrc.nist.gov/glossary/term/cprt","abbrSyn":[{"text":"Cybersecurity and Privacy Reference Tool","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_privacy_reference_tool"}],"definitions":null},{"term":"CPS","link":"https://csrc.nist.gov/glossary/term/cps","abbrSyn":[{"text":"Certification Practice Statement"},{"text":"Certification Practices Statement"},{"text":"Cyber Physical Systems"},{"text":"Cyber-Physical System"},{"text":"Cyber-Physical System or Systems"},{"text":"Cyber-Physical Systems"}],"definitions":[{"text":"A statement of the practices which a Certification Authority employs in issuing certificates.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Certification Practice Statement "}]},{"text":"A statement of the practices that a Certification Authority employs in issuing and managing public key certificates.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certification Practice Statement "}]}]},{"term":"CPSO","link":"https://csrc.nist.gov/glossary/term/cpso","abbrSyn":[{"text":"Chief Product Security Officer","link":"https://csrc.nist.gov/glossary/term/chief_product_security_officer"}],"definitions":null},{"term":"CPSSP","link":"https://csrc.nist.gov/glossary/term/cpssp","abbrSyn":[{"text":"Central Public Safety Service Provider","link":"https://csrc.nist.gov/glossary/term/central_public_safety_service_provider"}],"definitions":null},{"term":"CPU","link":"https://csrc.nist.gov/glossary/term/cpu","abbrSyn":[{"text":"Central Processing Unit","link":"https://csrc.nist.gov/glossary/term/central_processing_unit"},{"text":"Central Processing Units"}],"definitions":null},{"term":"CR","link":"https://csrc.nist.gov/glossary/term/cr","abbrSyn":[{"text":"Capability Requirement"},{"text":"Create, Read","link":"https://csrc.nist.gov/glossary/term/create_read"}],"definitions":null},{"term":"CRADA","link":"https://csrc.nist.gov/glossary/term/crada","abbrSyn":[{"text":"Collaborative Research and Development Agreement","link":"https://csrc.nist.gov/glossary/term/collaborative_research_and_development_agreement"},{"text":"Cooperative Research and Development Agreement","link":"https://csrc.nist.gov/glossary/term/cooperative_research_and_development_agreement"}],"definitions":null},{"term":"Cradle","link":"https://csrc.nist.gov/glossary/term/cradle","definitions":[{"text":"A docking station, which creates an interface between a user’s PC and PDA and enables communication and battery recharging.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A docking station, which creates an interface between a user’s PC and PDA, and enables communication and battery recharging.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"CRAM","link":"https://csrc.nist.gov/glossary/term/cram","abbrSyn":[{"text":"Challenge-Response Authentication Mechanism","link":"https://csrc.nist.gov/glossary/term/challenge_response_authentication_mechanism"}],"definitions":null},{"term":"CRC","link":"https://csrc.nist.gov/glossary/term/crc","abbrSyn":[{"text":"Contagion Research Center","link":"https://csrc.nist.gov/glossary/term/contagion_research_center"},{"text":"Cyclic Redundancy Check"},{"text":"Cyclical Redundancy Check"}],"definitions":[{"text":"A method to ensure data has not been altered after being sent through a communication channel.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Cyclical Redundancy Check "}]}]},{"term":"CRD","link":"https://csrc.nist.gov/glossary/term/crd","abbrSyn":[{"text":"Custom Resource Definition","link":"https://csrc.nist.gov/glossary/term/custom_resource_definition"}],"definitions":null},{"term":"Create, Read","link":"https://csrc.nist.gov/glossary/term/create_read","abbrSyn":[{"text":"CR","link":"https://csrc.nist.gov/glossary/term/cr"}],"definitions":null},{"term":"Create, Read, Update, Delete","link":"https://csrc.nist.gov/glossary/term/create_read_update_delete","abbrSyn":[{"text":"CRUD","link":"https://csrc.nist.gov/glossary/term/crud"}],"definitions":null},{"term":"CREDC","link":"https://csrc.nist.gov/glossary/term/credc","abbrSyn":[{"text":"Cyber Resilient Energy Delivery Consortium","link":"https://csrc.nist.gov/glossary/term/cyber_resilient_energy_delivery_consortium"}],"definitions":null},{"term":"credential","link":"https://csrc.nist.gov/glossary/term/credential","definitions":[{"text":"Evidence attesting to one’s right to credit or authority. In this Standard, it is the PIV Card or derived PIV credential associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity - via an identifier or identifiers - and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber. [NIST SP 800-63-3, adapted]","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","note":" - adapted"}]}]},{"text":"An object or data structure that authoritatively binds an identity - via an identifier or identifiers - and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber."},{"text":"2. 2. Evidence attesting to one’s right to credit or authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"3. 3. An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token processed and controlled by a Subscriber.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"1. 1. Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An object or data structure that authoritatively binds an identity - via an identifier or identifiers - and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber.\nWhile common usage often assumes that the subscriber maintains the credential, these guidelines also use the term to refer to electronic records maintained by the CSP that establish binding between the subscriber’s authenticator(s) and identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a card or token possessed and controlled by a cardholder or subscriber.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Credential "}]},{"text":"Evidence attesting to one’s right to credit or authority. In this standard, it is the PIV Card and data elements associated with an individual that authoritatively bind an identity (and, optionally, additional attributes) to that individual.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"An object or data structure that authoritatively binds an identity—via an identifier or identifiers–and (optionally) additional attributes to at least one authenticator possessed and controlled by a subscriber While common usage often assumes that the subscriber maintains the credential, these guidelines also use the term to refer to electronic records maintained by the Credential Service Providers that establish binding between the subscriber’s authenticator(s) and identity.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity - via an identifier or identifiers - and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber. \nWhile common usage often assumes that the subscriber maintains the credential, these guidelines also use the term to refer to electronic records maintained by the CSP that establish binding between the subscriber’s authenticator(s) and identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity—via an identifier or identifiers–and (optionally) additional attributes to at least one authenticator possessed and controlled by a subscriber While common usage often assumes that the subscriber maintains the credential, these guidelines also use the term to refer to electronic records maintained by the Credential Service Providers that establish binding between the subscriber’s authenticator(s) and identity","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity, via an identifier or identifiers, and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to an authenticator possessed and controlled by a subscriber.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Credential ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"A set of attributes that uniquely identifies a system entity such as a person, an organization, a service, or a device.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497","underTerm":" under Credential "}]},{"text":"Evidence attesting to one’s right to credit or authority; in this standard, it is the PIV Card and data elements associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Credential "}]},{"text":"An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. \nWhile common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Credential "}]}]},{"term":"Credential Management","link":"https://csrc.nist.gov/glossary/term/credential_management","definitions":[{"text":"To manage the life cycle of entity credentials used for authentication.","sources":[{"text":"NISTIR 7497","link":"https://doi.org/10.6028/NIST.IR.7497"}]}]},{"term":"Credential Management System","link":"https://csrc.nist.gov/glossary/term/credential_management_system","abbrSyn":[{"text":"CMS","link":"https://csrc.nist.gov/glossary/term/cms"}],"definitions":null},{"term":"credential service provider (CSP)","link":"https://csrc.nist.gov/glossary/term/credential_service_provider","abbrSyn":[{"text":"CSP","link":"https://csrc.nist.gov/glossary/term/csp"},{"text":"Federation Credential Service Provider","link":"https://csrc.nist.gov/glossary/term/federation_credential_service_provider"},{"text":"Identity Provider (IdP)","link":"https://csrc.nist.gov/glossary/term/identity_provider"},{"text":"Identity Service Provider (ISP)","link":"https://csrc.nist.gov/glossary/term/identity_service_provider"}],"definitions":[{"text":"A trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers. The CSP may encompass registration authorities (RAs) and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. A CSP may be an independent third party or issue credentials for its own use.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential Service Provider "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Credential Service Provider (CSP) "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Credential Service Provider (CSP) ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The party that manages the subscriber’s primary authentication credentials and issues assertions derived from those credentials. This is commonly the CSP as discussed within this document suite.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Identity Provider (IdP) "}]},{"text":"See Credential Service Provider.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Federation Credential Service Provider "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Identity Provider (IdP) "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Identity Service Provider (ISP) "}]},{"text":"A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Credential Service Provider (CSP) "}]}]},{"term":"Credit Card Number","link":"https://csrc.nist.gov/glossary/term/credit_card_number","abbrSyn":[{"text":"CCN","link":"https://csrc.nist.gov/glossary/term/ccn"}],"definitions":null},{"term":"CRI","link":"https://csrc.nist.gov/glossary/term/cri","abbrSyn":[{"text":"Container Runtime Interface","link":"https://csrc.nist.gov/glossary/term/container_runtime_interface"}],"definitions":null},{"term":"Criminal Justice Information Services","link":"https://csrc.nist.gov/glossary/term/criminal_justice_information_services","abbrSyn":[{"text":"CJIS","link":"https://csrc.nist.gov/glossary/term/cjis"}],"definitions":null},{"term":"CRISP","link":"https://csrc.nist.gov/glossary/term/crisp","abbrSyn":[{"text":"Cybersecurity Risk Information Sharing Program","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_information_sharing_program"}],"definitions":null},{"term":"CRISPR","link":"https://csrc.nist.gov/glossary/term/crispr","abbrSyn":[{"text":"Clustered Regularly Interspaced Short Palindromic Repeats","link":"https://csrc.nist.gov/glossary/term/clustered_regularly_interspaced_short_palindromic_repeats"}],"definitions":null},{"term":"CRISPR-Associated Protein","link":"https://csrc.nist.gov/glossary/term/crispr_associated_protein","abbrSyn":[{"text":"CRISPR-Cas","link":"https://csrc.nist.gov/glossary/term/crispr_cas"}],"definitions":null},{"term":"CRISPR-Cas","link":"https://csrc.nist.gov/glossary/term/crispr_cas","abbrSyn":[{"text":"CRISPR-Associated Protein","link":"https://csrc.nist.gov/glossary/term/crispr_associated_protein"}],"definitions":null},{"term":"critical","link":"https://csrc.nist.gov/glossary/term/critical","definitions":[{"text":"The designation assigned to a capability, system, or asset that without which will significantly degrade or prevent execution of a supported strategic mission.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"critical asset","link":"https://csrc.nist.gov/glossary/term/critical_asset","definitions":[{"text":"An asset of such extraordinary importance that its incapacitation or destruction would have a very serious, debilitating effect on the ability of an organization to fulfill its missions.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"DoDD 3020.40","link":"https://www.esd.whs.mil/Directives/issuances/dodd/"}]}]}]},{"term":"critical component","link":"https://csrc.nist.gov/glossary/term/critical_component","definitions":[{"text":"A component which is or contains information and communications technology (ICT), including hardware, software, and firmware, whether custom, commercial, or otherwise developed, and which delivers or protects mission critical functionality of a system or which, because of the system’s design, may introduce vulnerability to the mission critical functions of an applicable system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.44","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"A system element that, if compromised, damaged, or failed, could cause a mission or business failure.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Critical Component "},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Critical Component "}]}]},{"term":"critical infrastructure","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure","abbrSyn":[{"text":"CI","link":"https://csrc.nist.gov/glossary/term/ci"}],"definitions":[{"text":"The essential services that support a society and serve as the backbone for the society's economy, security and health.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"System and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"System and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Critical Infrastructure "}]},{"text":"Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"PL 107-56 (Patriot Act)","link":"https://www.govinfo.gov/app/details/PLAW-107publ56"}]}]},{"text":"Essential services and related assets that underpin American society and serve as the backbone of the nation's economy, security, and health.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS","note":" - Unknown Source"},{"text":"National Cybersecurity & Communications Integration Center","link":"https://www.cisa.gov/central"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Critical Infrastructure ","refSources":[{"text":"DHS"}]}]},{"text":"Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on cybersecurity, national economic security, national public health or safety, or any combination of those matters.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Critical Infrastructure "}]}]},{"term":"Critical Infrastructure and Key Resources","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_and_key_resources","abbrSyn":[{"text":"CIKR","link":"https://csrc.nist.gov/glossary/term/cikr"}],"definitions":null},{"term":"Critical Infrastructure Partnership Advisory Council","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_partnership_advisory_council","abbrSyn":[{"text":"CIPAC","link":"https://csrc.nist.gov/glossary/term/cipac"}],"definitions":null},{"term":"Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_protection","abbrSyn":[{"text":"CIP","link":"https://csrc.nist.gov/glossary/term/cip"}],"definitions":null},{"term":"Critical Infrastructure System","link":"https://csrc.nist.gov/glossary/term/critical_infrastructure_system","abbrSyn":[{"text":"CIS","link":"https://csrc.nist.gov/glossary/term/cis"}],"definitions":null},{"term":"critical program (or technology)","link":"https://csrc.nist.gov/glossary/term/critical_program_or_technology","definitions":[{"text":"A program which significantly increases capability, mission effectiveness or extends the expected effective life of an essential system/capability.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"DAU Glossary","link":"https://www.dau.edu/glossary/Pages/Glossary.aspx"}]}]}]},{"term":"Critical Security Control","link":"https://csrc.nist.gov/glossary/term/critical_security_control","abbrSyn":[{"text":"CSC","link":"https://csrc.nist.gov/glossary/term/csc"}],"definitions":null},{"term":"Critical Services","link":"https://csrc.nist.gov/glossary/term/critical_services","definitions":[{"text":"The subset of mission essential services required to conduct manufacturing operations. Function or capability that is required to maintain health, safety, the environment and availability for the equipment under control.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"ISA/IEC 62443"},{"text":"ISO/IEC 62443"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"ISO/IEC 62443"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"ISO/IEC 62443"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"ISO/IEC 62443"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"ISA/IEC 62443"}]}]}]},{"term":"critical software","link":"https://csrc.nist.gov/glossary/term/critical_software","abbrSyn":[{"text":"EO-critical software","link":"https://csrc.nist.gov/glossary/term/eo_critical_software"}],"definitions":[{"text":"Any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:\n· is designed to run with elevated privilege or manage privileges;\n· has direct or privileged access to networking or computing resources;\n· is designed to control access to data or operational technology;\n· performs a function critical to trust; or,\n· operates outside of normal trust boundaries with privileged access.","sources":[{"text":"Critical Software Definition (for EO 14028)","link":"https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/critical-software","underTerm":" under EO-critical software "}]}]},{"term":"Critical Value","link":"https://csrc.nist.gov/glossary/term/critical_value","definitions":[{"text":"The value that is exceeded by the test statistic with a small probability (significance level). A \"look-up\" or calculated value of a test statistic (i.e., a test statistic value) that, by construction, has a small probability of","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"criticality","link":"https://csrc.nist.gov/glossary/term/criticality","abbrSyn":[{"text":"criticality level","link":"https://csrc.nist.gov/glossary/term/criticality_level"}],"definitions":[{"text":"Degree of impact that a requirement, module, error, fault, failure, or other item has on the development or operation of a system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Criticality ","refSources":[{"text":"NIST SP 800-60"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Criticality "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Criticality "}]},{"text":"Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under criticality level "}]},{"text":"An attribute assigned to an asset that reflects its relative importance or necessity in achieving or contributing to the achievement of stated goals.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]}],"seeAlso":[{"text":"criticality level","link":"criticality_level"}]},{"term":"criticality analysis","link":"https://csrc.nist.gov/glossary/term/criticality_analysis","definitions":[{"text":"An end-to-end functional decomposition performed by systems engineers to identify mission critical functions and components. Includes identification of system missions, decomposition into the functions to perform those missions, and traceability to the hardware, software, and firmware components that implement those functions. Criticality is assessed in terms of the impact of function or component failure on the ability of the component to complete the system missions(s).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.44","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"criticality level","link":"https://csrc.nist.gov/glossary/term/criticality_level","abbrSyn":[{"text":"criticality","link":"https://csrc.nist.gov/glossary/term/criticality"}],"definitions":[{"text":"Degree of impact that a requirement, module, error, fault, failure, or other item has on the development or operation of a system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under criticality "}]},{"text":"A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under criticality ","refSources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"}]}]},{"text":"Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An attribute assigned to an asset that reflects its relative importance or necessity in achieving or contributing to the achievement of stated goals.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under criticality ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under criticality "},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under criticality ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]}],"seeAlso":[{"text":"criticality","link":"criticality"}]},{"term":"Criticality Reviews","link":"https://csrc.nist.gov/glossary/term/criticality_reviews","definitions":[{"text":"A determination of the ranking and priority of manufacturing system components, services, processes, and inputs in order to establish operational thresholds and recovery objectives.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"CRL","link":"https://csrc.nist.gov/glossary/term/crl","abbrSyn":[{"text":"Certificate Revocation List"},{"text":"Certification Revocation List","link":"https://csrc.nist.gov/glossary/term/certification_revocation_list"}],"definitions":[{"text":"A list of revoked public key certificates created and digitally signed by a certification authority.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Certificate Revocation List ","refSources":[{"text":"RFC 5280","link":"https://doi.org/10.17487/RFC5280","note":" - adapted"},{"text":"RFC 6818","link":"https://doi.org/10.17487/RFC6818","note":" - adapted"}]}]},{"text":"A list maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date.","sources":[{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Certificate Revocation List ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A list of digital certificates that have been revoked by an issuing CA before their scheduled expiration date and should no longer be trusted.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Revocation List "}]},{"text":"A list of revoked public key certificates created and digitally signed by a Certification Authority.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certificate Revocation List "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Certificate Revocation List ","refSources":[{"text":"RFC 3280","link":"https://doi.org/10.17487/RFC3280"}]}]}]},{"term":"CRO","link":"https://csrc.nist.gov/glossary/term/cro","abbrSyn":[{"text":"Chief Risk Officer","link":"https://csrc.nist.gov/glossary/term/chief_risk_officer"}],"definitions":null},{"term":"Cross Agency Priority","link":"https://csrc.nist.gov/glossary/term/cross_agency_priority","abbrSyn":[{"text":"CAP","link":"https://csrc.nist.gov/glossary/term/cap"}],"definitions":null},{"term":"cross domain","link":"https://csrc.nist.gov/glossary/term/cross_domain","abbrSyn":[{"text":"CD","link":"https://csrc.nist.gov/glossary/term/cd"}],"definitions":[{"text":"The act of manually and/or automatically accessing and/or transferring information between different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"A Compact Disc(CD)is a class of media from which data are readby optical means.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CD "}]}]},{"term":"cross domain baseline list","link":"https://csrc.nist.gov/glossary/term/cross_domain_baseline_list","definitions":[{"text":"A list managed by the unified cross domain services management office (UCDSMO) that identifies CDSs that are available for deployment within the Department of Defense (DoD) and intelligence community (IC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"cross domain capabilities","link":"https://csrc.nist.gov/glossary/term/cross_domain_capabilities","definitions":[{"text":"The set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cross domain enabled","link":"https://csrc.nist.gov/glossary/term/cross_domain_enabled","definitions":[{"text":"Applications/services that exist on and are capable of interacting across two or more different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cross domain portal","link":"https://csrc.nist.gov/glossary/term/cross_domain_portal","definitions":[{"text":"A single web-site providing access to cross domain services.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cross domain solution (CDS) filtering","link":"https://csrc.nist.gov/glossary/term/cross_domain_solution_filtering","definitions":[{"text":"The process of inspecting data as it traverses a cross domain solution and determining if the data meets pre-defined policy."},{"text":"The process of inspecting data as it traverses a cross domain solution and determines if the data meets pre-defined policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cross domain sunset list","link":"https://csrc.nist.gov/glossary/term/cross_domain_sunset_list","definitions":[{"text":"A list managed by the unified cross domain services management office (UCDSMO) that identifies cross domain solutions (CDSs) that are or have been in operation, but are no longer available for additional deployment and need to be replaced within a specified period of time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Cross-certification","link":"https://csrc.nist.gov/glossary/term/cross_certification","definitions":[{"text":"A process whereby two CAs establish a trust relationship between them by each CA signing a certificate containing the public key of the other CA.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Cross-certify","link":"https://csrc.nist.gov/glossary/term/cross_certify","definitions":[{"text":"The establishment of a trust relationship between two Certification Authorities (CAs) through the signing of each other's public key in certificates; referred to as a “cross-certificate.”","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"Cross-Domain Solutions","link":"https://csrc.nist.gov/glossary/term/cross_domain_solutions","abbrSyn":[{"text":"CDS","link":"https://csrc.nist.gov/glossary/term/cds"}],"definitions":null},{"term":"crosslinks","link":"https://csrc.nist.gov/glossary/term/crosslinks","definitions":[{"text":"Communication between satellites.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Cross-Origin Resource Sharing","link":"https://csrc.nist.gov/glossary/term/cross_origin_resource_sharing","abbrSyn":[{"text":"CORS","link":"https://csrc.nist.gov/glossary/term/cors"}],"definitions":null},{"term":"Cross-site Request Forgery (CSRF)","link":"https://csrc.nist.gov/glossary/term/cross_site_request_forgery","abbrSyn":[{"text":"CSRF","link":"https://csrc.nist.gov/glossary/term/csrf"}],"definitions":[{"text":"An attack in which a subscriber currently authenticated to an RP and connected through a secure session browses to an attacker’s website, causing the subscriber to unknowingly invoke unwanted actions at the RP. \nFor example, if a bank website is vulnerable to a CSRF attack, it may be possible for a subscriber to unintentionally authorize a large money transfer, merely by viewing a malicious link in a webmail message while a connection to the bank is open in another browser window.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An attack in which a subscriber currently authenticated to an RP and connected through a secure session browses to an attacker’s website, causing the subscriber to unknowingly invoke unwanted actions at the RP.\nFor example, if a bank website is vulnerable to a CSRF attack, it may be possible for a subscriber to unintentionally authorize a large money transfer, merely by viewing a malicious link in a webmail message while a connection to the bank is open in another browser window.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A type of Web exploit where an unauthorized party causes commands to be transmitted by a trusted user of a Web site without that user’s knowledge.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Cross-Site Request Forgery "}]},{"text":"An attack in which a Subscriber who is currently authenticated to an RP and connected through a secure session, browses to an Attacker’s website which causes the Subscriber to unknowingly invoke unwanted actions at the RP. \nFor example, if a bank website is vulnerable to a CSRF attack, it may be possible for a Subscriber to unintentionally authorize a large money transfer, merely by viewing a malicious link in a webmail message while a connection to the bank is open in another browser window.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cross Site Request Forgery (CSRF) "}]}]},{"term":"Cross-site Scripting (XSS)","link":"https://csrc.nist.gov/glossary/term/cross_site_scripting","abbrSyn":[{"text":"XSS","link":"https://csrc.nist.gov/glossary/term/xss"}],"definitions":[{"text":"A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user-supplied data from requests or forms without sanitizing the data so that it is not executable.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A vulnerability that allows attackers to inject malicious code into an otherwise benign website.\nThese scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user-supplied data from requests or forms without sanitizing the data so that it is not executable.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"Cross-Site Scripting is a security flaw found in some Web applications that enables unauthorized parties to cause client-side scripts to be executed by other users of the Web application.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Cross-Site Scripting "}]},{"text":"A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user supplied data from requests or forms without sanitizing the data so that it is not executable.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cross Site Scripting (XSS) "}]}]},{"term":"Crown Jewels Analysis","link":"https://csrc.nist.gov/glossary/term/crown_jewels_analysis","abbrSyn":[{"text":"CJA","link":"https://csrc.nist.gov/glossary/term/cja"}],"definitions":null},{"term":"CRPA","link":"https://csrc.nist.gov/glossary/term/crpa","abbrSyn":[{"text":"controlled reception patterned antenna","link":"https://csrc.nist.gov/glossary/term/controlled_reception_patterned_antenna"}],"definitions":null},{"term":"CRR","link":"https://csrc.nist.gov/glossary/term/crr","abbrSyn":[{"text":"Cyber Resilience Review","link":"https://csrc.nist.gov/glossary/term/cyber_resilience_review"}],"definitions":null},{"term":"CRS","link":"https://csrc.nist.gov/glossary/term/crs","abbrSyn":[{"text":"Central Reservation System","link":"https://csrc.nist.gov/glossary/term/central_reservation_system"},{"text":"Collaborative Robotic System","link":"https://csrc.nist.gov/glossary/term/collaborative_robotic_system"},{"text":"Cyber Resiliency and Survivability","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_and_survivability"}],"definitions":null},{"term":"CRSRA","link":"https://csrc.nist.gov/glossary/term/crsra","abbrSyn":[{"text":"Commercial Remote Sensing Regulatory Affairs","link":"https://csrc.nist.gov/glossary/term/commercial_remote_sensing_regulatory_affairs"}],"definitions":null},{"term":"CRT","link":"https://csrc.nist.gov/glossary/term/crt","abbrSyn":[{"text":"Chinese Remainder Theorem","link":"https://csrc.nist.gov/glossary/term/chinese_remainder_theorem"}],"definitions":null},{"term":"CRTM","link":"https://csrc.nist.gov/glossary/term/crtm","abbrSyn":[{"text":"Core Root of Trust for Measurement"}],"definitions":null},{"term":"CRTV","link":"https://csrc.nist.gov/glossary/term/crtv","abbrSyn":[{"text":"Core Root of Trust for Verification","link":"https://csrc.nist.gov/glossary/term/core_root_of_trust_for_verification"}],"definitions":null},{"term":"CRUD","link":"https://csrc.nist.gov/glossary/term/crud","abbrSyn":[{"text":"Create, Read, Update, Delete","link":"https://csrc.nist.gov/glossary/term/create_read_update_delete"}],"definitions":null},{"term":"cryptanalysis","link":"https://csrc.nist.gov/glossary/term/cryptanalysis","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"}],"definitions":[{"text":"2. The study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"1. Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Operations performed in defeating cryptographic protection without an initial knowledge of the key employed in providing the protection.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"1. Operations performed to defeat cryptographic protection without an initial knowledge of the key employed in providing the protection.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"2. The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptanalysis "}]},{"text":"The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptanalysis "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptanalysis "}]},{"text":"1. Operations performed to defeat cryptographic protection without an initial knowledge of the key employed in providing the protection. 2. The study of mathematical techniques for attempting to defeat cryptographic techniques and information-system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Cryptanalysis "}]},{"text":"The study of mathematical techniques for attempting to defeat cryptographic techniques and information system security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or in the algorithm itself.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptanalysis "}]}]},{"term":"Cryptographic Accelerator","link":"https://csrc.nist.gov/glossary/term/cryptographic_accelerator","definitions":[{"text":"A specialized separate coprocessor chip from the main processing unit where cryptographic tasks are offloaded to for performance benefits.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"cryptographic alarm","link":"https://csrc.nist.gov/glossary/term/cryptographic_alarm","definitions":[{"text":"Circuit or device that detects failures or aberrations in the logic or operation of cryptographic equipment. Crypto-alarm may inhibit transmission or may provide a visible and/or audible alarm.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cryptographic algorithm","link":"https://csrc.nist.gov/glossary/term/cryptographic_algorithm","definitions":[{"text":"1. A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cryptographic algorithm (crypto-algorithm) ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"2. Well-defined procedure or sequence of rules or steps, or a series of mathematical equations used to describe cryptographic processes such as encryption/decryption, key generation, authentication, signatures, etc.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cryptographic algorithm (crypto-algorithm) ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"A well-defined computational procedure that takes variable inputs, often including a cryptographic key, and produces an output.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Cryptographic Algorithm ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A well-defined computational procedure that takes variable inputs, including a cryptographic key (if applicable), and produces an output.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"A well-defined computational procedure that takes variable inputs (often including a cryptographic key) and produces an output.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Cryptographic Algorithm Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_algorithm_validation_program","abbrSyn":[{"text":"CAVP","link":"https://csrc.nist.gov/glossary/term/cavp"}],"definitions":null},{"term":"Cryptographic Algorithm Validation System","link":"https://csrc.nist.gov/glossary/term/cryptographic_algorithm_validation_system","abbrSyn":[{"text":"CAVS","link":"https://csrc.nist.gov/glossary/term/cavs"}],"definitions":null},{"term":"Cryptographic and Security Testing","link":"https://csrc.nist.gov/glossary/term/cryptographic_and_security_testing","abbrSyn":[{"text":"CST","link":"https://csrc.nist.gov/glossary/term/cst"}],"definitions":null},{"term":"Cryptographic and Security Testing Laboratory","link":"https://csrc.nist.gov/glossary/term/cryptographic_and_security_testing_laboratory","abbrSyn":[{"text":"CSTL","link":"https://csrc.nist.gov/glossary/term/cstl"}],"definitions":null},{"term":"Cryptographic API: Next Generation","link":"https://csrc.nist.gov/glossary/term/cryptographic_api_next_generation","abbrSyn":[{"text":"CNG","link":"https://csrc.nist.gov/glossary/term/cng"}],"definitions":[{"text":"The long-term replacement for the Cryptographic Application Programming Interface (CAPI).","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptography API: Next Generation "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptography API: Next Generation "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Cryptography API: Next Generation "}]}]},{"term":"Cryptographic application","link":"https://csrc.nist.gov/glossary/term/cryptographic_application","definitions":[{"text":"An application that performs a cryptographic function.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Cryptographic Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/cryptographic_application_programming_interface","abbrSyn":[{"text":"CAPI","link":"https://csrc.nist.gov/glossary/term/capi"}],"definitions":[{"text":"An application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. While providing a consistent API for applications, API allows for specialized cryptographic modules (cryptographic service providers) to be provided by third parties, such as hardware security module (HSM) manufacturers. This enables applications to leverage the additional security of HSMs while using the same APIs they use to access built-in Windows cryptographic service providers. (Also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Cryptographic Authenticator","link":"https://csrc.nist.gov/glossary/term/cryptographic_authenticator","definitions":[{"text":"An authenticator where the secret is a cryptographic key.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"cryptographic binding","link":"https://csrc.nist.gov/glossary/term/cryptographic_binding","definitions":[{"text":"Associating two or more related elements of information using cryptographic techniques.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cryptographic checksum","link":"https://csrc.nist.gov/glossary/term/cryptographic_checksum","definitions":[{"text":"A mathematical value created using a cryptographic algorithm that is assigned to data and later used to test the data to verify that the data has not changed.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"Cryptographic device","link":"https://csrc.nist.gov/glossary/term/cryptographic_device","definitions":[{"text":"A physical device that performs a cryptographic function (e.g., random number generation, message authentication, digital signature generation, encryption, or key establishment). A cryptographic device must employ one or more cryptographic modules for cryptographic operations. The device may also be composed from other applications and components in addition to the cryptographic module(s). A cryptographic device may be a stand-alone cryptographic mechanism or a CKMS component.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Cryptographic Engineering Research Group","link":"https://csrc.nist.gov/glossary/term/cryptographic_engineering_research_group","abbrSyn":[{"text":"CERG","link":"https://csrc.nist.gov/glossary/term/cerg"}],"definitions":null},{"term":"cryptographic erase","link":"https://csrc.nist.gov/glossary/term/cryptographic_erase","abbrSyn":[{"text":"CE","link":"https://csrc.nist.gov/glossary/term/ce"}],"definitions":[{"text":"A method of sanitization in which the media encryption key (MEK) for the encrypted Target Data is sanitized, making recovery of the decrypted Target Data infeasible.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"See Cryptographic Erase.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under CE "}]},{"text":"A method of Sanitization in which the Media Encryption Key(MEK) for the encryptedTarget Data (or the KeyEncryption Key–KEK) is sanitized, making recovery of the decrypted Target Data infeasible.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Cryptographic Erase "}]}]},{"term":"Cryptographic function","link":"https://csrc.nist.gov/glossary/term/cryptographic_function","definitions":[{"text":"Cryptographic algorithms, together with modes of operation (if appropriate); for example, block ciphers, digital signature algorithms, asymmetric key-establishment algorithms, message authentication codes, hash functions, or random bit generators.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Cryptographic hash function","link":"https://csrc.nist.gov/glossary/term/cryptographic_hash_function","abbrSyn":[{"text":"Hash function"}],"definitions":[{"text":"

A function that maps a bit string of arbitrary length to a fixed-length bit string. Depending upon the relying application, the security strength that can be supported by a hash function is typically measured by the extent to which it possesses one or more of the following properties

1. (Collision resistance) It is computationally infeasible to find any two distinct inputs that map to the same output.

2. (Preimage resistance) Given a randomly chosen target output, it is computationally infeasible to find any input that maps to that output. (This property is called the one-way property.)

3. (Second preimage resistance) Given one input value, it is computationally infeasible to find a second (distinct) input value that maps to the same output as the first value.

This Recommendation uses the strength of the preimage resistance of a hash function as a contributing factor when determining the security strength provided by a key-derivation method.

Approved hash functions are specified in [FIPS 180] and [FIPS 202].

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Hash function "}]},{"text":"

A function on bit strings in which the length of the output is fixed. Approved hash functions (such as those specified in FIPS 180 and FIPS 202) are designed to satisfy the following properties:

1. (One-way) It is computationally infeasible to find any input that maps to any new pre-specified output

2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.

","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string and is expected to have the following three properties: \n1) Collision resistance (see Collision resistance), \n2) Preimage resistance (see Preimage resistance) and \n3) Second preimage resistance (see Second preimage resistance). \nApproved cryptographic hash functions are specified in [FIPS 180-3].","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. The function is expected to have the following three properties:\n1. Collision resistance (see Collision resistance),\n2. Preimage resistance (see Preimage resistance) and\n3. Second preimage resistance (see Second preimage resistance).\nApproved hash functions are specified in [FIPS 180-4].","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions are designed to satisfy the following properties:\n1.  (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and\n2.  (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.\nApproved hash functions are specified in FIPS 180-3.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are expected to satisfy the following properties: \n1. One-way: It is computationally infeasible to find any input that maps to any pre-specified output, and \n2. Collision resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Hash function "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"See Hash function.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are expected to satisfy the following properties: 1. One-way: it is computationally infeasible to find any input that maps to any pre-specified output, and 2. Collision resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are designed to satisfy the following properties:\n1.     (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and\n2.     (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.\nApproved hash functions are specified in FIPS 180.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary (although bounded) length to a fixed-length bit string. Approved hash functions satisfy the following properties: \n1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and \n2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. One-way – It is computationally infeasible to find any input that maps to any pre-specified output. 2. Collision resistant – It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"See cryptographic hash function.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary (although bounded) length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output. 2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary lenth to a fixed-length bit string.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Hash function "}]}],"seeAlso":[{"text":"Hashing algorithm","link":"hashing_algorithm"}]},{"term":"Cryptographic Hash Value","link":"https://csrc.nist.gov/glossary/term/cryptographic_hash_value","definitions":[{"text":"The result of applying a cryptographic hash function to data (e.g., a message).","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","refSources":[{"text":"NIST SP 800-57"}]}]}]},{"term":"Cryptographic Ignition Key","link":"https://csrc.nist.gov/glossary/term/cryptographic_ignition_key","abbrSyn":[{"text":"CIK","link":"https://csrc.nist.gov/glossary/term/cik"}],"definitions":[{"text":"Device or electronic key used to unlock the secure mode of cryptographic equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cryptographic ignition key (CIK) ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"cryptographic incident","link":"https://csrc.nist.gov/glossary/term/cryptographic_incident","definitions":[{"text":"Any uninvestigated or unevaluated equipment malfunction or operator or COMSEC Account Manager error that has the potential to jeopardize the cryptographic security of a machine, off-line manual cryptosystem OR any investigated or evaluated occurrence that has been determined as not jeopardizing the cryptographic security of a cryptosystem.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"cryptographic initialization","link":"https://csrc.nist.gov/glossary/term/cryptographic_initialization","definitions":[{"text":"Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cryptographic key","link":"https://csrc.nist.gov/glossary/term/cryptographic_key","abbrSyn":[{"text":"Key"}],"definitions":[{"text":"A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Cryptographic Key "}]},{"text":"A bit string used as a secret parameter by a cryptographic algorithm. In this Recommendation, a cryptographic key is either a random bit string of a length specified by the cryptographic algorithm or a pseudorandom bit string of the required length that is computationally indistinguishable from one selected uniformly at random from the set of all bit strings of that length.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"A parameter used with a cryptographic algorithm that determines its operation.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Cryptographic key "}]},{"text":"The parameter of a block cipher that determines the selection of a permutation from the block cipher family.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation. \nExamples applicable to this Standard include: \n1. The computation of a digital signature from data, and \n2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Key ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under cryptographic key (key) "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Cryptographic Key (Key) "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples applicable to this Recommendation include: 1. The computation of a digital signature from data, and 2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Key "}]},{"text":"A parameter used with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples applicable to this Recommendation include:\n1. The computation of a keyed-hash message authentication code.\n2. The verification of a keyed-hash message authentication code.\n3. The generation of a digital signature on a message.\n4. The verification of a digital signature.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Key "}]},{"text":"A  binary  string  used  as  a  secret  parameter  by  a  cryptographic algorithm. In this Recommendation, a cryptographic key shall be either a truly random binary string of a length specified by the cryptographic algorithm or a pseudorandom binary string of the specified length that is computationally indistinguishable from one selected uniformly at random from the set of all binary strings of that length.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Cryptographic key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples of cryptographic operations requiring the use of cryptographic keys include: \n1. The transformation of plaintext data into ciphertext data, \n2. The transformation of ciphertext data into plaintext data, \n3. The computation of a digital signature from data, \n4. The verification of a digital signature, \n5. The computation of an authentication code from data, \n6. The verification of an authentication code from data and a received authentication code, \n7. The computation of a shared secret that is used to derive keying material. \n8. The derivation of additional keying material from a key-derivation key (i.e., a pre-shared key).","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Cryptographic key (key) "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines the algorithm’s operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples include:\n1. The transformation of plaintext data into ciphertext data,\n2. The transformation of ciphertext data into plaintext data,\n3. The computation of a digital signature from data,\n4. The verification of a digital signature,\n5. The computation of an authentication code from data,\n6. The verification of an authentication code from data and a received authentication code.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Cryptographic key (key) "}]},{"text":"A parameter that determines the transformation from plaintext to ciphertext and vice versa. (A DEA key is a 64-bit parameter consisting of 56 independent bits and 8 parity bits). Multiple (1, 2 or 3) keys may be used in the Triple Data Encryption Algorithm.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Cryptographic key "}]},{"text":"A parameter used in the block cipher algorithm that determines the forward cipher operation and the inverse cipher operation.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Cryptographic Key "}]},{"text":"The parameter of the block cipher that determines the selection of the forward cipher function from the family of permutations.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Key "}]},{"text":"A parameter used in the block cipher algorithm that determines the forward cipher function.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Cryptographic Key "}]},{"text":"A parameter used with a cryptographic algorithm that determines its operation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Cryptographic key (Key) "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Cryptographic key (Key) "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples include:\n\n• the transformation of plaintext data into ciphertext data,\n• the transformation of ciphertext data into plaintext data,\n• the computation of a digital signature from data,\n• the verification of a digital signature,\n• the computation of an authentication code from data,\n• the computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptographic key (key) "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. For the purposes of these guidelines, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1.\nSee also Asymmetric Keys, Symmetric Key.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Cryptographic Key "}]},{"text":"A parameter that determines the transformation using DEA and TDEA forward and inverse operations.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Cryptographic Key "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Cryptographic Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce the operation, while an entity without knowledge of the key cannot. Examples of the use of a key that are applicable to this Recommendation include: 1. The computation of a digital signature from data, and 2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Key "}]},{"text":"A parameter that determines the operation of a cryptographic function, such as: \n1. The transformation from plaintext to ciphertext and vice versa, \n2. The generation of keying material, or \n3. A digital signature computation or verification.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Cryptographic Key (Key) "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples include: The transformation of plaintext data inot cipertext data, the transformation of ciphertext into plaintext data, The computation of a digital signautre from data, The verification of a digital signautre, The computation of an authentication code from data, The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptographic key (key) "}]},{"text":"See cryptographic key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Key "},{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Key "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the correct key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples of cryptographic operations requiring the use of cryptographic keys include: 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of an authentication code from data, 6. The verification of an authentication code from data and a received authentication code, 7. The computation of a shared secret that is used to derive keying material. 8. The derivation of additional keying material from a keyderivation key (i.e., a pre-shared key).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Cryptographic key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce, reverse or verify the operation, while an entity without knowledge of the key cannot. Examples include: \n1. The transformation of plaintext data into ciphertext data, \n2. The transformation of ciphertext data into plaintext data, \n3. The computation of a digital signature from data, \n4. The verification of a digital signature on data, \n5. The computation of an authentication code from data, \n6. The verification of an authentication code from data and a received authentication code, \n7. The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptographic key (key) "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. For the purposes of these guidelines, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1. \nSee also Asymmetric Keys, Symmetric Key.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Cryptographic Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation while an entity without knowledge of the key cannot. Examples include 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of a message authentication code (MAC) from data, 6. The verification of a MAC received with data, 7. The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Cryptographic key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce, reverse or verify the operation while an entity without knowledge of the key cannot. Examples include: 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature on data, 5. The computation of an authentication code from data, 6. The verification of an authentication code from data and a received or retrieved authentication code, and 7. The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Cryptographic key (key) "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the correct key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples of cryptographic operations requiring the use of cryptographic keys include:\n1. The transformation of plaintext data into ciphertext data,\n2. The transformation of ciphertext data into plaintext data,\n3. The computation of a digital signature from data,\n4. The verification of a digital signature,\n5. The computation of a message authentication code (MAC) from data,\n6. The verification of a MAC from data and a received MAC,\n7. The computation of a shared secret that is used to derive keying material, and\n8. The derivation of additional keying material from a keyderivation key (e.g., a pre-shared key).\nThe specification of a cryptographic algorithm (as employed in a particular application) typically declares which of its parameters are keys.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Cryptographic key (key) "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Cryptographic Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"A cryptographic key. In this document, keys generally refer to public key cryptography key pairs used for authentication of users and/or machines (using digital signatures). Examples include identity key and authorized keys. The SSH protocol also uses host keys that are used for authenticating SSH servers to SSH clients connecting them.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966","underTerm":" under Key "}]},{"text":"See “Cryptographic Key”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples include: 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of an authentication code from data, 6. The verification of an authentication code from data and a received authentication code, 7. The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptographic key (key) "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification. For the purposes of this document, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1. \nSee also Asymmetric keys, Symmetric key.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cryptographic Key "}]}],"seeAlso":[{"text":"Asymmetric keys"},{"text":"Asymmetric Keys"},{"text":"Symmetric key"},{"text":"Symmetric Key"}]},{"term":"Cryptographic key component","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_component","abbrSyn":[{"text":"Key component","link":"https://csrc.nist.gov/glossary/term/key_component"}],"definitions":[{"text":"One of at least two parameters that have the same security properties (e.g., randomness) as a cryptographic key; parameters are combined in an approved security function to form a plaintext cryptographic key before use.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptographic key component (key component) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptographic key component (key component) "}]},{"text":"See Cryptographic key component.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key component "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key component "}]},{"text":"One of at least two parameters that have the same format as a cryptographic key; parameters are combined in an Approved security function to form a plaintext cryptographic key before use.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptographic key component (key component) "}]},{"text":"One of at least two parameters that have the same security properties (e.g., randomness) as a cryptographic key; parameters are combined using an approved cryptographic function to form a plaintext cryptographic key before use.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key component "}]}]},{"term":"Cryptographic Key Management System Practice Statement","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_management_system_practice_statement","abbrSyn":[{"text":"CKMS PS","link":"https://csrc.nist.gov/glossary/term/ckms_ps"}],"definitions":null},{"term":"Cryptographic Key Management System Security Policy","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_management_system_security_policy","abbrSyn":[{"text":"CKMS SP","link":"https://csrc.nist.gov/glossary/term/ckms_sp"}],"definitions":null},{"term":"Cryptographic keying relationship","link":"https://csrc.nist.gov/glossary/term/cryptographic_keying_relationship","definitions":[{"text":"Two or more entities share the same symmetric key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The state existing between two entities such that they share at least one cryptographic key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Keying relationship, cryptographic "}]}]},{"term":"Cryptographic mechanism","link":"https://csrc.nist.gov/glossary/term/cryptographic_mechanism","definitions":[{"text":"An element of a cryptographic application, process, module or device that provides a cryptographic service, such as confidentiality, integrity, source authentication, and access control (e.g., encryption and decryption, and digital signature generation and verification).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Cryptographic Message Syntax","link":"https://csrc.nist.gov/glossary/term/cryptographic_message_syntax","abbrSyn":[{"text":"CMS","link":"https://csrc.nist.gov/glossary/term/cms"}],"definitions":null},{"term":"cryptographic module","link":"https://csrc.nist.gov/glossary/term/cryptographic_module","definitions":[{"text":"The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Cryptographic Module ","refSources":[{"text":"FIPS 140-1","link":"/publications/detail/fips/140/1/archive/1994-01-11"}]}]},{"text":"A cryptographic module whose keys and/or metadata have been subjected to unauthorized access, modification, or disclosure while contained within the cryptographic module.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Cryptographic module (compromised) "}]},{"text":"A set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Cryptographic Module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 140-3","link":"https://doi.org/10.6028/NIST.FIPS.140-3 "}]}]}]},{"term":"Cryptographic module","link":"https://csrc.nist.gov/glossary/term/Cryptographicmodule","abbrSyn":[{"text":"Module"}],"definitions":[{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic module boundary. See [FIPS 140].","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"See Cryptographic module.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Module "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"The set of hardware, software, and/or firmware that implements approved cryptographic functions (including key generation) that are contained within the cryptographic boundary of the module.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic module boundary. See FIPS 140.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"See Cryptographic module","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Module "}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms), holds plaintext keys and uses them for performing cryptographic operations, and is contained within a cryptographic module boundary. This Profile requires the use of a validated cryptographic module as specified in [FIPS 140].","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions and is contained within a cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and keygeneration methods) and is contained within a cryptographic module boundary. See FIPS 140.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"an embedded software component of a product or application, or a complete product in-and-of-itself that has one or more capabilities.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under Module "}]}]},{"term":"Cryptographic Module Security Policy","link":"https://csrc.nist.gov/glossary/term/cryptographic_module_security_policy","definitions":[{"text":"A specification of the security rules under which a cryptographic module is designed to operate.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Cryptographic Module Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_module_validation_program","abbrSyn":[{"text":"CMVP","link":"https://csrc.nist.gov/glossary/term/cmvp"}],"definitions":null},{"term":"Cryptographic Modules User Forum","link":"https://csrc.nist.gov/glossary/term/cryptographic_modules_user_forum","abbrSyn":[{"text":"CMUF","link":"https://csrc.nist.gov/glossary/term/cmuf"}],"definitions":null},{"term":"Cryptographic officer","link":"https://csrc.nist.gov/glossary/term/cryptographic_officer","definitions":[{"text":"An FCKMS role that is responsible for and authorized to initialize and manage all cryptographic services, functions, and keys of the FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Cryptographic operation","link":"https://csrc.nist.gov/glossary/term/cryptographic_operation","definitions":[{"text":"The execution of a cryptographic algorithm. Cryptographic operations are performed in cryptographic modules.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Cryptographic primitive","link":"https://csrc.nist.gov/glossary/term/cryptographic_primitive","definitions":[{"text":"A low-level cryptographic algorithm used as a basic building block for higher-level cryptographic algorithms.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"cryptographic product","link":"https://csrc.nist.gov/glossary/term/cryptographic_product","definitions":[{"text":"A cryptographic key (public, private, or shared) or public key certificate, used for encryption, decryption, digital signature, or signature verification; and other items, such as compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same source which validate the authenticity of keys or certificates. Protected software which generates or regenerates keys or certificates may also be considered a cryptographic product.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Software, hardware or firmware that includes one or more cryptographic functions. A cryptographic product is or contains a cryptographic module.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptographic product "}]}]},{"term":"cryptographic randomization","link":"https://csrc.nist.gov/glossary/term/cryptographic_randomization","definitions":[{"text":"Function that randomly determines the transmit state of a cryptographic logic.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cryptographic service","link":"https://csrc.nist.gov/glossary/term/cryptographic_service","definitions":[{"text":"A service that provides confidentiality, integrity, source authentication, entity authentication, non-repudiation support, access control and availability (e.g., encryption and decryption, and digital signature generation and verification).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"cryptographic solution","link":"https://csrc.nist.gov/glossary/term/cryptographic_solution","definitions":[{"text":"The generic term for a cryptographic device, COMSEC equipment, or combination of such devices/equipment containing either a classified algorithm or an unclassified algorithm.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"cryptographic synchronization","link":"https://csrc.nist.gov/glossary/term/cryptographic_synchronization","definitions":[{"text":"Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cryptographic system analysis","link":"https://csrc.nist.gov/glossary/term/cryptographic_system_analysis","definitions":[{"text":"Process of establishing the exploitability of a cryptographic system, normally by reviewing transmitted traffic protected or secured by the system under study.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cryptographic system evaluation","link":"https://csrc.nist.gov/glossary/term/cryptographic_system_evaluation","definitions":[{"text":"Process of determining vulnerabilities of a cryptographic system and recommending countermeasures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cryptographic system review","link":"https://csrc.nist.gov/glossary/term/cryptographic_system_review","definitions":[{"text":"Examination of a cryptographic system by the controlling authority ensuring its adequacy of design and content, continued need, and proper distribution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"cryptographic system survey","link":"https://csrc.nist.gov/glossary/term/cryptographic_system_survey","definitions":[{"text":"Management technique in which actual holders of a cryptographic system express opinions on the system's suitability and provide usage information for technical evaluations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Cryptographic Technology Group","link":"https://csrc.nist.gov/glossary/term/cryptographic_technology_group","abbrSyn":[{"text":"CTG","link":"https://csrc.nist.gov/glossary/term/ctg"}],"definitions":null},{"term":"cryptographic token","link":"https://csrc.nist.gov/glossary/term/cryptographic_token","definitions":[{"text":"2. A token where the secret is a cryptographic key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"1. A portable, user-controlled, physical device (e.g., smart card or PC card) used to store cryptographic information and possibly also perform cryptographic functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A token where the secret is a cryptographic key.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cryptographic Token "}]}],"seeAlso":[{"text":"token","link":"token"}]},{"term":"Cryptographic Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_validation_program","abbrSyn":[{"text":"CVP","link":"https://csrc.nist.gov/glossary/term/cvp"}],"definitions":null},{"term":"cryptologic","link":"https://csrc.nist.gov/glossary/term/cryptologic","definitions":[{"text":"The term 'cryptologic' means of or pertaining to cryptology.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Cryptologic ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"Of or pertaining to cryptology.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Cryptologic "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Cryptologic "}]}]},{"term":"cryptology","link":"https://csrc.nist.gov/glossary/term/cryptology","definitions":[{"text":"Originally the field encompassing both cryptography and cryptanalysis. Today, cryptology in the U.S. Government is the collection and/or exploitation of foreign communications and non- communications emitters, known as SIGINT; and solutions, products, and services, to ensure the availability, integrity, authentication, confidentiality, and non-repudiation of national security telecommunications and information systems, known as IA.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Cryptology ","refSources":[{"text":"Cryptologic Publication 1-0"}]}]},{"text":"The mathematical science that deals with cryptanalysis and cryptography.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The science that deals with hidden, disguised, or encrypted communications. It includes communications security and communications intelligence.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Cryptology "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Cryptology "}]}]},{"term":"cryptonet evaluation report","link":"https://csrc.nist.gov/glossary/term/cryptonet_evaluation_report","definitions":[{"text":"A free form message from the electronic key management system (EKMS) Tier 1 that includes the Controlling Authority’s ID and Name, Keying Material Information, Description/Cryptonet Name, Remarks, and Authorized User Information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Cryptoperiod","link":"https://csrc.nist.gov/glossary/term/cryptoperiod","definitions":[{"text":"The time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"Time span during which each key setting remains in effect.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]},{"text":"The time span during which a specific key is authorized for use or in which the keys for a given system may remain in effect.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"CS3STHLM","link":"https://csrc.nist.gov/glossary/term/cs3sthlm","abbrSyn":[{"text":"Stockholm International Summit on Cyber Security in SCADA and ICS","link":"https://csrc.nist.gov/glossary/term/stockholm_international_summit_on_cyber_security_scada_ics"}],"definitions":null},{"term":"CSA","link":"https://csrc.nist.gov/glossary/term/csa","abbrSyn":[{"text":"Canadian Standards Association","link":"https://csrc.nist.gov/glossary/term/canadian_standards_association"},{"text":"Certificate Status Authority","link":"https://csrc.nist.gov/glossary/term/certificate_status_authority"},{"text":"Cloud Security Alliance","link":"https://csrc.nist.gov/glossary/term/cloud_security_alliance"},{"text":"Core Specification Addendum","link":"https://csrc.nist.gov/glossary/term/core_specification_addendum"},{"text":"Cyber Survivability Attributes","link":"https://csrc.nist.gov/glossary/term/cyber_survivability_attributes"}],"definitions":[{"text":"A trusted entity that provides on-line verification to a relying party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate Status Authority "}]}]},{"term":"CSA5","link":"https://csrc.nist.gov/glossary/term/csa5","abbrSyn":[{"text":"Core Specification Addendum 5","link":"https://csrc.nist.gov/glossary/term/core_specification_addendum_5"}],"definitions":null},{"term":"CSAM","link":"https://csrc.nist.gov/glossary/term/csam","abbrSyn":[{"text":"Cyber Security Assessment and Management","link":"https://csrc.nist.gov/glossary/term/cyber_security_assessment_and_management"}],"definitions":null},{"term":"CSC","link":"https://csrc.nist.gov/glossary/term/csc","abbrSyn":[{"text":"cloud service customer","link":"https://csrc.nist.gov/glossary/term/cloud_service_customer"},{"text":"Critical Security Control","link":"https://csrc.nist.gov/glossary/term/critical_security_control"}],"definitions":null},{"term":"C-SCRM","link":"https://csrc.nist.gov/glossary/term/c_scrm","abbrSyn":[{"text":"Cyber Supply Chain Risk Management"},{"text":"Cybersecurity Supply Chain Risk Management","link":"https://csrc.nist.gov/glossary/term/cybersecurity_supply_chain_risk_management"}],"definitions":[{"text":"A systematic process for managing exposure to cybersecurity risks throughout the supply chain and developing appropriate response strategies, policies, processes, and procedures.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Cybersecurity Supply Chain Risk Management "}]}]},{"term":"C-SCRM control","link":"https://csrc.nist.gov/glossary/term/c_scrm_control","definitions":[{"text":"A safeguard or countermeasures prescribed for the purpose of reducing or eliminating the likelihood and/or impact/consequences of  cybersecurity risks throughout the supply chain.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"CSD","link":"https://csrc.nist.gov/glossary/term/csd","abbrSyn":[{"text":"Computer Security Division","link":"https://csrc.nist.gov/glossary/term/computer_security_division"},{"text":"ITL Computer Security Division","link":"https://csrc.nist.gov/glossary/term/itl_computer_security_division"}],"definitions":null},{"term":"CSE","link":"https://csrc.nist.gov/glossary/term/cse","abbrSyn":[{"text":"Communication Security Establishment","link":"https://csrc.nist.gov/glossary/term/communication_security_establishment"},{"text":"Communications Security Establishment","link":"https://csrc.nist.gov/glossary/term/communications_security_establishment"}],"definitions":null},{"term":"CSF","link":"https://csrc.nist.gov/glossary/term/csf","abbrSyn":[{"text":"Cyber Security Framework"},{"text":"Cybersecurity Framework"},{"text":"NIST Framework for Improving Critical Infrastructure Cybersecurity","link":"https://csrc.nist.gov/glossary/term/nist_framework_for_improving_critical_infrastructure_cybersecurity"}],"definitions":null},{"term":"CSF Category","link":"https://csrc.nist.gov/glossary/term/csf_category","definitions":[{"text":"A group of related cybersecurity outcomes that collectively comprise a CSF Function.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Community Profile","link":"https://csrc.nist.gov/glossary/term/csf_community_profile","definitions":[{"text":"A baseline of CSF outcomes that is created and published to address shared interests and goals among a number of organizations. A Community Profile is typically developed for a particular sector, subsector, technology, threat type, or other use case. An organization can use a Community Profile as the basis for its own Target Profile.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Core","link":"https://csrc.nist.gov/glossary/term/csf_core","definitions":[{"text":"A taxonomy of high-level cybersecurity outcomes that can help any organization manage its cybersecurity risks. Its components are a hierarchy of Functions, Categories, and Subcategories that detail each outcome.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Current Profile","link":"https://csrc.nist.gov/glossary/term/csf_current_profile","definitions":[{"text":"A part of an Organizational Profile that specifies the Core outcomes that an organization is currently achieving (or attempting to achieve) and characterizes how or to what extent each outcome is being achieved.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Function","link":"https://csrc.nist.gov/glossary/term/csf_function","definitions":[{"text":"The highest level of organization for cybersecurity outcomes. There are six CSF Functions: Govern, Identify, Protect, Detect, Respond, and Recover.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Implementation Example","link":"https://csrc.nist.gov/glossary/term/csf_implementation_example","definitions":[{"text":"A concise, action-oriented, notional illustration of a way to help achieve a CSF Core outcome.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Informative Reference","link":"https://csrc.nist.gov/glossary/term/csf_informative_reference","definitions":[{"text":"A mapping that indicates a relationship between a CSF Core outcome and an existing standard, guideline, regulation, or other content.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Organizational Profile","link":"https://csrc.nist.gov/glossary/term/csf_organizational_profile","definitions":[{"text":"A mechanism for describing an organization’s current and/or target cybersecurity posture in terms of the CSF Core’s outcomes.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Quick Start Guide","link":"https://csrc.nist.gov/glossary/term/csf_quick_start_guide","definitions":[{"text":"A supplementary resource that gives brief, actionable guidance on specific CSF-related topics.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Subcategory","link":"https://csrc.nist.gov/glossary/term/csf_subcategory","definitions":[{"text":"A group of more specific outcomes of technical and management cybersecurity activities that comprise a CSF Category.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Target Profile","link":"https://csrc.nist.gov/glossary/term/csf_target_profile","definitions":[{"text":"A part of an Organizational Profile that specifies the desired Core outcomes that an organization has selected and prioritized for achieving its cybersecurity risk management objectives.","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSF Tier","link":"https://csrc.nist.gov/glossary/term/csf_tier","definitions":[{"text":"A characterization of the rigor of an organization’s cybersecurity risk governance and management practices. There are four Tiers: Partial (Tier 1), Risk Informed (Tier 2), Repeatable (Tier 3), and Adaptive (Tier 4).","sources":[{"text":"NIST Cybersecurity Framework 2.0","link":"https://doi.org/10.6028/NIST.CSWP.29"}]}]},{"term":"CSFB","link":"https://csrc.nist.gov/glossary/term/csfb","abbrSyn":[{"text":"Circuit Switch Fallback","link":"https://csrc.nist.gov/glossary/term/circuit_switch_fallback"}],"definitions":null},{"term":"CSfC","link":"https://csrc.nist.gov/glossary/term/csfc","abbrSyn":[{"text":"Commercial Solutions for Classified"}],"definitions":null},{"term":"cSHAKE","link":"https://csrc.nist.gov/glossary/term/cshake","definitions":[{"text":"The customizable SHAKE function.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"CSI","link":"https://csrc.nist.gov/glossary/term/csi","abbrSyn":[{"text":"Container Storage Interface","link":"https://csrc.nist.gov/glossary/term/container_storage_interface"}],"definitions":null},{"term":"CSIA","link":"https://csrc.nist.gov/glossary/term/csia","abbrSyn":[{"text":"Cybersecurity and Information Assurance","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_information_assurance"}],"definitions":null},{"term":"CSIM","link":"https://csrc.nist.gov/glossary/term/csim","abbrSyn":[{"text":"CDMA Subscriber Identity Module"}],"definitions":null},{"term":"CSIP","link":"https://csrc.nist.gov/glossary/term/csip","abbrSyn":[{"text":"Cybersecurity Strategy and Implementation Plan","link":"https://csrc.nist.gov/glossary/term/cybersecurity_strategy_and_implementation_plan"}],"definitions":null},{"term":"CSIRC","link":"https://csrc.nist.gov/glossary/term/csirc","abbrSyn":[{"text":"Computer Security Incident Response Capability","link":"https://csrc.nist.gov/glossary/term/computer_security_incident_response_capability"}],"definitions":null},{"term":"CSIRT","link":"https://csrc.nist.gov/glossary/term/csirt","abbrSyn":[{"text":"Computer Security Incident Response Team"}],"definitions":null},{"term":"CSK","link":"https://csrc.nist.gov/glossary/term/csk","abbrSyn":[{"text":"Code Signing Key","link":"https://csrc.nist.gov/glossary/term/code_signing_key"}],"definitions":null},{"term":"CSM","link":"https://csrc.nist.gov/glossary/term/csm","abbrSyn":[{"text":"Configuration Settings Management","link":"https://csrc.nist.gov/glossary/term/configuration_settings_management"}],"definitions":[{"text":"See Capability, Configuration Settings Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Configuration Settings Management "}]}]},{"term":"CSMS","link":"https://csrc.nist.gov/glossary/term/csms","abbrSyn":[{"text":"Cybersecurity for Smart Manufacturing Systems","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_smart_manufacturing_systems"}],"definitions":null},{"term":"CSN","link":"https://csrc.nist.gov/glossary/term/csn","abbrSyn":[{"text":"Central Service Node"},{"text":"central services node","link":"https://csrc.nist.gov/glossary/term/central_services_node"},{"text":"Central Services Node"}],"definitions":[{"text":"The Key Management Infrastructure core node that provides central security management and data management services.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under central services node "}]}]},{"term":"CSO","link":"https://csrc.nist.gov/glossary/term/cso","abbrSyn":[{"text":"Chief Security Officer","link":"https://csrc.nist.gov/glossary/term/chief_security_officer"},{"text":"Computer Security Object"}],"definitions":null},{"term":"CSP","link":"https://csrc.nist.gov/glossary/term/csp","abbrSyn":[{"text":"Cloud Service Provider","link":"https://csrc.nist.gov/glossary/term/cloud_service_provider"},{"text":"Credential Service Provider"},{"text":"Credentials Service Provider"},{"text":"Critical Security Parameter"}],"definitions":[{"text":"A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. A CSP may be an independent third party or issue credentials for its own use.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential Service Provider "}]}]},{"term":"CSR","link":"https://csrc.nist.gov/glossary/term/csr","abbrSyn":[{"text":"Certificate Signing Request","link":"https://csrc.nist.gov/glossary/term/certificate_signing_request"}],"definitions":[{"text":"A request sent from a certificate requester to a certificate authority to apply for a digital identity certificate. The certificate signing request contains the public key as well as other information to be included in the certificate and is signed by the private key corresponding to the public key.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Signing Request "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Signing Request "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Signing Request "}]}]},{"term":"CSRC","link":"https://csrc.nist.gov/glossary/term/csrc","abbrSyn":[{"text":"Cloud Security Rubik’s Cube","link":"https://csrc.nist.gov/glossary/term/cloud_security_rubiks_cube"},{"text":"Computer Security Resource Center","link":"https://csrc.nist.gov/glossary/term/computer_security_resource_center"}],"definitions":null},{"term":"CSRDA","link":"https://csrc.nist.gov/glossary/term/csrda","abbrSyn":[{"text":"Cyber Security Research and Development Act of 2002","link":"https://csrc.nist.gov/glossary/term/cyber_security_research_and_development_act_of_2002"}],"definitions":null},{"term":"CSRF","link":"https://csrc.nist.gov/glossary/term/csrf","abbrSyn":[{"text":"Cross-site Request Forgery"}],"definitions":null},{"term":"CSRIC","link":"https://csrc.nist.gov/glossary/term/csric","abbrSyn":[{"text":"Communications Security, Reliability and Interoperability Council","link":"https://csrc.nist.gov/glossary/term/communications_security_reliability_and_interoperability_council"}],"definitions":null},{"term":"CSRK","link":"https://csrc.nist.gov/glossary/term/csrk","abbrSyn":[{"text":"Connection Signature Resolving Key","link":"https://csrc.nist.gov/glossary/term/connection_signature_resolving_key"}],"definitions":null},{"term":"CSRM","link":"https://csrc.nist.gov/glossary/term/csrm","abbrSyn":[{"text":"Cybersecurity Risk Management","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_management"}],"definitions":null},{"term":"CSRR","link":"https://csrc.nist.gov/glossary/term/csrr","abbrSyn":[{"text":"Cybersecurity Risk Register","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_register"}],"definitions":null},{"term":"CSS","link":"https://csrc.nist.gov/glossary/term/css","abbrSyn":[{"text":"Cascaded Style Sheet","link":"https://csrc.nist.gov/glossary/term/cascaded_style_sheet"},{"text":"Central Security Service","link":"https://csrc.nist.gov/glossary/term/central_security_service"},{"text":"Certificate Status Server"}],"definitions":null},{"term":"CSSPAB","link":"https://csrc.nist.gov/glossary/term/csspab","abbrSyn":[{"text":"Computer System Security and Privacy Advisory Board","link":"https://csrc.nist.gov/glossary/term/computer_system_security_and_privacy_advisory_board"}],"definitions":null},{"term":"CST","link":"https://csrc.nist.gov/glossary/term/cst","abbrSyn":[{"text":"Cryptographic and Security Testing","link":"https://csrc.nist.gov/glossary/term/cryptographic_and_security_testing"}],"definitions":null},{"term":"CSTL","link":"https://csrc.nist.gov/glossary/term/cstl","abbrSyn":[{"text":"Cryptographic and Security Testing Laboratory","link":"https://csrc.nist.gov/glossary/term/cryptographic_and_security_testing_laboratory"}],"definitions":null},{"term":"CSV","link":"https://csrc.nist.gov/glossary/term/csv","abbrSyn":[{"text":"Comma-Separated Value","link":"https://csrc.nist.gov/glossary/term/comma_separated_value"},{"text":"Comma-Separated Values"}],"definitions":null},{"term":"CT","link":"https://csrc.nist.gov/glossary/term/ct","abbrSyn":[{"text":"Certificate Transparency","link":"https://csrc.nist.gov/glossary/term/certificate_transparency"},{"text":"Computed Tomography","link":"https://csrc.nist.gov/glossary/term/computed_tomography"}],"definitions":[{"text":"A framework for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed in a manner that allows anyone to audit CA activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. (Experimental RFC 6962)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Transparency ","refSources":[{"text":"RFC 6962","link":"https://doi.org/10.17487/RFC6962"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate Transparency ","refSources":[{"text":"RFC 6962","link":"https://doi.org/10.17487/RFC6962"}]}]}]},{"term":"CT&E","link":"https://csrc.nist.gov/glossary/term/ctande","abbrSyn":[{"text":"certification test and evaluation","link":"https://csrc.nist.gov/glossary/term/certification_test_and_evaluation"},{"text":"Certification Test and Evaluation"}],"definitions":[{"text":"Software, hardware, and firmware security tests conducted during development of an information system component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under certification test and evaluation "}]}]},{"term":"CT1","link":"https://csrc.nist.gov/glossary/term/ct1","abbrSyn":[{"text":"Common Tier 1","link":"https://csrc.nist.gov/glossary/term/common_tier_1"}],"definitions":null},{"term":"CTA","link":"https://csrc.nist.gov/glossary/term/cta","abbrSyn":[{"text":"Consumer Technology Association","link":"https://csrc.nist.gov/glossary/term/consumer_technology_association"}],"definitions":null},{"term":"CTAK","link":"https://csrc.nist.gov/glossary/term/ctak","abbrSyn":[{"text":"Cipher Text Auto-Key"}],"definitions":null},{"term":"CTAP","link":"https://csrc.nist.gov/glossary/term/ctap","abbrSyn":[{"text":"Client-to-Authenticator Protocol","link":"https://csrc.nist.gov/glossary/term/client_to_authenticator_protocol"}],"definitions":null},{"term":"CTC","link":"https://csrc.nist.gov/glossary/term/ctc","abbrSyn":[{"text":"Cardholder to Card","link":"https://csrc.nist.gov/glossary/term/cardholder_to_card"}],"definitions":null},{"term":"CTD","link":"https://csrc.nist.gov/glossary/term/ctd","abbrSyn":[{"text":"Continuous Threat Detection","link":"https://csrc.nist.gov/glossary/term/continuous_threat_detection"}],"definitions":null},{"term":"CTE","link":"https://csrc.nist.gov/glossary/term/cte","abbrSyn":[{"text":"Cardholder to External System","link":"https://csrc.nist.gov/glossary/term/cardholder_to_external_system"},{"text":"Career and Technical Education","link":"https://csrc.nist.gov/glossary/term/career_and_technical_education"}],"definitions":null},{"term":"CTG","link":"https://csrc.nist.gov/glossary/term/ctg","abbrSyn":[{"text":"Cryptographic Technology Group","link":"https://csrc.nist.gov/glossary/term/cryptographic_technology_group"}],"definitions":null},{"term":"CTI","link":"https://csrc.nist.gov/glossary/term/cti","abbrSyn":[{"text":"Cyber Threat Intelligence","link":"https://csrc.nist.gov/glossary/term/cyber_threat_intelligence"}],"definitions":null},{"term":"CTIA","link":"https://csrc.nist.gov/glossary/term/ctia","abbrSyn":[{"text":"Cellular Telecommunications and Internet Association","link":"https://csrc.nist.gov/glossary/term/cellular_telecommunications_and_internet_association"}],"definitions":null},{"term":"CTM","link":"https://csrc.nist.gov/glossary/term/ctm","abbrSyn":[{"text":"Conformance Testing Methodology","link":"https://csrc.nist.gov/glossary/term/conformance_testing_methodology"}],"definitions":null},{"term":"CTO","link":"https://csrc.nist.gov/glossary/term/cto","abbrSyn":[{"text":"Chief Technology Officer","link":"https://csrc.nist.gov/glossary/term/chief_technology_officer"}],"definitions":null},{"term":"CTR","link":"https://csrc.nist.gov/glossary/term/ctr","abbrSyn":[{"text":"Counter","link":"https://csrc.nist.gov/glossary/term/counter"},{"text":"Counter Mode","link":"https://csrc.nist.gov/glossary/term/counter_mode"},{"text":"Counter mode for a block cipher algorithm","link":"https://csrc.nist.gov/glossary/term/counter_mode_for_a_block_cipher_algorithm"}],"definitions":null},{"term":"CTR_DRBG","link":"https://csrc.nist.gov/glossary/term/ctr_drbg","definitions":[{"text":"A DRBG specified in SP 800-90A based on a block cipher algorithm.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"CTS","link":"https://csrc.nist.gov/glossary/term/cts","abbrSyn":[{"text":"Computerized Telephone System"}],"definitions":null},{"term":"CTSO","link":"https://csrc.nist.gov/glossary/term/ctso","abbrSyn":[{"text":"Career and Technical Student Organization","link":"https://csrc.nist.gov/glossary/term/career_and_technical_student_organization"}],"definitions":null},{"term":"CTTA","link":"https://csrc.nist.gov/glossary/term/ctta","abbrSyn":[{"text":"certified TEMPEST technical authority","link":"https://csrc.nist.gov/glossary/term/certified_tempest_technical_authority"},{"text":"Certified TEMPEST Technical Authority"}],"definitions":[{"text":"An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with CNSS approved criteria and has been appointed by a U.S. Government Department or Agency to fulfill CTTA responsibilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under certified TEMPEST technical authority ","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"CU","link":"https://csrc.nist.gov/glossary/term/cu","abbrSyn":[{"text":"Certificate Usage Type","link":"https://csrc.nist.gov/glossary/term/certificate_usage_type"}],"definitions":null},{"term":"CUAS","link":"https://csrc.nist.gov/glossary/term/cuas","abbrSyn":[{"text":"Common User Application Software"}],"definitions":null},{"term":"CUI","link":"https://csrc.nist.gov/glossary/term/cui","abbrSyn":[{"text":"Controlled Unclassified Information"},{"text":"Controlled, Unclassified information"}],"definitions":[{"text":"A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Controlled Unclassified Information ","refSources":[{"text":"E.O. 13556","link":"https://www.govinfo.gov/app/details/CFR-2011-title3-vol1/CFR-2011-title3-vol1-eo13556"}]}]},{"text":"Information that law, regulation, or government-wide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Controlled Unclassified Information ","refSources":[{"text":"NIST SP 800-171","link":"https://doi.org/10.6028/NIST.SP.800-171"}]}]},{"text":"A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces Sensitive But Unclassified (SBU).","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Controlled Unclassified Information "}]}]},{"term":"CUI categories","link":"https://csrc.nist.gov/glossary/term/cui_categories","definitions":[{"text":"Those types of information for which laws, regulations, or government-wide policies require or permit agencies to exercise safeguarding or dissemination controls, and which the CUI Executive Agent has approved and listed in the CUI Registry.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]},{"text":"Those types of information for which laws, regulations, or governmentwide policies require or permit agencies to exercise safeguarding or dissemination controls, and which the CUI Executive Agent has approved and listed in the CUI Registry.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]}]},{"term":"CUI Executive Agent","link":"https://csrc.nist.gov/glossary/term/cui_executive_agent","definitions":[{"text":"The National Archives and Records Administration (NARA), which implements the executive branch-wide CUI Program and oversees federal agency actions to comply with Executive Order 13556. NARA has delegated this authority to the Director of the Information Security Oversight Office (ISOO).","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"Title 32 CFR, Part 2002","link":"https://www.govinfo.gov/content/pkg/CFR-2018-title32-vol6/pdf/CFR-2018-title32-vol6-part2002.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]}]},{"term":"CUI program","link":"https://csrc.nist.gov/glossary/term/cui_program","definitions":[{"text":"The executive branch-wide program to standardize CUI handling by all federal agencies. The program includes the rules, organization, and procedures for CUI, established by Executive Order 13556, 32 CFR Part 2002, and the CUI Registry.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"Title 32 CFR, Part 2002","link":"https://www.govinfo.gov/content/pkg/CFR-2018-title32-vol6/pdf/CFR-2018-title32-vol6-part2002.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]}]},{"term":"CUI registry","link":"https://csrc.nist.gov/glossary/term/cui_registry","definitions":[{"text":"The online repository for all information, guidance, policy, and requirements on handling CUI, including everything issued by the CUI Executive Agent other than 32 CFR Part 2002. Among other information, the CUI Registry identifies all approved CUI categories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]},{"text":"The online repository for all information, guidance, policy, and requirements on handling CUI, including everything issued by the CUI EA other than this part. Among other information, the CUI Registry identifies all approved CUI categories and subcategories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]},{"text":"The online repository for all information, guidance, policy, and requirements on handling CUI, including everything issued by the CUI Executive Agent other than 32 CFR Part 2002. Among other information, the CUI Registry identifies all approved CUI categories and subcategories, provides general descriptions for each, identifies the basis for controls, establishes markings, and includes guidance on handling procedures.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"Title 32 CFR, Part 2002","link":"https://www.govinfo.gov/content/pkg/CFR-2018-title32-vol6/pdf/CFR-2018-title32-vol6-part2002.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]}]},{"term":"Cumulative Sums Forward Test","link":"https://csrc.nist.gov/glossary/term/cumulative_sums_forward_test","definitions":[{"text":"The purpose of the cumulative sums test is to determine whether the sum of the partial sequences occurring in the tested sequence is too large or too small.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Current Profile","link":"https://csrc.nist.gov/glossary/term/current_profile","definitions":[{"text":"the ‘as is’ state of system cybersecurity","sources":[{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"The ‘as is’ state of system cybersecurity.","sources":[{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"},{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Current Year","link":"https://csrc.nist.gov/glossary/term/current_year","abbrSyn":[{"text":"CY","link":"https://csrc.nist.gov/glossary/term/cy"}],"definitions":null},{"term":"Custodian","link":"https://csrc.nist.gov/glossary/term/custodian","definitions":[{"text":"A third-party entity that holds and safeguards a user’s private keys or digital assets on their behalf. Depending on the system, a custodian may act as an exchange and provide additional services, such as staking, lending, account recovery, or security features.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Custom Environment","link":"https://csrc.nist.gov/glossary/term/custom_environment","definitions":[{"text":"An environment containing systems in which the functionality and degree of security do not fit the other types of environments.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Specialized operational environment.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Custom Resource Definition","link":"https://csrc.nist.gov/glossary/term/custom_resource_definition","abbrSyn":[{"text":"CRD","link":"https://csrc.nist.gov/glossary/term/crd"}],"definitions":null},{"term":"customer","link":"https://csrc.nist.gov/glossary/term/customer","definitions":[{"text":"Organization or person that receives a product.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]},{"text":"The term customer applies to a person or organization who subscribes to a service offered by a telecommunications provider and is accountable for its use. A customer is permitted to use an NE to make calls and configure local line parameters (e.g., configure the numbers that should receive forwarded calls).\nIn some circumstances a customer can also play the role of administrator, for example, when the customer has access to operations information that would permit him to reconfigure his circuits. Some service providers offer this service, as well as other OAM&P features, to customers for a fee.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under Customer "}]},{"text":"The organization or person that receives a product or service.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under Customer ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Customer ","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]},{"text":"Organization or person that receives a product or service.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]}]}]},{"term":"Customer and Others in the IoT Product Ecosystem","link":"https://csrc.nist.gov/glossary/term/customer_others_in_iot_product_ecosystem","definitions":[{"text":"The person receiving a product or service and third-parties (e.g., other IoT product developers, independent researchers, media and consumer organizations) who have an interest in the IoT product, its components, data, use, assumptions, risks, vulnerabilities, assessments, and/or mitigations.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"Customer-Specifiable","link":"https://csrc.nist.gov/glossary/term/customer_specifiable","definitions":[{"text":"The features of the MSR-compliant system that are set with a default value by the manufacturer, but can be reset after delivery by the customer to reflect the customer's security policy.  These features are usually reset at the time of installation by an administrator or other customer authorized person and cannot be changed without the appropriate privilege at other times. ","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]}]},{"term":"Customization","link":"https://csrc.nist.gov/glossary/term/customization","definitions":[{"text":"The ability to control the appearance of the SSL VPN Web pages that the users see when they first access the VPN.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"Customs and Border Patrol","link":"https://csrc.nist.gov/glossary/term/customs_and_border_patrol","abbrSyn":[{"text":"CBP","link":"https://csrc.nist.gov/glossary/term/cbp"}],"definitions":null},{"term":"Cut","link":"https://csrc.nist.gov/glossary/term/cut","definitions":[{"text":"The use of a tool or physical technique to causeabreak in thesurface of the electronic storage media, potentiallybreaking themedia into two or more pieces and making it difficult or infeasible torecover the data using state of the art laboratory techniques.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"CVC","link":"https://csrc.nist.gov/glossary/term/cvc","abbrSyn":[{"text":"Card Verifiable Certificate","link":"https://csrc.nist.gov/glossary/term/card_verifiable_certificate"}],"definitions":[{"text":"A certificate stored on the PIV Card that includes a public key, the signature of a certification authority, and further information needed to verify the certificate.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Card Verifiable Certificate "}]}]},{"term":"CVE","link":"https://csrc.nist.gov/glossary/term/cve","abbrSyn":[{"text":"Common Vulnerabilities and Exposures"},{"text":"Common Vulnerability and Exposures"},{"text":"Common Vulnerability Enumeration","link":"https://csrc.nist.gov/glossary/term/common_vulnerability_enumeration"}],"definitions":[{"text":"A dictionary of common names for publicly known information system vulnerabilities.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Common Vulnerabilities and Exposures ","refSources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"}]}]}]},{"term":"CVE equivalent","link":"https://csrc.nist.gov/glossary/term/cve_equivalent","definitions":[{"text":"A vulnerability—known by someone—that has been found in specific software—irrespective of whether that vulnerability is publicly known. CVEs are a subset of CVE equivalents.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"CVE ID","link":"https://csrc.nist.gov/glossary/term/cve_id","abbrSyn":[{"text":"Common Vulnerabilities and Exposures identifiers","link":"https://csrc.nist.gov/glossary/term/common_vulnerabilities_and_exposures_identifiers"}],"definitions":[{"text":"An identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the CVE specification.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"CVE Naming Authority","link":"https://csrc.nist.gov/glossary/term/cve_naming_authority","abbrSyn":[{"text":"CNA","link":"https://csrc.nist.gov/glossary/term/cna"}],"definitions":null},{"term":"CVE Numbering Authority","link":"https://csrc.nist.gov/glossary/term/cve_numbering_authority","abbrSyn":[{"text":"CNA","link":"https://csrc.nist.gov/glossary/term/cna"}],"definitions":null},{"term":"CVE Record Metadata","link":"https://csrc.nist.gov/glossary/term/cve_record_metadata","definitions":[{"text":"Information attached to the CVE by the NVD Analyst and/or CNA. Comprised of CVSS v3.1, CVSS v2, CWE, Reference Link Tags, and Configurations.","sources":[{"text":"NISTIR 8246","link":"https://doi.org/10.6028/NIST.IR.8246"}]}]},{"term":"CVP","link":"https://csrc.nist.gov/glossary/term/cvp","abbrSyn":[{"text":"Cryptographic Validation Program","link":"https://csrc.nist.gov/glossary/term/cryptographic_validation_program"}],"definitions":null},{"term":"CVSS","link":"https://csrc.nist.gov/glossary/term/cvss","abbrSyn":[{"text":"Common Vulnerability Scoring System"}],"definitions":null},{"term":"CVSS Special Interest Group","link":"https://csrc.nist.gov/glossary/term/cvss_special_interest_group","abbrSyn":[{"text":"CVSS-SIG","link":"https://csrc.nist.gov/glossary/term/cvss_sig"}],"definitions":null},{"term":"CVSS-SIG","link":"https://csrc.nist.gov/glossary/term/cvss_sig","abbrSyn":[{"text":"CVSS Special Interest Group","link":"https://csrc.nist.gov/glossary/term/cvss_special_interest_group"}],"definitions":null},{"term":"CWE","link":"https://csrc.nist.gov/glossary/term/cwe","abbrSyn":[{"text":"Common Weakness Enumeration"}],"definitions":null},{"term":"CWI","link":"https://csrc.nist.gov/glossary/term/cwi","abbrSyn":[{"text":"Centrum Wiskunde & Informatica","link":"https://csrc.nist.gov/glossary/term/centrum_wiskunde_and_informatica"}],"definitions":null},{"term":"CWSS","link":"https://csrc.nist.gov/glossary/term/cwss","abbrSyn":[{"text":"Common Weakness Scoring System","link":"https://csrc.nist.gov/glossary/term/common_weakness_scoring_system"}],"definitions":null},{"term":"CY","link":"https://csrc.nist.gov/glossary/term/cy","abbrSyn":[{"text":"Current Year","link":"https://csrc.nist.gov/glossary/term/current_year"}],"definitions":null},{"term":"Cyan, Magenta, Yellow, and Key (or blacK)","link":"https://csrc.nist.gov/glossary/term/cyan_magenta_yellow_and_key_or_black","abbrSyn":[{"text":"CMYK","link":"https://csrc.nist.gov/glossary/term/cmyk"}],"definitions":null},{"term":"Cyber","link":"https://csrc.nist.gov/glossary/term/cyber","definitions":[{"text":"refers to both information and communications networks.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2"}]}]},{"term":"Cyber Attack","link":"https://csrc.nist.gov/glossary/term/cyber_attack","abbrSyn":[{"text":"attack","link":"https://csrc.nist.gov/glossary/term/attack"},{"text":"computer network attack (CNA)","link":"https://csrc.nist.gov/glossary/term/computer_network_attack"}],"definitions":[{"text":"An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under attack "}]},{"text":"Actions taken in cyberspace that create noticeable denial effects (i.e., degradation, disruption, or destruction) in cyberspace or manipulation that leads to denial that appears in a physical domain, and is considered a form of fires."},{"text":"Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under attack "},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under attack "},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under attack ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under attack ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. \nNote: Within DoD, Joint Publication 3-13, \"Information Operations, \" 27 November 2012 approved the removal the terms and definitions of computer network attack (CNA), computer network defense (CND), computer network exploitation, and computer network operations (CNO) from JP -1-02, \"Department of Defense Dictionary of Military Terms and Associated Terms.\" This term and definition is no longer published in JP 1-02. This publication is the primary terminology source when preparing correspondence, to include policy, strategy, doctrine, and planning documents. The terms are no longer used in issuances being updated within DoD. JP 1-02, following publication of JP 3-12, \"Cyberspace Operations\" provides new terms and definitions such as cyberspace, cyberspace operations, cyberspace superiority, defensive cyberspace operation response action, defensive cyberspace operations, Department of Defense information network operations, and offensive cyberspace operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under computer network attack (CNA) "}]}]},{"term":"Cyber Cincinnati-Dayton Cyber Corridor","link":"https://csrc.nist.gov/glossary/term/cyber_cincinnati_dayton_cyber_corridor","abbrSyn":[{"text":"Cin-Day","link":"https://csrc.nist.gov/glossary/term/cin_day"}],"definitions":null},{"term":"Cyber Courses of Action","link":"https://csrc.nist.gov/glossary/term/cyber_courses_of_action","abbrSyn":[{"text":"CCoA","link":"https://csrc.nist.gov/glossary/term/ccoa"}],"definitions":null},{"term":"cyber ecosystem","link":"https://csrc.nist.gov/glossary/term/cyber_ecosystem","definitions":[{"text":"The aggregation and interactions of a variety of diverse participants (such as private firms, non‐profits, governments, individuals, and processes) and cyber devices (computers, software, and communications technologies).","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"DHS Cyber Eco","link":"https://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf","note":" - adapted"}]}]}]},{"term":"cyber incident","link":"https://csrc.nist.gov/glossary/term/cyber_incident","abbrSyn":[{"text":"event","link":"https://csrc.nist.gov/glossary/term/event"},{"text":"incident","link":"https://csrc.nist.gov/glossary/term/incident"},{"text":"security-relevant event","link":"https://csrc.nist.gov/glossary/term/security_relevant_event"}],"definitions":[{"text":"An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. See cyber incident. See also event, security-relevant, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Any observable occurrence in a network or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under event ","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein. See incident. See also event, security-relevant event, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Any observable occurrence in a network or information system.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under event ","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","note":" - adapted"}]}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under incident ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"Any observable occurrence in a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under event ","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","note":" - Adapted"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of a system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Occurrence or change of a particular set of circumstances.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under event ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under event ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"Anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of a project, product, service, or system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}],"seeAlso":[{"text":"event","link":"event"},{"text":"incident","link":"incident"},{"text":"intrusion","link":"intrusion"},{"text":"security-relevant event","link":"security_relevant_event"}]},{"term":"Cyber Incident Data and Analysis Repository","link":"https://csrc.nist.gov/glossary/term/cyber_incident_data_and_analysis_repository","abbrSyn":[{"text":"CIDAR","link":"https://csrc.nist.gov/glossary/term/cidar"}],"definitions":null},{"term":"Cyber Incident Response Team","link":"https://csrc.nist.gov/glossary/term/cyber_incident_response_team","abbrSyn":[{"text":"CIRC","link":"https://csrc.nist.gov/glossary/term/circ"},{"text":"CIRT","link":"https://csrc.nist.gov/glossary/term/cirt"}],"definitions":[{"text":"Group of individuals usually consisting of security analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from CS incidents."}]},{"term":"Cyber Mission Impact Analysis","link":"https://csrc.nist.gov/glossary/term/cyber_mission_impact_analysis","abbrSyn":[{"text":"CMIA","link":"https://csrc.nist.gov/glossary/term/cmia"}],"definitions":null},{"term":"Cyber Observable eXpression","link":"https://csrc.nist.gov/glossary/term/cyber_observable_expression","abbrSyn":[{"text":"CybOX","link":"https://csrc.nist.gov/glossary/term/cybox"}],"definitions":null},{"term":"Cyber Resilience Review","link":"https://csrc.nist.gov/glossary/term/cyber_resilience_review","abbrSyn":[{"text":"CRR","link":"https://csrc.nist.gov/glossary/term/crr"}],"definitions":null},{"term":"cyber resiliency","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency","definitions":[{"text":"The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"text":"The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2"}]}]}]},{"term":"Cyber Resiliency and Survivability","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_and_survivability","abbrSyn":[{"text":"CRS","link":"https://csrc.nist.gov/glossary/term/crs"}],"definitions":null},{"term":"cyber resiliency concept","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_concept","definitions":[{"text":"A concept related to the problem domain and/or solution set for cyber resiliency. Cyber resiliency concepts are represented in cyber resiliency risk models as well as by cyber resiliency constructs.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"A concept related to the problem domain and/or solution set for cyber resiliency. Cyber resiliency concepts are represented I ncyber resiliency risk models as well as by cyber resiliency constructs.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"cyber resiliency construct","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_construct","definitions":[{"text":"Element of the cyber resiliency engineering framework (i.e., a goal, objective, technique, implementation approach, or design principle). Additional constructs (e.g., sub-objectives or methods, capabilities or activities) may be used in some modeling and analytic practices.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"cyber resiliency control","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_control","definitions":[{"text":"A control (i.e., a base control or a control enhancement), as defined in [NIST SP 800-53], that applies one or more cyber resiliency techniques or approaches or that is intended to achieve one or more cyber resiliency objectives.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"A security or privacy control as defined in [NIST SP 800-53] which requires the use of one or more cyber resiliency techniques or implementation approaches, or which is intended to achieve one or more cyber resiliency objectives.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"cyber resiliency design principle","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_design_principle","definitions":[{"text":"A guideline for how to select and apply cyber resiliency analysis methods, techniques, approaches, and solutions when making architectural or design decisions.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"A guideline for how to select and apply cyber resiliency techniques, approaches, and solutions when making architectural or design decisions.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"cyber resiliency engineering practice","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_engineering_practice","definitions":[{"text":"A method, process, modeling technique, or analytical technique used to identify and analyze cyber resiliency solutions.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"A method, process, modeling technique, or analytic technique used to identify and analyze cyber resiliency solutions.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"Cyber Resilient Energy Delivery Consortium","link":"https://csrc.nist.gov/glossary/term/cyber_resilient_energy_delivery_consortium","abbrSyn":[{"text":"CREDC","link":"https://csrc.nist.gov/glossary/term/credc"}],"definitions":null},{"term":"cyber risk","link":"https://csrc.nist.gov/glossary/term/cyber_risk","definitions":[{"text":"The risk of depending on cyber resources (i.e., the risk of depending on a system or system elements that exist in or intermittently have a presence in cyberspace).","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"The risk of depending on cyber resources, i.e., the risk of depending on a system or system elements which exist in or intermittently have a presence in cyberspace.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]},{"text":"Risk of financial loss, operational disruption, or damage, from the failure of the digital technologies employed for informational and/or operational functions introduced to a manufacturing system via electronic means from the unauthorized access, use, disclosure, disruption, modification, or destruction of the manufacturing system.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Cyber Risk "},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Cyber Risk "},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Cyber Risk "},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Cyber Risk "},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Cyber Risk "}]}]},{"term":"Cyber Security","link":"https://csrc.nist.gov/glossary/term/cyber_security","definitions":[{"text":"The ability to protect or defend the use of cyberspace from cyber attacks.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Cyber Security Assessment and Management","link":"https://csrc.nist.gov/glossary/term/cyber_security_assessment_and_management","abbrSyn":[{"text":"CSAM","link":"https://csrc.nist.gov/glossary/term/csam"}],"definitions":null},{"term":"Cyber Security Evaluation Tool","link":"https://csrc.nist.gov/glossary/term/cyber_security_evaluation_tool","abbrSyn":[{"text":"CSET","link":"https://csrc.nist.gov/glossary/term/cset"}],"definitions":null},{"term":"Cyber Security Research and Development Act of 2002","link":"https://csrc.nist.gov/glossary/term/cyber_security_research_and_development_act_of_2002","abbrSyn":[{"text":"CSRDA","link":"https://csrc.nist.gov/glossary/term/csrda"}],"definitions":null},{"term":"cyber survivability","link":"https://csrc.nist.gov/glossary/term/cyber_survivability","definitions":[{"text":"The ability of warfighter systems to prevent, mitigate, recover from and adapt to adverse cyber-events that could impact mission-related functions by applying a risk-managed approach to achieve and maintain an operationally relevant risk posture throughout its life cycle.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"Cyber Survivability for DoD Weapon Systems","link":"https://www.ndia.org/-/media/sites/ndia/divisions/systems-engineering/se---june-2021-meeting/cse-support-to-future-and-legacy-dod-systems-10-jun-2021-for-ndia.ashx"}]}]}]},{"term":"Cyber Survivability Attributes","link":"https://csrc.nist.gov/glossary/term/cyber_survivability_attributes","abbrSyn":[{"text":"CSA","link":"https://csrc.nist.gov/glossary/term/csa"}],"definitions":null},{"term":"Cyber Testing for Resilient Industrial Control Systems","link":"https://csrc.nist.gov/glossary/term/cyber_testing_for_resilient_ics","abbrSyn":[{"text":"CyTRICS","link":"https://csrc.nist.gov/glossary/term/cytrics"}],"definitions":null},{"term":"Cyber Threat","link":"https://csrc.nist.gov/glossary/term/cyber_threat","abbrSyn":[{"text":"threat","link":"https://csrc.nist.gov/glossary/term/threat"},{"text":"Threat"}],"definitions":[{"text":"Any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.","sources":[{"text":"NIST SP 1800-30B","link":"https://doi.org/10.6028/NIST.SP.1800-30","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","note":" - adapted"}]}]},{"text":"Potential cause of unacceptable asset loss and the undesirable consequences or impact of such a loss.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, or denial of service.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service; the potential for a threat source to successfully exploit a particular information system vulnerability.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact agency operations (including safety, mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under threat ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations.","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Threat ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-27","link":"https://doi.org/10.6028/NIST.SP.800-27"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"},{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"NIST SP 800-53A","link":"https://doi.org/10.6028/NIST.SP.800-53A"},{"text":"NIST SP 800-60"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Threat ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"an activity, deliberate or unintentional, with the potential for causing harm to anautomated information system or activity.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Threat "}]},{"text":"A possible danger to a computer system, which may result in the interception, alteration, obstruction, or destruction of computational resources, or other disruption to the system.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Threat "}]},{"text":"The potential for a “threat source” (defined below) to exploit (intentional) or trigger (accidental) a specific vulnerability.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under threat "}]},{"text":"The potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Threat "}]},{"text":"Any circumstance or event with the potential to adversely impact agency operations (including mission function, image, or reputation), agency assets or individuals through an information system via unauthorized access, destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Threat "}]},{"text":"The potential source of an adverse event.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Threat "}]},{"text":"Any circumstance or event with the potential to adversely impact operations (including mission function, image, or reputation), agency assets or individuals through an information system via unauthorized access, destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Threat "}]},{"text":"An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Threat "}]},{"text":"Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat source to successfully exploit a particular information system vulnerability.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Threat ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"potential cause of an unwanted incident, which may result in harm to a system or organization","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under threat ","refSources":[{"text":"ISO/IEC 27000:2014"}]}]},{"text":"Any circumstance or event with the potential to cause the security of the system to be compromised.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Threat "}]},{"text":"the likelihood or frequency of a harmful event occurring","sources":[{"text":"NISTIR 7435","link":"https://doi.org/10.6028/NIST.IR.7435","underTerm":" under Threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (a negative risk).","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, or denial of service.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"Any circumstance or event with the potential to harm an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Threats arise from human actions and natural events.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under threat "}]},{"text":"An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss. \nNote: The specific causes of asset loss, and for which the consequences of asset loss are assessed, can arise from a variety of conditions and events related to adversity, typically referred to as disruptions, hazards, or threats. Regardless of the specific term used, the basis of asset loss constitutes all forms of intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness, defect, fault, and/or failure events and associated conditions.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat "}]},{"text":"An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss.\nNote: The specific causes of asset loss, and for which the consequences of asset loss are assessed, can arise from a variety of conditions and events related to adversity, typically referred to as disruptions, hazards, or threats. Regardless of the specific term used, the basis of asset loss constitutes all forms of intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness, defect, fault, and/or failure events and associated conditions.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat "}]}]},{"term":"Cyber Threat Intelligence","link":"https://csrc.nist.gov/glossary/term/cyber_threat_intelligence","abbrSyn":[{"text":"CTI","link":"https://csrc.nist.gov/glossary/term/cti"}],"definitions":null},{"term":"Cyber-Informed Engineering","link":"https://csrc.nist.gov/glossary/term/cyber_informed_engineering","abbrSyn":[{"text":"CIE","link":"https://csrc.nist.gov/glossary/term/cie"}],"definitions":null},{"term":"Cybersecurity and Information Assurance","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_information_assurance","abbrSyn":[{"text":"CSIA","link":"https://csrc.nist.gov/glossary/term/csia"}],"definitions":null},{"term":"Cybersecurity and Infrastructure Security Agency","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_infrastructure_security_agency","abbrSyn":[{"text":"CISA","link":"https://csrc.nist.gov/glossary/term/cisa"}],"definitions":null},{"term":"Cybersecurity and Privacy Reference Tool","link":"https://csrc.nist.gov/glossary/term/cybersecurity_and_privacy_reference_tool","abbrSyn":[{"text":"CPRT","link":"https://csrc.nist.gov/glossary/term/cprt"}],"definitions":null},{"term":"Cybersecurity Defense Community","link":"https://csrc.nist.gov/glossary/term/cybersecurity_defense_community","abbrSyn":[{"text":"CDC","link":"https://csrc.nist.gov/glossary/term/cdc"}],"definitions":null},{"term":"Cybersecurity Enhancement Act of 2014","link":"https://csrc.nist.gov/glossary/term/cybersecurity_enhancement_act_2014","abbrSyn":[{"text":"CEA","link":"https://csrc.nist.gov/glossary/term/cea"}],"definitions":null},{"term":"cybersecurity event","link":"https://csrc.nist.gov/glossary/term/cybersecurity_event","definitions":[{"text":"A cybersecurity change that may have an impact on organizational operations (including mission, capabilities, or reputation).","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Cybersecurity Event "},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}],"seeAlso":[{"text":"event","link":"event"}]},{"term":"Cybersecurity for Energy Delivery Systems","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_energy_delivery_systems","abbrSyn":[{"text":"CEDS","link":"https://csrc.nist.gov/glossary/term/ceds"}],"definitions":null},{"term":"Cybersecurity for Smart Manufacturing Systems","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_smart_manufacturing_systems","abbrSyn":[{"text":"CSMS","link":"https://csrc.nist.gov/glossary/term/csms"}],"definitions":null},{"term":"Cybersecurity for the Operational Technology Environment","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_the_operational_technology_environment","abbrSyn":[{"text":"CyOTE","link":"https://csrc.nist.gov/glossary/term/cyote"}],"definitions":null},{"term":"cybersecurity framework category","link":"https://csrc.nist.gov/glossary/term/cybersecurity_framework_category","definitions":[{"text":"The subdivision of a Function into groups of cybersecurity outcomes, closely tied to programmatic needs and particular activities.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"cybersecurity framework core","link":"https://csrc.nist.gov/glossary/term/cybersecurity_framework_core","definitions":[{"text":"A set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The Framework Core comprises four types of elements: Functions, Categories, Subcategories, and Informative References.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"cybersecurity framework function","link":"https://csrc.nist.gov/glossary/term/cybersecurity_framework_function","definitions":[{"text":"One of the main components of the Framework. Functions provide the highest level of structure for organizing basic cybersecurity activities into Categories and Subcategories. The five functions are Identify, Protect, Detect, Respond, and Recover.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"cybersecurity framework profile","link":"https://csrc.nist.gov/glossary/term/cybersecurity_framework_profile","definitions":[{"text":"A representation of the outcomes that a particular system or organization has selected from the Framework Categories and Subcategories.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"cybersecurity framework subcategory","link":"https://csrc.nist.gov/glossary/term/cybersecurity_framework_subcategory","definitions":[{"text":"The subdivision of a Category into specific outcomes of technical and/or management activities.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"Cybersecurity Incident","link":"https://csrc.nist.gov/glossary/term/cybersecurity_incident","definitions":[{"text":"A cybersecurity event that has been determined to have an impact on the organization prompting the need for response and recovery.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"An occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"OMB M-17-12","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-12.pdf"}]}]}]},{"term":"Cybersecurity National Action Plan","link":"https://csrc.nist.gov/glossary/term/cybersecurity_national_action_plan","abbrSyn":[{"text":"CNAP","link":"https://csrc.nist.gov/glossary/term/cnap"}],"definitions":null},{"term":"Cybersecurity Risk","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk","definitions":[{"text":"An effect of uncertainty on or within information and technology. Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts to organizational operations (i.e., mission, functions, image, or reputation) and assets, individuals, other organizations, and the Nation. (Definition based on ISO Guide 73 [6] and NIST SP 800-60 Vol. 1 Rev. 1 [7])","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html","note":" - Adapted"},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","note":" - Adapted"}]}]}]},{"term":"Cybersecurity Risk Information Sharing Program","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_information_sharing_program","abbrSyn":[{"text":"CRISP","link":"https://csrc.nist.gov/glossary/term/crisp"}],"definitions":null},{"term":"Cybersecurity Risk Management","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_management","abbrSyn":[{"text":"CSRM","link":"https://csrc.nist.gov/glossary/term/csrm"}],"definitions":null},{"term":"Cybersecurity Risk Register","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risk_register","abbrSyn":[{"text":"CSRR","link":"https://csrc.nist.gov/glossary/term/csrr"}],"definitions":null},{"term":"cybersecurity risks throughout the supply chain","link":"https://csrc.nist.gov/glossary/term/cybersecurity_risks_throughout_the_supply_chain","definitions":[{"text":"The potential for harm or compromise arising from suppliers, their supply chains, their products, or their services. Cybersecurity risks throughout the supply chain arise from threats that exploit vulnerabilities or exposures within products and services traversing the supply chain as well as threats exploiting vulnerabilities or exposures within the supply chain itself.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"Cybersecurity State","link":"https://csrc.nist.gov/glossary/term/cybersecurity_state","definitions":[{"text":"The condition of a device’s cybersecurity expressed in a way that is meaningful and useful to authorized entities. For example, a very simple device might express its state in terms of whether or not it is operating as expected, while a complex device might perform cybersecurity logging, check its integrity at boot and report the results, and examine and report additional aspects of its cybersecurity state.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"}]}]},{"term":"Cybersecurity Strategy and Implementation Plan","link":"https://csrc.nist.gov/glossary/term/cybersecurity_strategy_and_implementation_plan","abbrSyn":[{"text":"CSIP","link":"https://csrc.nist.gov/glossary/term/csip"}],"definitions":null},{"term":"cybersecurity supply chain risk assessment","link":"https://csrc.nist.gov/glossary/term/cybersecurity_supply_chain_risk_assessment","definitions":[{"text":"A systematic examination of cybersecurity risks throughout the supply chain, likelihoods of their occurrence, and potential impacts.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"Cybersecurity Supply Chain Risk Management","link":"https://csrc.nist.gov/glossary/term/cybersecurity_supply_chain_risk_management","abbrSyn":[{"text":"C-SCRM","link":"https://csrc.nist.gov/glossary/term/c_scrm"}],"definitions":[{"text":"A systematic process for managing exposure to cybersecurity risks throughout the supply chain and developing appropriate response strategies, policies, processes, and procedures.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"Cybersecurity Virtual Machine","link":"https://csrc.nist.gov/glossary/term/cybersecurity_virtual_machine","abbrSyn":[{"text":"CybersecVM","link":"https://csrc.nist.gov/glossary/term/cybersecvm"}],"definitions":null},{"term":"CybersecVM","link":"https://csrc.nist.gov/glossary/term/cybersecvm","abbrSyn":[{"text":"Cybersecurity Virtual Machine","link":"https://csrc.nist.gov/glossary/term/cybersecurity_virtual_machine"}],"definitions":null},{"term":"cyberspace attack","link":"https://csrc.nist.gov/glossary/term/cyberspace_attack","definitions":[{"text":"Cyberspace actions that create various direct denial effects (i.e., degradation, disruption, or destruction) and manipulation that leads to denial and that is hidden or that manifests in the physical domains.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Cyberspace actions that create various direct denial effects (i.e. degradation, disruption, or destruction) and manipulation that leads to denial that is hidden or that manifests in the physical domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-12","link":"https://www.jcs.mil/Doctrine/"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"cyberspace operations (CO)","link":"https://csrc.nist.gov/glossary/term/cyberspace_operations","abbrSyn":[{"text":"CO","link":"https://csrc.nist.gov/glossary/term/co"},{"text":"computer network operations (CNO)","link":"https://csrc.nist.gov/glossary/term/computer_network_operations"}],"definitions":[{"text":"The employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-0","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations. \nNote: Within the Department of Defense (DoD), term was approved for deletion from JP 1-02 (DoD Dictionary). This term has been replaced by the use of \" cyberspace operations\" used in JP 3-12, \"Cyberspace Operations.\" Original source of term was JP 1-02 (DoD Dictionary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under computer network operations (CNO) "}]}]},{"term":"CybOX","link":"https://csrc.nist.gov/glossary/term/cybox","abbrSyn":[{"text":"Cyber Observable eXpression","link":"https://csrc.nist.gov/glossary/term/cyber_observable_expression"}],"definitions":null},{"term":"cyclic redundancy check (CRC)","link":"https://csrc.nist.gov/glossary/term/cyclic_redundancy_check","abbrSyn":[{"text":"CRC","link":"https://csrc.nist.gov/glossary/term/crc"}],"definitions":[{"text":"A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A method to ensure data has not been altered after being sent through a communication channel.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Cyclical Redundancy Check "}]}]},{"term":"CYOD","link":"https://csrc.nist.gov/glossary/term/cyod","abbrSyn":[{"text":"Choose Your Own Device","link":"https://csrc.nist.gov/glossary/term/choose_your_own_device"}],"definitions":null},{"term":"CyOTE","link":"https://csrc.nist.gov/glossary/term/cyote","abbrSyn":[{"text":"Cybersecurity for the Operational Technology Environment","link":"https://csrc.nist.gov/glossary/term/cybersecurity_for_the_operational_technology_environment"}],"definitions":null},{"term":"CyTRICS","link":"https://csrc.nist.gov/glossary/term/cytrics","abbrSyn":[{"text":"Cyber Testing for Resilient Industrial Control Systems","link":"https://csrc.nist.gov/glossary/term/cyber_testing_for_resilient_ics"}],"definitions":null},{"term":"D/A","link":"https://csrc.nist.gov/glossary/term/d_a","abbrSyn":[{"text":"Department/Agency","link":"https://csrc.nist.gov/glossary/term/department_agency"},{"text":"Digital to Analog Converter","link":"https://csrc.nist.gov/glossary/term/digital_to_analog_converter"}],"definitions":null},{"term":"D/RTBH","link":"https://csrc.nist.gov/glossary/term/d_rtbh","abbrSyn":[{"text":"Destination-based Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/destination_based_remotely_triggered_black_holing"}],"definitions":null},{"term":"D/S","link":"https://csrc.nist.gov/glossary/term/d_s","abbrSyn":[{"text":"Directory Service"}],"definitions":[{"text":"A distributed database service capable of storing information, such as certificates and CRLs, in various nodes or servers distributed across a network. (In the context of this practice guide, a directory services stores identity information and enables the authentication and identification of people and machines.)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Directory Service ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Directory Service ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]}]},{"text":"A distributed database service capable of storing information, such as certificates and CRLs, in various nodes or servers distributed across a network. (In the context of this practice guide, a directory services stores identity information and enables the authentication and identification of people and machines.)","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Directory Service ","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]}]}]},{"term":"D2D","link":"https://csrc.nist.gov/glossary/term/d2d","abbrSyn":[{"text":"Device-To-Device","link":"https://csrc.nist.gov/glossary/term/device_to_device"}],"definitions":null},{"term":"DA","link":"https://csrc.nist.gov/glossary/term/da","abbrSyn":[{"text":"Data Access","link":"https://csrc.nist.gov/glossary/term/data_access"},{"text":"Destination Address","link":"https://csrc.nist.gov/glossary/term/destination_address"}],"definitions":null},{"term":"DAA","link":"https://csrc.nist.gov/glossary/term/daa","abbrSyn":[{"text":"Designated Accrediting Authority","link":"https://csrc.nist.gov/glossary/term/designated_accrediting_authority"},{"text":"Designated Approval Authority"},{"text":"Designated Approving Authority"}],"definitions":null},{"term":"DAC","link":"https://csrc.nist.gov/glossary/term/dac","abbrSyn":[{"text":"Discretionary Access Control"}],"definitions":[{"text":"An access control policy that is enforced over all subjects and objects in an information system where the policy specifies that a subject that has been granted access to information can do one or more of the following: (i) pass the information to other subjects or objects; (ii) grant its privileges to other subjects; (iii) change security attributes on subjects, objects, information systems, or system components; (iv) choose the security attributes to be associated with newly-created or revised objects; or (v) change the rules governing access control. Mandatory access controls restrict this capability.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Discretionary Access Control "}]},{"text":"A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Discretionary Access Control ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"DACL","link":"https://csrc.nist.gov/glossary/term/dacl","abbrSyn":[{"text":"Discretionary Access Control List","link":"https://csrc.nist.gov/glossary/term/discretionary_access_control_list"},{"text":"Dynamic Access Control List","link":"https://csrc.nist.gov/glossary/term/dynamic_access_control_list"}],"definitions":null},{"term":"DACUM","link":"https://csrc.nist.gov/glossary/term/dacum","abbrSyn":[{"text":"Developing the Curriculum","link":"https://csrc.nist.gov/glossary/term/developing_the_curriculum"}],"definitions":null},{"term":"DAD","link":"https://csrc.nist.gov/glossary/term/dad","abbrSyn":[{"text":"Decentralized Autonomic Data","link":"https://csrc.nist.gov/glossary/term/decentralized_autonomic_data"}],"definitions":null},{"term":"DAG","link":"https://csrc.nist.gov/glossary/term/dag","abbrSyn":[{"text":"Directed Acyclic Graph","link":"https://csrc.nist.gov/glossary/term/directed_acyclic_graph"}],"definitions":null},{"term":"Daily Use Account","link":"https://csrc.nist.gov/glossary/term/daily_use_account","abbrSyn":[{"text":"Standard user account","link":"https://csrc.nist.gov/glossary/term/standard_user_account"}],"definitions":[{"text":"See “Standard user account.”","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]"}]}]},{"term":"damage","link":"https://csrc.nist.gov/glossary/term/damage","definitions":[{"text":"Harm caused to something in such a way as to reduce or destroy its value, usefulness, or normal function.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"damage-limiting operations","link":"https://csrc.nist.gov/glossary/term/damage_limiting_operations","abbrSyn":[{"text":"DLO","link":"https://csrc.nist.gov/glossary/term/dlo"}],"definitions":[{"text":"Procedural and operational measures that use system capabilities to maximize the ability of an organization to detect successful system compromises by an adversary and to limit the effects of such compromises (both detected and undetected).","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"DAML","link":"https://csrc.nist.gov/glossary/term/daml","abbrSyn":[{"text":"DARPA Agent Markup Language","link":"https://csrc.nist.gov/glossary/term/darpa_agent_markup_language"}],"definitions":null},{"term":"DANE","link":"https://csrc.nist.gov/glossary/term/dane","abbrSyn":[{"text":"DNS-Based Authentication of Named Entities","link":"https://csrc.nist.gov/glossary/term/dns_based_authentication_of_named_entities"}],"definitions":null},{"term":"DAO","link":"https://csrc.nist.gov/glossary/term/dao","abbrSyn":[{"text":"Data Access Object","link":"https://csrc.nist.gov/glossary/term/data_access_object"},{"text":"Decentralized Autonomous Organization","link":"https://csrc.nist.gov/glossary/term/decentralized_autonomous_organization"}],"definitions":[{"text":"Designated Authorizing Official; A senior organization official that has been given the authorization to authorize the reliability of an issuer.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"DAPA","link":"https://csrc.nist.gov/glossary/term/dapa","abbrSyn":[{"text":"Differential Analysis aided Power Attack","link":"https://csrc.nist.gov/glossary/term/differential_analysis_aided_power_attack"}],"definitions":null},{"term":"DAR","link":"https://csrc.nist.gov/glossary/term/dar","abbrSyn":[{"text":"Data-at-Rest","link":"https://csrc.nist.gov/glossary/term/data_at_rest"}],"definitions":null},{"term":"DARPA","link":"https://csrc.nist.gov/glossary/term/darpa","abbrSyn":[{"text":"Defense Advanced Research Project Agency"},{"text":"Defense Advanced Research Projects Agency"}],"definitions":null},{"term":"DARPA Agent Markup Language","link":"https://csrc.nist.gov/glossary/term/darpa_agent_markup_language","abbrSyn":[{"text":"DAML","link":"https://csrc.nist.gov/glossary/term/daml"}],"definitions":null},{"term":"DAS","link":"https://csrc.nist.gov/glossary/term/das","abbrSyn":[{"text":"Directly Attached Storage","link":"https://csrc.nist.gov/glossary/term/directly_attached_storage"}],"definitions":null},{"term":"DASH7","link":"https://csrc.nist.gov/glossary/term/dash7","abbrSyn":[{"text":"Developers Alliance for Standards Harmonization","link":"https://csrc.nist.gov/glossary/term/developers_alliance_for_standards_harmonization"}],"definitions":null},{"term":"Dashboard","link":"https://csrc.nist.gov/glossary/term/dashboard","abbrSyn":[{"text":"Agency Dashboard and Federal Dashboard"}],"definitions":[{"text":"See Agency Dashboard and Federal Dashboard.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"DAST","link":"https://csrc.nist.gov/glossary/term/dast","abbrSyn":[{"text":"dynamic application security testing","link":"https://csrc.nist.gov/glossary/term/dynamic_application_security_testing"}],"definitions":null},{"term":"Data Access","link":"https://csrc.nist.gov/glossary/term/data_access","abbrSyn":[{"text":"DA","link":"https://csrc.nist.gov/glossary/term/da"}],"definitions":null},{"term":"Data Access Object","link":"https://csrc.nist.gov/glossary/term/data_access_object","abbrSyn":[{"text":"DAO","link":"https://csrc.nist.gov/glossary/term/dao"}],"definitions":[{"text":"Designated Authorizing Official; A senior organization official that has been given the authorization to authorize the reliability of an issuer.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under DAO "}]}]},{"term":"data action","link":"https://csrc.nist.gov/glossary/term/data_action","definitions":[{"text":"System operations that process PII.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Data Action ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"A system operation that processes personally identifiable information.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"A system/product/service data life cycle operation, including, but not limited to collection, retention, logging, generation, transformation, use, disclosure, sharing, transmission, and disposal.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Data Action ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]}]},{"term":"Data Actions","link":"https://csrc.nist.gov/glossary/term/data_actions","definitions":[{"text":"System operations that process PII.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"},{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"data aggregation","link":"https://csrc.nist.gov/glossary/term/data_aggregation","definitions":[{"text":"Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, or of beneficial use to an adversary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Data and Information Reference Model","link":"https://csrc.nist.gov/glossary/term/data_and_information_reference_model","abbrSyn":[{"text":"DRM","link":"https://csrc.nist.gov/glossary/term/drm"}],"definitions":null},{"term":"data asset","link":"https://csrc.nist.gov/glossary/term/data_asset","definitions":[{"text":"1. Any entity that is comprised of data. For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a web site that returns data in response to specific queries (e.g., www.weather.com) would be a data asset.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. An information-based resource.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Data Block (Block)","link":"https://csrc.nist.gov/glossary/term/data_block","definitions":[{"text":"A sequence of bits whose length is the block size of the block cipher.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Data Center Group","link":"https://csrc.nist.gov/glossary/term/data_center_group","abbrSyn":[{"text":"DCG","link":"https://csrc.nist.gov/glossary/term/dcg"}],"definitions":null},{"term":"Data Center Security: Server Advanced","link":"https://csrc.nist.gov/glossary/term/data_center_security_server_advanced","abbrSyn":[{"text":"DCS:SA","link":"https://csrc.nist.gov/glossary/term/dcs_sa"}],"definitions":null},{"term":"Data Collector","link":"https://csrc.nist.gov/glossary/term/data_collector","definitions":[{"text":"A person who records information about actions that occur during an exercise or test.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Data Domain Virtual Edition","link":"https://csrc.nist.gov/glossary/term/data_domain_virtual_edition","abbrSyn":[{"text":"DD VE","link":"https://csrc.nist.gov/glossary/term/dd_ve"}],"definitions":null},{"term":"data element","link":"https://csrc.nist.gov/glossary/term/data_element","definitions":[{"text":"A basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Data Element "}]},{"text":"The smallest named item of data that conveys meaningful information.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Data Element "}]}]},{"term":"Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/data_encryption_algorithm","abbrSyn":[{"text":"DEA","link":"https://csrc.nist.gov/glossary/term/dea"}],"definitions":[{"text":"The algorithm specified in FIPS PUB 46-3, Data Encryption Algorithm (DEA).","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"The Data Encryption Algorithm specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under DEA "}]},{"text":"The DEA cryptographic engine that is used by the Triple Data Encryption Algorithm (TDEA).","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]},{"text":"Data Encryption Algorithm, previously specified in FIPS 46 (now withdrawn).","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under DEA "}]}]},{"term":"Data Encryption Standard","link":"https://csrc.nist.gov/glossary/term/data_encryption_standard","abbrSyn":[{"text":"DES","link":"https://csrc.nist.gov/glossary/term/des"}],"definitions":[{"text":"The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2).","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under DES "}]},{"text":"Data Encryption Standard specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under DES "}]}]},{"term":"Data Execution Prevention","link":"https://csrc.nist.gov/glossary/term/data_execution_prevention","abbrSyn":[{"text":"DEP","link":"https://csrc.nist.gov/glossary/term/dep"}],"definitions":null},{"term":"data flow control","link":"https://csrc.nist.gov/glossary/term/data_flow_control","definitions":[{"text":"See with information flow control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"information flow control","link":"information_flow_control"}]},{"term":"data governance","link":"https://csrc.nist.gov/glossary/term/data_governance","definitions":[{"text":"A set of processes that ensures that data assets are formally managed throughout the enterprise. A data governance model establishes authority and management and decision making parameters related to the data produced or managed by the enterprise.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Policy 11-1"}]}]}]},{"term":"Data Group","link":"https://csrc.nist.gov/glossary/term/data_group","abbrSyn":[{"text":"DG","link":"https://csrc.nist.gov/glossary/term/dg"}],"definitions":null},{"term":"Data Historian","link":"https://csrc.nist.gov/glossary/term/data_historian","definitions":[{"text":"A centralized database supporting data analysis using statistical process control techniques.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"term":"Data in Transit","link":"https://csrc.nist.gov/glossary/term/data_in_transit","abbrSyn":[{"text":"DIT","link":"https://csrc.nist.gov/glossary/term/dit"}],"definitions":null},{"term":"data integrity","link":"https://csrc.nist.gov/glossary/term/data_integrity","abbrSyn":[{"text":"DI","link":"https://csrc.nist.gov/glossary/term/di"},{"text":"Integrity (also, Assurance of integrity)"}],"definitions":[{"text":"The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A property possessed by data items that have not been altered in an unauthorized manner since they were created, transmitted or stored.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Data integrity "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Data integrity "}]},{"text":"A property whereby data has not been altered in an unauthorized manner since it was created, transmitted, or stored.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Data integrity "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Data integrity "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Data integrity "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Data integrity "}]},{"text":"Assurance that the data are unchanged from creation to reception.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Data Integrity "}]},{"text":"See Data integrity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Integrity (also, Assurance of integrity) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Integrity (also, Assurance of integrity) "}]},{"text":"A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Data integrity "}]},{"text":"The property that data has not been altered by an unauthorized entity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Data Integrity "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Data Integrity "}]},{"text":"A property possessed by data items that have not been altered in an unauthorized manner since they were created, transmitted, or stored.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Data integrity "}]},{"text":"The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. \nIn this Recommendation, the statement that a cryptographic algorithm \"provides data integrity\" means that the algorithm is used to detect unauthorized alterations.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Data integrity "}]},{"text":"A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. In this Recommendation, the statement that a cryptographic algorithm \"provides data integrity\" means that the algorithm is used to detect unauthorized alterations.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Data integrity "}]}]},{"term":"Data integrity authentication","link":"https://csrc.nist.gov/glossary/term/data_integrity_authentication","definitions":[{"text":"The process of determining the integrity of the data; also called integrity authentication or integrity verification.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"data intruder","link":"https://csrc.nist.gov/glossary/term/data_intruder","definitions":[{"text":"A data user who attempts to disclose information about a population through identification or attribution.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"Data Link Layer","link":"https://csrc.nist.gov/glossary/term/data_link_layer","definitions":[{"text":"Layer of the TCP/IP protocol stack that handles communications on the physical network components such as Ethernet.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"data linking","link":"https://csrc.nist.gov/glossary/term/data_linking","definitions":[{"text":"matching and combining data from multiple databases","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"data loss","link":"https://csrc.nist.gov/glossary/term/data_loss","definitions":[{"text":"The exposure of proprietary, sensitive, or classified information through either data theft or data leakage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Data Loss "}]}]},{"term":"data loss prevention","link":"https://csrc.nist.gov/glossary/term/data_loss_prevention","abbrSyn":[{"text":"DLP","link":"https://csrc.nist.gov/glossary/term/dlp"}],"definitions":[{"text":"A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of NSS information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"data mining","link":"https://csrc.nist.gov/glossary/term/data_mining","definitions":[{"text":"An analytical process that attempts to find correlations or patterns in large data sets for the purpose of data or knowledge discovery.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Data Mining/Harvesting "}]}]},{"term":"Data Object","link":"https://csrc.nist.gov/glossary/term/data_object","definitions":[{"text":"An item of information seen at the card command interface for which is specified a name, a description of logical content, a format, and a coding.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"data origin authentication","link":"https://csrc.nist.gov/glossary/term/data_origin_authentication","definitions":[{"text":"The corroboration that the source of data received is as claimed. \nSee also non-repudiation and peer entity authentication service","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"The verification that the source of data received is as claimed.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"Corroborating that the source of the data is as claimed.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Data origin authentication "}]}],"seeAlso":[{"text":"non-repudiation","link":"non_repudiation"},{"text":"peer entity authentication service","link":"peer_entity_authentication_service"}]},{"term":"Data Processing","link":"https://csrc.nist.gov/glossary/term/data_processing","definitions":[{"text":"The collective set of data actions (i.e., the complete data life cycle, including, but not limited to collection, retention, logging, generation, transformation, use, disclosure, sharing, transmission, and disposal).","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]}]},{"term":"Data Processing Ecosystem","link":"https://csrc.nist.gov/glossary/term/data_processing_ecosystem","definitions":[{"text":"The complex and interconnected relationships among entities involved in creating or deploying systems, products, or services or any components that process data.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"data provenance","link":"https://csrc.nist.gov/glossary/term/data_provenance","definitions":[{"text":"In the context of computers and law enforcement use, it is an equivalent term to chain of custody. It involves the method of generation, transmission and storage of information that may be used to trace the origin of a piece of information processed by community resources.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISA SSA","note":" - Adapted"}]}]}]},{"term":"Data Radio Bearer","link":"https://csrc.nist.gov/glossary/term/data_radio_bearer","abbrSyn":[{"text":"DRB","link":"https://csrc.nist.gov/glossary/term/drb"}],"definitions":null},{"term":"Data Security Standard","link":"https://csrc.nist.gov/glossary/term/data_security_standard","abbrSyn":[{"text":"DSS","link":"https://csrc.nist.gov/glossary/term/dss"}],"definitions":null},{"term":"Data Security Standard Payment Card Industry","link":"https://csrc.nist.gov/glossary/term/data_security_standard_payment_card_industry","abbrSyn":[{"text":"DSS PCI","link":"https://csrc.nist.gov/glossary/term/dss_pci"}],"definitions":null},{"term":"Data Segment (Segment)","link":"https://csrc.nist.gov/glossary/term/data_segment","definitions":[{"text":"In the CFB mode, a sequence of bits whose length is a parameter that does not exceed the block size.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"data spillage","link":"https://csrc.nist.gov/glossary/term/data_spillage","abbrSyn":[{"text":"spillage","link":"https://csrc.nist.gov/glossary/term/spillage"}],"definitions":[{"text":"See spillage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Security incident that results in the transfer of classified information onto an information system not authorized to store or process that information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under spillage "}]}]},{"term":"data tag","link":"https://csrc.nist.gov/glossary/term/data_tag","definitions":[{"text":"A non-hierarchical keyword or term assigned to a piece of information which helps describe an item and allows it to be found or processed automatically.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISA SSA"}]}]}]},{"term":"Data Transfer Device","link":"https://csrc.nist.gov/glossary/term/data_transfer_device","abbrSyn":[{"text":"DTD","link":"https://csrc.nist.gov/glossary/term/dtd"}],"definitions":[{"text":"Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under data transfer device (DTD) (COMSEC) ","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"data transfer solution","link":"https://csrc.nist.gov/glossary/term/data_transfer_solution","definitions":[{"text":"Interconnect networks or information systems that operate in different security domains and transfer data between them.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"data universe","link":"https://csrc.nist.gov/glossary/term/data_universe","definitions":[{"text":"All possible data within a specified domain.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"data use agreement","link":"https://csrc.nist.gov/glossary/term/data_use_agreement","abbrSyn":[{"text":"DUA","link":"https://csrc.nist.gov/glossary/term/dua"}],"definitions":[{"text":"executed agreement between a data provider and a data recipient that specifies the terms under which the data can be used.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Data-at-Rest","link":"https://csrc.nist.gov/glossary/term/data_at_rest","abbrSyn":[{"text":"DAR","link":"https://csrc.nist.gov/glossary/term/dar"}],"definitions":null},{"term":"Database Administrator","link":"https://csrc.nist.gov/glossary/term/database_administrator","abbrSyn":[{"text":"DBA","link":"https://csrc.nist.gov/glossary/term/dba"}],"definitions":null},{"term":"Database Management System","link":"https://csrc.nist.gov/glossary/term/database_management_system","abbrSyn":[{"text":"DBMS","link":"https://csrc.nist.gov/glossary/term/dbms"}],"definitions":null},{"term":"Database of Genotypes and Phenotypes","link":"https://csrc.nist.gov/glossary/term/database_of_genotypes_and_phenotypes","abbrSyn":[{"text":"DbGaP","link":"https://csrc.nist.gov/glossary/term/dbgap"}],"definitions":null},{"term":"Data-encryption key","link":"https://csrc.nist.gov/glossary/term/data_encryption_key","definitions":[{"text":"A key used to encrypt and decrypt information other than keys.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A key used to encrypt and decrypt data other than keys.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Datagram Congestion Control Protocol","link":"https://csrc.nist.gov/glossary/term/datagram_congestion_control_protocol","abbrSyn":[{"text":"DCCP","link":"https://csrc.nist.gov/glossary/term/dccp"}],"definitions":null},{"term":"Datagram Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/datagram_transport_layer_security","abbrSyn":[{"text":"DTLS","link":"https://csrc.nist.gov/glossary/term/dtls"}],"definitions":null},{"term":"dataset with identifiers","link":"https://csrc.nist.gov/glossary/term/dataset_with_identifiers","definitions":[{"text":"A dataset that contains information that directly identifies individuals.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"dataset without identifiers","link":"https://csrc.nist.gov/glossary/term/dataset_without_identifiers","definitions":[{"text":"A dataset that does not contain direct identifiers.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Date of Birth","link":"https://csrc.nist.gov/glossary/term/date_of_birth","abbrSyn":[{"text":"DOB","link":"https://csrc.nist.gov/glossary/term/dob"}],"definitions":null},{"term":"DATO","link":"https://csrc.nist.gov/glossary/term/dato","definitions":[{"text":"Denial of Authorization to Operate; issued by a DAO to an issuer that is not authorized as being reliable for the issuance of PIV Cards or Derived PIV Credentials.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"DB","link":"https://csrc.nist.gov/glossary/term/db","abbrSyn":[{"text":"Database","link":"https://csrc.nist.gov/glossary/term/database"}],"definitions":[{"text":"A repository of information that usually holds plant-wide information including process data, recipes, personnel data, and financial data.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Database ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Database ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859","note":" - adapted"}]}]},{"text":"A repository of information or data, which may or may not be a traditional relational database system.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Database "}]}]},{"term":"DBA","link":"https://csrc.nist.gov/glossary/term/dba","abbrSyn":[{"text":"Database Administrator","link":"https://csrc.nist.gov/glossary/term/database_administrator"}],"definitions":null},{"term":"DbGaP","link":"https://csrc.nist.gov/glossary/term/dbgap","abbrSyn":[{"text":"Database of Genotypes and Phenotypes","link":"https://csrc.nist.gov/glossary/term/database_of_genotypes_and_phenotypes"}],"definitions":null},{"term":"DBL","link":"https://csrc.nist.gov/glossary/term/dbl","abbrSyn":[{"text":"Double-Block-Length","link":"https://csrc.nist.gov/glossary/term/double_block_length"}],"definitions":null},{"term":"dBm","link":"https://csrc.nist.gov/glossary/term/dbm","abbrSyn":[{"text":"Decibels referenced to one milliwatt","link":"https://csrc.nist.gov/glossary/term/decibels_referenced_to_one_milliwatt"}],"definitions":null},{"term":"DBMS","link":"https://csrc.nist.gov/glossary/term/dbms","abbrSyn":[{"text":"Database Management System","link":"https://csrc.nist.gov/glossary/term/database_management_system"}],"definitions":null},{"term":"DC","link":"https://csrc.nist.gov/glossary/term/dc","abbrSyn":[{"text":"Direct Current","link":"https://csrc.nist.gov/glossary/term/direct_current"},{"text":"District of Columbia","link":"https://csrc.nist.gov/glossary/term/district_of_columbia"},{"text":"Domain Controller","link":"https://csrc.nist.gov/glossary/term/domain_controller"}],"definitions":[{"text":"A server responsible for managing domain information, such as login identification and passwords.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Domain Controller ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]}]}]},{"term":"DC3","link":"https://csrc.nist.gov/glossary/term/dc3","abbrSyn":[{"text":"Defense Cyber Crime Center","link":"https://csrc.nist.gov/glossary/term/defense_cyber_crime_center"}],"definitions":null},{"term":"DCCP","link":"https://csrc.nist.gov/glossary/term/dccp","abbrSyn":[{"text":"Datagram Congestion Control Protocol","link":"https://csrc.nist.gov/glossary/term/datagram_congestion_control_protocol"}],"definitions":null},{"term":"DCE","link":"https://csrc.nist.gov/glossary/term/dce","abbrSyn":[{"text":"Data Communications Equipment","link":"https://csrc.nist.gov/glossary/term/data_communications_equipment"},{"text":"Distributed Computing Environment","link":"https://csrc.nist.gov/glossary/term/distributed_computing_environment"}],"definitions":null},{"term":"DCG","link":"https://csrc.nist.gov/glossary/term/dcg","abbrSyn":[{"text":"Data Center Group","link":"https://csrc.nist.gov/glossary/term/data_center_group"}],"definitions":null},{"term":"DCID","link":"https://csrc.nist.gov/glossary/term/dcid","abbrSyn":[{"text":"Director Central Intelligence Directive","link":"https://csrc.nist.gov/glossary/term/director_central_intelligence_directive"}],"definitions":null},{"term":"DCISE","link":"https://csrc.nist.gov/glossary/term/dcise","abbrSyn":[{"text":"DoD-Defense Industrial Base Collaborative Information Sharing Environment","link":"https://csrc.nist.gov/glossary/term/dod_defense_industrial_base_collab_info_sharing_environment"}],"definitions":null},{"term":"DCMA","link":"https://csrc.nist.gov/glossary/term/dcma","abbrSyn":[{"text":"Defense Contract Management Agency","link":"https://csrc.nist.gov/glossary/term/defense_contract_management_agency"}],"definitions":null},{"term":"DCMS","link":"https://csrc.nist.gov/glossary/term/dcms","abbrSyn":[{"text":"Derived PIV Credential Management System","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential_management_system"}],"definitions":null},{"term":"DCO","link":"https://csrc.nist.gov/glossary/term/dco","abbrSyn":[{"text":"Defensive Cyberspace Operations"}],"definitions":null},{"term":"DCO-RA","link":"https://csrc.nist.gov/glossary/term/dco_ra","abbrSyn":[{"text":"Defensive Cyberspace Operation Response Action"}],"definitions":null},{"term":"DCRTM","link":"https://csrc.nist.gov/glossary/term/dcrtm","abbrSyn":[{"text":"Dynamic Core Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/dynamic_core_root_of_trust_for_measurement"}],"definitions":null},{"term":"DCS","link":"https://csrc.nist.gov/glossary/term/dcs","abbrSyn":[{"text":"Defense Courier Service","link":"https://csrc.nist.gov/glossary/term/defense_courier_service"},{"text":"Distributed Control System"},{"text":"Distributed Control System(s)"}],"definitions":[{"text":"In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Distributed Control System ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"DCS:SA","link":"https://csrc.nist.gov/glossary/term/dcs_sa","abbrSyn":[{"text":"Data Center Security: Server Advanced","link":"https://csrc.nist.gov/glossary/term/data_center_security_server_advanced"}],"definitions":null},{"term":"dd","link":"https://csrc.nist.gov/glossary/term/dd","abbrSyn":[{"text":"duplicate disk/data dump","link":"https://csrc.nist.gov/glossary/term/duplicate_disk_data_dump"}],"definitions":null},{"term":"DD VE","link":"https://csrc.nist.gov/glossary/term/dd_ve","abbrSyn":[{"text":"Data Domain Virtual Edition","link":"https://csrc.nist.gov/glossary/term/data_domain_virtual_edition"}],"definitions":null},{"term":"DDIL","link":"https://csrc.nist.gov/glossary/term/ddil","abbrSyn":[{"text":"Denied, Disrupted, Intermittent, and Limited Impact","link":"https://csrc.nist.gov/glossary/term/denied_disrupted_intermittent_and_limited_impact"}],"definitions":null},{"term":"DDMS","link":"https://csrc.nist.gov/glossary/term/ddms","abbrSyn":[{"text":"DoD Discovery Metadata Standard","link":"https://csrc.nist.gov/glossary/term/dod_discovery_metadata_standard"}],"definitions":null},{"term":"DDNS","link":"https://csrc.nist.gov/glossary/term/ddns","abbrSyn":[{"text":"Dynamic Domain Name System","link":"https://csrc.nist.gov/glossary/term/dynamic_domain_name_system"}],"definitions":null},{"term":"DDoS","link":"https://csrc.nist.gov/glossary/term/ddos","abbrSyn":[{"text":"Distributed Denial of Service"},{"text":"Distributed Denial-of-Service"}],"definitions":[{"text":"A denial of service technique that uses numerous hosts to perform the attack.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Distributed Denial of Service "}]}]},{"term":"DE","link":"https://csrc.nist.gov/glossary/term/de","abbrSyn":[{"text":"Detect","link":"https://csrc.nist.gov/glossary/term/detect"},{"text":"detect (CSF function)","link":"https://csrc.nist.gov/glossary/term/detect_csf"}],"definitions":[{"text":"Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under detect (CSF function) ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"DE.AE","link":"https://csrc.nist.gov/glossary/term/de_ae","abbrSyn":[{"text":"Detect, Anomalies and Events","link":"https://csrc.nist.gov/glossary/term/detect_anomalies_and_events"}],"definitions":null},{"term":"DEA","link":"https://csrc.nist.gov/glossary/term/dea","abbrSyn":[{"text":"Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/data_encryption_algorithm"}],"definitions":[{"text":"The algorithm specified in FIPS PUB 46-3, Data Encryption Algorithm (DEA).","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Data Encryption Algorithm "}]},{"text":"The Data Encryption Algorithm specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"The DEA cryptographic engine that is used by the Triple Data Encryption Algorithm (TDEA).","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Data Encryption Algorithm "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Data Encryption Algorithm "}]},{"text":"Data Encryption Algorithm, previously specified in FIPS 46 (now withdrawn).","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"}]}]},{"term":"Deactivated state","link":"https://csrc.nist.gov/glossary/term/deactivated_state","definitions":[{"text":"A lifecycle state of a key whereby the key is no longer to be used for applying cryptographic protection. Processing already protected information may still be performed.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A key state in which keys are not used to apply cryptographic protection (e.g., encrypt) but, in some cases, are used to process cryptographically protected information (e.g., decrypt).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Dead Peer Detection","link":"https://csrc.nist.gov/glossary/term/dead_peer_detection","abbrSyn":[{"text":"DPD","link":"https://csrc.nist.gov/glossary/term/dpd"}],"definitions":null},{"term":"Decentralized Autonomic Data","link":"https://csrc.nist.gov/glossary/term/decentralized_autonomic_data","abbrSyn":[{"text":"DAD","link":"https://csrc.nist.gov/glossary/term/dad"}],"definitions":null},{"term":"Decentralized Autonomous Organization","link":"https://csrc.nist.gov/glossary/term/decentralized_autonomous_organization","abbrSyn":[{"text":"DAO","link":"https://csrc.nist.gov/glossary/term/dao"}],"definitions":[{"text":"Designated Authorizing Official; A senior organization official that has been given the authorization to authorize the reliability of an issuer.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under DAO "}]}]},{"term":"Decentralized Exchange","link":"https://csrc.nist.gov/glossary/term/decentralized_exchange","abbrSyn":[{"text":"DEX","link":"https://csrc.nist.gov/glossary/term/dex"}],"definitions":null},{"term":"decentralized finance","link":"https://csrc.nist.gov/glossary/term/decentralized_finance","abbrSyn":[{"text":"DeFi","link":"https://csrc.nist.gov/glossary/term/defi"}],"definitions":null},{"term":"Decentralized Identifier","link":"https://csrc.nist.gov/glossary/term/decentralized_identifier","abbrSyn":[{"text":"DID","link":"https://csrc.nist.gov/glossary/term/did"}],"definitions":null},{"term":"Decentralized network","link":"https://csrc.nist.gov/glossary/term/decentralized_network","definitions":[{"text":"A network configuration where there are multiple authorities that serve as a centralized hub for a subsection of participants. Since some participants are behind a centralized hub, the loss of that hub will prevent those participants from communicating.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"decertification","link":"https://csrc.nist.gov/glossary/term/decertification","definitions":[{"text":"Revocation of the certification of an information system item or equipment for cause.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Decibels referenced to one milliwatt","link":"https://csrc.nist.gov/glossary/term/decibels_referenced_to_one_milliwatt","abbrSyn":[{"text":"dBm","link":"https://csrc.nist.gov/glossary/term/dbm"}],"definitions":null},{"term":"decipher","link":"https://csrc.nist.gov/glossary/term/decipher","definitions":[{"text":"Convert enciphered text to plain text by means of a cryptographic system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Decision or branch coverage","link":"https://csrc.nist.gov/glossary/term/decision_or_branch_coverage","definitions":[{"text":"The percentage of branches that have been evaluated to both true and false by a test set.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"decision tree","link":"https://csrc.nist.gov/glossary/term/decision_tree","abbrSyn":[{"text":"DT","link":"https://csrc.nist.gov/glossary/term/dt"}],"definitions":null},{"term":"decode","link":"https://csrc.nist.gov/glossary/term/decode","definitions":[{"text":"Convert encoded data back to its original form of representation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"decrypt","link":"https://csrc.nist.gov/glossary/term/decrypt","definitions":[{"text":"A generic term encompassing decoding and deciphering.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Decryption","link":"https://csrc.nist.gov/glossary/term/decryption","definitions":[{"text":"The process of changing ciphertext into plaintext using a cryptographic algorithm and key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The process of transforming ciphertext into plaintext.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]},{"text":"The process of a confidentiality mode that transforms encrypted data into the original usable data.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Decryption (Deciphering) "}]},{"text":"The process of transforming ciphertext into plaintext using a cryptographic algorithm and key.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"The process of changing ciphertext into plaintext.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Decryption-Verification","link":"https://csrc.nist.gov/glossary/term/decryption_verification","definitions":[{"text":"The process of CCM in which a purported ciphertext is decrypted and the authenticity of the resulting payload and the associated data is verified.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Dedicated Proxy Server","link":"https://csrc.nist.gov/glossary/term/dedicated_proxy_server","definitions":[{"text":"A form of proxy server that has much more limited firewalling capabilities than an application-proxy gateway.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Deep Packet Inspection","link":"https://csrc.nist.gov/glossary/term/deep_packet_inspection","abbrSyn":[{"text":"DPI","link":"https://csrc.nist.gov/glossary/term/dpi_caps"}],"definitions":null},{"term":"default classification","link":"https://csrc.nist.gov/glossary/term/default_classification","definitions":[{"text":"Classification reflecting the highest classification being processed in an information system. Default classification is included in the caution statement affixed to an object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Defect","link":"https://csrc.nist.gov/glossary/term/defect","definitions":[{"text":"An occurrence of a defect check that failed on an assessment object. It indicates a weakened state of security that increases risk.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Defect Check","link":"https://csrc.nist.gov/glossary/term/defect_check","definitions":[{"text":"A defect check is a way to assess determination statements. It has the following additional properties. A defect check: \n• Is stated as a test (wherever appropriate); \n• Can be automated; \n• Explicitly defines a particular desired state specification that is then compared to the corresponding actual state to determine the test result; \n• Provides information that may help determine the degree of control effectiveness/level of risk that is acceptable; \n• Suggests risk response options; and \n• Assesses a corresponding sub-capability.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Defect Type","link":"https://csrc.nist.gov/glossary/term/defect_type","definitions":[{"text":"A kind of defect that could occur on many assessment objects. Generally, a defect check tests for the presence or absence of a defect type.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Defense Contract Management Agency","link":"https://csrc.nist.gov/glossary/term/defense_contract_management_agency","abbrSyn":[{"text":"DCMA","link":"https://csrc.nist.gov/glossary/term/dcma"}],"definitions":null},{"term":"Defense Courier Service","link":"https://csrc.nist.gov/glossary/term/defense_courier_service","abbrSyn":[{"text":"DCS","link":"https://csrc.nist.gov/glossary/term/dcs"}],"definitions":null},{"term":"Defense Cyber Crime Center","link":"https://csrc.nist.gov/glossary/term/defense_cyber_crime_center","abbrSyn":[{"text":"DC3","link":"https://csrc.nist.gov/glossary/term/dc3"}],"definitions":null},{"term":"Defense Discovery Metadata Standard (DDMS)","link":"https://csrc.nist.gov/glossary/term/defense_discovery_metadata_standard","definitions":[{"text":"Defines discovery metadata elements for resources posted to community and organizational shared spaces throughout the DoD enterprise. Specifically DDMS defines a set of information fields that are to be used to describe any data or service asset that is made known to the enterprise.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Defense Discovery Metadata Specification (DDMS) page"}]}]}]},{"term":"Defense Federal Acquisition Regulations Supplement","link":"https://csrc.nist.gov/glossary/term/defense_federal_acquisition_regulations_supplement","abbrSyn":[{"text":"DFARS","link":"https://csrc.nist.gov/glossary/term/dfars"}],"definitions":null},{"term":"Defense Industrial Base","link":"https://csrc.nist.gov/glossary/term/defense_industrial_base","abbrSyn":[{"text":"DIB","link":"https://csrc.nist.gov/glossary/term/dib"}],"definitions":null},{"term":"Defense Industrial Base Cybersecurity Sharing","link":"https://csrc.nist.gov/glossary/term/defense_industrial_base_cybersecurity_sharing","abbrSyn":[{"text":"DIB CS","link":"https://csrc.nist.gov/glossary/term/dib_cs"}],"definitions":null},{"term":"Defense Information System Network","link":"https://csrc.nist.gov/glossary/term/defense_information_system_network","abbrSyn":[{"text":"DISN","link":"https://csrc.nist.gov/glossary/term/disn"}],"definitions":null},{"term":"Defense Information Systems Agency","link":"https://csrc.nist.gov/glossary/term/defense_information_systems_agency","abbrSyn":[{"text":"DISA","link":"https://csrc.nist.gov/glossary/term/disa"}],"definitions":null},{"term":"Defense Intelligence Agency","link":"https://csrc.nist.gov/glossary/term/defense_intelligence_agency","abbrSyn":[{"text":"DIA","link":"https://csrc.nist.gov/glossary/term/dia"}],"definitions":null},{"term":"Defense Science Board","link":"https://csrc.nist.gov/glossary/term/defense_science_board","abbrSyn":[{"text":"DSB","link":"https://csrc.nist.gov/glossary/term/dsb"}],"definitions":null},{"term":"defense-in-breadth","link":"https://csrc.nist.gov/glossary/term/defense_in_breadth","definitions":[{"text":"A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or subcomponent life cycle, including system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Defense-in-Breadth ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Defense-in-Breadth ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or subcomponent life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement).","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Defense-in-Breadth ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Defense-in-Breadth ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Defense-in-Breadth ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A planned, systematic set of multi-disciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component lifecycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or subcomponent life cycle, including system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under defense in breadth ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"defense-in-depth","link":"https://csrc.nist.gov/glossary/term/defense_in_depth","definitions":[{"text":"Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Defense-in-Depth ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Defense-in-Depth ","refSources":[{"text":"CNSSI 4009-2010"},{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Defense-in-Depth ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Defense-in-Depth ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Defense-in-Depth "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"An information security strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under defense in depth "}]},{"text":"The application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common attack vectors to ensure that attacks missed by one technology are caught by another.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Defense-in-depth ","refSources":[{"text":"ISA/IEC 62443"},{"text":"ISO/IEC 62443 1-1"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Defense-in-depth ","refSources":[{"text":"ISO/IEC 62443 1-1"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Defense-in-depth ","refSources":[{"text":"ISO/IEC 62443 1-1"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Defense-in-depth ","refSources":[{"text":"ISA-62443-1-1"}]}]}]},{"term":"defensive cyberspace operation response action (DCO-RA)","link":"https://csrc.nist.gov/glossary/term/defensive_cyberspace_operation_response_action","abbrSyn":[{"text":"DCO-RA","link":"https://csrc.nist.gov/glossary/term/dco_ra"}],"definitions":[{"text":"Deliberate, authorized defensive measures or activities taken outside of the defended network to protect and defend Department of Defense (DoD) cyberspace capabilities or other designated systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-12","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"defensive cyberspace operations (DCO)","link":"https://csrc.nist.gov/glossary/term/defensive_cyberspace_operations","abbrSyn":[{"text":"DCO","link":"https://csrc.nist.gov/glossary/term/dco"}],"definitions":[{"text":"Passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-12","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"Defensive Design","link":"https://csrc.nist.gov/glossary/term/defensive_design","definitions":[{"text":"Design techniques which explicitly protect supply chain elements from future attacks or adverse events. Defensive design addresses the technical, behavioral, and organizational activities. It is intended to create options that preserve the integrity of the mission and system function and its performance to the end user or consumer of the supply chain element.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"}]}]},{"term":"DeFi","link":"https://csrc.nist.gov/glossary/term/defi","abbrSyn":[{"text":"decentralized finance","link":"https://csrc.nist.gov/glossary/term/decentralized_finance"}],"definitions":null},{"term":"degauss","link":"https://csrc.nist.gov/glossary/term/degauss","definitions":[{"text":"To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Degaussing any current generation hard disk (including but not limited to IDE, EIDE, ATA, SCSI and Jaz) will render the drive permanently unusable since these drives store track location information on the hard drive. \nAlso called “demagnetizing.”","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Degauss "}]}]},{"term":"Degradation","link":"https://csrc.nist.gov/glossary/term/degradation","definitions":[{"text":"A decline in quality or performance; the process by which the decline is brought about.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"Degraded Cybersecurity State","link":"https://csrc.nist.gov/glossary/term/degraded_cybersecurity_state","definitions":[{"text":"A cybersecurity state that indicates the device’s cybersecurity has been significantly negatively impacted, such as the device being unable to operate as expected, or the integrity of the device’s software being violated.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"}]}]},{"term":"delay (path delay)","link":"https://csrc.nist.gov/glossary/term/delay_path_delay","definitions":[{"text":"The [signal] delay between a transmitter and a receiver. Path delay is often the largest contributor to time transfer uncertainty. For example, consider a radio signal broadcast over a 1000 km path. Since radio signals travel at the speed of light (with a delay of about 3.3 µs/km), we can calibrate the 1000 km path by estimating the path delay as 3.3 ms and applying a 3.3 ms correction to our measurement. Sophisticated time transfer systems, such as GPS, automatically correct for path delay. The absolute path delay is not important to frequency transfer systems because on-time pulses are not required, but variations in path delay still limit the frequency uncertainty.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"Delegation Signer","link":"https://csrc.nist.gov/glossary/term/delegation_signer","abbrSyn":[{"text":"DS","link":"https://csrc.nist.gov/glossary/term/ds"}],"definitions":null},{"term":"deleted file","link":"https://csrc.nist.gov/glossary/term/deleted_file","definitions":[{"text":"A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Deleted File "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Deleted File "}]}]},{"term":"Delivery Status Notification","link":"https://csrc.nist.gov/glossary/term/delivery_status_notification","abbrSyn":[{"text":"DSN","link":"https://csrc.nist.gov/glossary/term/dsn"}],"definitions":null},{"term":"delivery-only client (DOC)","link":"https://csrc.nist.gov/glossary/term/delivery_only_client","note":"(C.F.D.)","abbrSyn":[{"text":"DOC","link":"https://csrc.nist.gov/glossary/term/doc"}],"definitions":[{"text":"A configuration of a client node that enables a DOA agent to access a primary services node (PRSN) to retrieve KMI products and access KMI services. A DOC consists of a client platform but does not include an AKP. \nRationale: Term is of limited use to information assurance community.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Dell Remote Access Controller","link":"https://csrc.nist.gov/glossary/term/dell_remote_access_controller","abbrSyn":[{"text":"iDRAC","link":"https://csrc.nist.gov/glossary/term/idrac"}],"definitions":null},{"term":"Dell Trusted Device","link":"https://csrc.nist.gov/glossary/term/dell_trusted_device","abbrSyn":[{"text":"DTD","link":"https://csrc.nist.gov/glossary/term/dtd"}],"definitions":null},{"term":"demilitarize","link":"https://csrc.nist.gov/glossary/term/demilitarize","abbrSyn":[{"text":"COMSEC demilitarization","link":"https://csrc.nist.gov/glossary/term/comsec_demilitarization"}],"definitions":[{"text":"The process of preparing National Security System equipment for disposal by extracting all CCI, classified, or CRYPTO-marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4004.1","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"Process of preparing COMSEC equipment for disposal by extracting all controlled cryptographic item (CCI), classified, or CRYPTO marked components for their secure destruction, as well as defacing and disposing of the remaining equipment hulk. \nRationale: Demilitarize is the proper term and does not apply solely to COMSEC.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC demilitarization "}]}]},{"term":"DeNB","link":"https://csrc.nist.gov/glossary/term/denb","abbrSyn":[{"text":"Donor eNodeB","link":"https://csrc.nist.gov/glossary/term/donor_enodeb"}],"definitions":null},{"term":"denial of service (DoS)","link":"https://csrc.nist.gov/glossary/term/denial_of_service","abbrSyn":[{"text":"DoS","link":"https://csrc.nist.gov/glossary/term/dos"}],"definitions":[{"text":"The prevention of authorized access to a system resource or the delaying of system operations and functions.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under denial of service ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Denial of Service ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The prevention of authorized access to resources or the delaying of time- critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]}]},{"text":"The prevention of authorized access to a system resource or the delaying of system operations and functions.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Denial of Service (DoS) ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Denial of Service ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Denial of Service ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"actions that prevent the NE from fimctioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state;\noperations that depend on timeliness may be delayed.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under Denial of service "}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under denial of service "},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Denial of Service "}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under denial of service "}]}]},{"term":"Denied, Disrupted, Intermittent, and Limited Impact","link":"https://csrc.nist.gov/glossary/term/denied_disrupted_intermittent_and_limited_impact","abbrSyn":[{"text":"DDIL","link":"https://csrc.nist.gov/glossary/term/ddil"}],"definitions":null},{"term":"Deny by Default","link":"https://csrc.nist.gov/glossary/term/deny_by_default","definitions":[{"text":"To block all inbound and outbound traffic that has not been expressly permitted by firewall policy.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Deoxyribonucleic acid","link":"https://csrc.nist.gov/glossary/term/deoxyribonucleic_acid","abbrSyn":[{"text":"DNA","link":"https://csrc.nist.gov/glossary/term/dna"}],"definitions":null},{"term":"DEP","link":"https://csrc.nist.gov/glossary/term/dep","abbrSyn":[{"text":"Data Execution Prevention","link":"https://csrc.nist.gov/glossary/term/data_execution_prevention"}],"definitions":null},{"term":"Department of Commerce","link":"https://csrc.nist.gov/glossary/term/department_of_commerce","abbrSyn":[{"text":"DOC","link":"https://csrc.nist.gov/glossary/term/doc"}],"definitions":null},{"term":"Department of Defense","link":"https://csrc.nist.gov/glossary/term/department_of_defense","abbrSyn":[{"text":"DoD","link":"https://csrc.nist.gov/glossary/term/dod"}],"definitions":null},{"term":"Department of Defense Directive","link":"https://csrc.nist.gov/glossary/term/department_of_defense_directive","abbrSyn":[{"text":"DoDD","link":"https://csrc.nist.gov/glossary/term/dodd"}],"definitions":null},{"term":"Department of Defense information network operations","link":"https://csrc.nist.gov/glossary/term/department_of_defense_information_network_operations","definitions":[{"text":"Operations to design, build, configure, secure, operate, maintain, and sustain Department of Defense networks to create and preserve information assurance on the Department of Defense information networks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"JP 3-12","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/3-0-Operations-Series/"}]}]}]},{"term":"Department of Defense information networks (DODIN)","link":"https://csrc.nist.gov/glossary/term/department_of_defense_information_networks","abbrSyn":[{"text":"DoDIN","link":"https://csrc.nist.gov/glossary/term/dodin"}],"definitions":[{"text":"The globally interconnected, end-to-end set of information capabilities, and associated processes for collecting, processing, storing, disseminating, and managing information on-demand to warfighters, policy makers, and support personnel, including owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and national security systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"},{"text":"JP 3-12","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/3-0-Operations-Series/"}]}]}]},{"term":"Department of Defense Instruction","link":"https://csrc.nist.gov/glossary/term/department_of_defense_instruction","abbrSyn":[{"text":"DoDI","link":"https://csrc.nist.gov/glossary/term/dodi"}],"definitions":null},{"term":"Department of Defense Manual","link":"https://csrc.nist.gov/glossary/term/department_of_defense_manual","abbrSyn":[{"text":"DoDM","link":"https://csrc.nist.gov/glossary/term/dodm"}],"definitions":null},{"term":"Department of Education Disclosure Review Board","link":"https://csrc.nist.gov/glossary/term/department_of_education_disclosure_review_board","abbrSyn":[{"text":"EDDRB","link":"https://csrc.nist.gov/glossary/term/eddrb"}],"definitions":null},{"term":"Department of Energy","link":"https://csrc.nist.gov/glossary/term/department_of_energy","abbrSyn":[{"text":"DoE"},{"text":"DOE","link":"https://csrc.nist.gov/glossary/term/doe"}],"definitions":null},{"term":"Department of Health and Human Services","link":"https://csrc.nist.gov/glossary/term/department_of_health_and_human_services","abbrSyn":[{"text":"DHHS","link":"https://csrc.nist.gov/glossary/term/dhhs"},{"text":"HHS","link":"https://csrc.nist.gov/glossary/term/hhs"}],"definitions":null},{"term":"Department of Homeland Security","link":"https://csrc.nist.gov/glossary/term/department_of_homeland_security","abbrSyn":[{"text":"DHS","link":"https://csrc.nist.gov/glossary/term/dhs"}],"definitions":null},{"term":"Department of Transportation","link":"https://csrc.nist.gov/glossary/term/department_of_transportation","abbrSyn":[{"text":"DoT","link":"https://csrc.nist.gov/glossary/term/DoT"},{"text":"DOT"}],"definitions":null},{"term":"Department of Veterans Affairs","link":"https://csrc.nist.gov/glossary/term/department_of_veterans_affairs","abbrSyn":[{"text":"VA","link":"https://csrc.nist.gov/glossary/term/va"}],"definitions":null},{"term":"Department/Agency","link":"https://csrc.nist.gov/glossary/term/department_agency","abbrSyn":[{"text":"D/A","link":"https://csrc.nist.gov/glossary/term/d_a"}],"definitions":null},{"term":"deprecated","link":"https://csrc.nist.gov/glossary/term/deprecated","definitions":[{"text":"The algorithm and key length may be used, but the user must accept some security risk. The term is used when discussing the key lengths or algorithms that may be used to apply cryptographic protection.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Deprecated Identifier Name","link":"https://csrc.nist.gov/glossary/term/deprecated_identifier_name","definitions":[{"text":"An identifier name that is no longer valid because it has either been replaced by a new identifier name or set of identifier names or was created erroneously.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"depth","link":"https://csrc.nist.gov/glossary/term/depth","definitions":[{"text":"An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method. The values for the depth attribute, hierarchically from less depth to more depth, are basic, focused, and comprehensive.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Depth ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Depth "}]},{"text":"An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The amount of detail covered by an assessment: basic (both critical and non-critical elements) or detailed (all elements).","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"DER","link":"https://csrc.nist.gov/glossary/term/der","abbrSyn":[{"text":"Distinguished Encoding Rules"},{"text":"distributed energy resource","link":"https://csrc.nist.gov/glossary/term/distributed_energy_resource"},{"text":"Distributed Energy Resource(s)"},{"text":"Distributed Energy Resources"}],"definitions":null},{"term":"De-registration (of a key)","link":"https://csrc.nist.gov/glossary/term/de_registration_of_a_key","definitions":[{"text":"The inactivation of the records of a key that was registered by a registration authority.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"derived credential","link":"https://csrc.nist.gov/glossary/term/derived_credential","definitions":[{"text":"A credential issued based on proof of possession and control of a token associated with a previously issued credential, so as not to duplicate the identity proofing process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Derived Credential "}]},{"text":"A credential issued based on proof of possession and control of an authenticator associated with a previously issued credential, so as not to duplicate the identity proofing process.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Derived Credential "}]}]},{"term":"Derived Personal Identity Verification (PIV)","link":"https://csrc.nist.gov/glossary/term/derived_personal_identity_verification","definitions":[{"text":"A credential issued based on proof of possession and control of the PIV Card, so as not to duplicate the identity proofing process as defined in [SP 800-63-2]. A Derived PIV Credential token is a hardware or software-based token that contains the Derived PIV Credential.","sources":[{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]}]},{"term":"Derived Personal Identity Verification Credential","link":"https://csrc.nist.gov/glossary/term/derived_personal_identity_verification_credential","abbrSyn":[{"text":"DPC","link":"https://csrc.nist.gov/glossary/term/dpc"}],"definitions":null},{"term":"Derived PIV Application","link":"https://csrc.nist.gov/glossary/term/derived_piv_application","definitions":[{"text":"A standardized application residing on a removable, hardware cryptographic token that hosts a Derived PIV Credential and associated mandatory and optional elements.","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157"}]},{"text":"A standardized application residing on a removable hardware cryptographic token that hosts a Derived PIV Credential and associated mandatory and optional elements.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Derived PIV Credential","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential","abbrSyn":[{"text":"DPC","link":"https://csrc.nist.gov/glossary/term/dpc"}],"definitions":[{"text":"A credential issued based on proof of possession and control of a PIV Card. Derived PIV credentials are typically used in situations that do not easily accommodate a PIV Card, such as in conjunction with mobile devices.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"An X.509 Derived PIV Authentication certificate, which is issued in accordance with the requirements specified in this document where the PIV Authentication certificate on the Applicant’s PIV Card serves as the original credential. The Derived PIV Credential is an additional common identity credential under HSPD-12 and FIPS 201 that is issued by a Federal department or agency and that is used with mobile devices.","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157"}]},{"text":"A credential issued based on proof of possession and control of the PIV Card, so as not to duplicate the identity proofing process as defined in [NIST SP 800-63-2]. A Derived PIV Credential token is a hardware or software based token that contains the Derived PIV Credential.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]},{"text":"An X.509 Derived PIV Authentication certificate with associated public and private key that is issued in accordance with the requirements specified in this document where the PIV Authentication certificate on the applicant’s PIV Card serves as the original credential. The Derived PIV Credential (DPC) is an additional common identity credential under Homeland Security Presidential Directive-12 and Federal Information Processing Standards (FIPS) 201 that is issued by a federal department or agency and is used with mobile devices.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Derived PIV Credential Management System","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential_management_system","abbrSyn":[{"text":"DCMS","link":"https://csrc.nist.gov/glossary/term/dcms"}],"definitions":null},{"term":"Derived PIV Credentials","link":"https://csrc.nist.gov/glossary/term/derived_piv_credentials","abbrSyn":[{"text":"DPC","link":"https://csrc.nist.gov/glossary/term/dpc"}],"definitions":null},{"term":"Derived Relationship Mapping","link":"https://csrc.nist.gov/glossary/term/derived_relationship_mapping","abbrSyn":[{"text":"DRM","link":"https://csrc.nist.gov/glossary/term/drm"}],"definitions":[{"text":"A potential mapping between Reference Document Elements identified by finding elements from two or more Reference Documents that map to the same Focal Document Element.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"}]}]},{"term":"derived requirement","link":"https://csrc.nist.gov/glossary/term/derived_requirement","definitions":[{"text":"A requirement deduced or inferred from the collection and organization of requirements into a particular system configuration and solution.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 29148:2018","link":"https://www.iso.org/standard/72089.html"}]}]},{"text":"A requirement that is implied or transformed from a higher-level requirement. Note 1: Implied requirements cannot be assessed since they are not contained in any requirement baseline. The decomposition of requirements throughout the engineering process makes the implicit requirements explicit, allowing them to be stated and captured in appropriate baselines and allowing associated assessment criteria to be stated. Note 2: A derived requirement must trace back to at least one higher-level requirement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under derived requirements ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"A requirement that is implied or transformed from a higher-level requirement. \nNote 1: Implied requirements cannot be assessed since they are not contained in any requirements baseline. The decomposition of requirements throughout the engineering process makes implicit requirements explicit, allowing them to be stated and captured in appropriate baselines and allowing associated assessment criteria to be stated. \nNote 2: A derived requirement must trace back to at least one higher-level requirement.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A requirement that is implied or transformed from a higher-level requirement.\nNote 1: Implied requirements cannot be assessed since they are not contained in any requirements baseline. The decomposition of requirements throughout the engineering process makes implicit requirements explicit, allowing them to be stated and captured in appropriate baselines and allowing associated assessment criteria to be stated. \nNote 2: A derived requirement must trace back to at least one higher-level requirement.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Derived Test Requirement","link":"https://csrc.nist.gov/glossary/term/derived_test_requirement","abbrSyn":[{"text":"DTR","link":"https://csrc.nist.gov/glossary/term/dtr"}],"definitions":[{"text":"A statement of requirement, needed information, and associated test procedures necessary to test a specific SCAP feature.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under Derived Test Requirement/Test Requirement "}]}]},{"term":"Derived PIV Credential Issuer","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential_issuer","abbrSyn":[{"text":"DPCI","link":"https://csrc.nist.gov/glossary/term/dpci"}],"definitions":[{"text":"Derived PIV Credential (and associated token) Issuer; an issuer of Derived PIV Credentials as defined in [NIST SP 800-63-2]and [NIST SP 800-157].","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under DPCI "}]}]},{"term":"DES","link":"https://csrc.nist.gov/glossary/term/des","abbrSyn":[{"text":"Data Encryption Standard","link":"https://csrc.nist.gov/glossary/term/data_encryption_standard"},{"text":"Digital Encryption Standard","link":"https://csrc.nist.gov/glossary/term/digital_encryption_standard"}],"definitions":[{"text":"The symmetric encryption algorithm defined by the Data Encryption Standard (FIPS 46-2).","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"Data Encryption Standard specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"descriptive label","link":"https://csrc.nist.gov/glossary/term/descriptive_label","abbrSyn":[{"text":"informational label","link":"https://csrc.nist.gov/glossary/term/informational_label"}],"definitions":[{"text":"Provides facts about properties or features of a product without any grading or evaluation. Information may be displayed in a variety of ways, such as in tabular format or with icons or text.","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1"}]}]},{"term":"design","link":"https://csrc.nist.gov/glossary/term/design","definitions":[{"text":"Process to define the architecture, system elements, interfaces, and other characteristics of a system or system element.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"Result of the process to be consistent with the selected architecture, system elements, interfaces, and other characteristics of a system or system element.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"Process of defining the system elements, interfaces, and other characteristics of a system of interest in accordance with the requirements and architecture.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"design characteristics","link":"https://csrc.nist.gov/glossary/term/design_characteristics","definitions":[{"text":"Design attributes or distinguishing features that pertain to a measurable description of a product or service.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]}]},{"term":"design margin","link":"https://csrc.nist.gov/glossary/term/design_margin","abbrSyn":[{"text":"margin","link":"https://csrc.nist.gov/glossary/term/margin"}],"definitions":[{"text":"The margin allocated during design based on assessments of uncertainty and unknowns. This margin is often consumed as the design matures.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"NASA Systems Engineering Handbook","link":"https://www.nasa.gov/seh"}]}]},{"text":"A spare amount or measure or degree allowed or given for contingencies or special situations. The allowances carried to account for uncertainties and risks.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under margin ","refSources":[{"text":"MTR210263","link":"https://figshare.com/articles/preprint/Design_Principles_for_Cyber_Physical_Systems_pdf/15175605"}]}]}]},{"term":"design principle","link":"https://csrc.nist.gov/glossary/term/design_principle","definitions":[{"text":"A distillation of experience designing, implementing, integrating, and upgrading systems that systems engineers and architects can use to guide design decisions and analysis. A design principle typically takes the form of a terse statement or a phrase identifying a key concept, accompanied by one or more statements that describe how that concept applies to system design (where “system” is construed broadly to include operational processes and procedures, and may also include development and maintenance environments).","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"Designated Accrediting Authority","link":"https://csrc.nist.gov/glossary/term/designated_accrediting_authority","abbrSyn":[{"text":"accrediting authority","link":"https://csrc.nist.gov/glossary/term/accrediting_authority"},{"text":"DAA","link":"https://csrc.nist.gov/glossary/term/daa"}],"definitions":[{"text":"Synonymous with designated accrediting authority (DAA).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under accrediting authority "}]}]},{"term":"designated approval authority (DAA)","link":"https://csrc.nist.gov/glossary/term/designated_approval_authority","note":"(C.F.D.)","definitions":[{"text":"Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with authorizing official, designated accrediting authority, and delegated accrediting authority. \nRationale: Term has been replaced by the term “authorizing official”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"designated cipher function","link":"https://csrc.nist.gov/glossary/term/designated_cipher_function","definitions":[{"text":"As part of the choice of the underlying block cipher with a KEK, either the forward transformation or the inverse transformation.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"designing for cyber resiliency and survivability","link":"https://csrc.nist.gov/glossary/term/designing_for_cyber_resiliency_and_survivability","definitions":[{"text":"Designing systems, missions, and business functions to provide the capability to prepare for, withstand, recover from, and adapt to compromises of cyber resources in order to maximize mission or business operations.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"Desired State","link":"https://csrc.nist.gov/glossary/term/desired_state","abbrSyn":[{"text":"Desired State Specification","link":"https://csrc.nist.gov/glossary/term/desired_state_specification"}],"definitions":[{"text":"See Desired State Specification.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"A defined value, list, or rule (specification) that a) states or b) allows the computation of the state that the organization desires in order to reduce information security risk. Desired state specifications are generally statements of policy.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Desired State Specification "}]}]},{"term":"Desired State Specification","link":"https://csrc.nist.gov/glossary/term/desired_state_specification","abbrSyn":[{"text":"Desired State","link":"https://csrc.nist.gov/glossary/term/desired_state"}],"definitions":[{"text":"See Desired State Specification.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Desired State "}]},{"text":"A defined value, list, or rule (specification) that a) states or b) allows the computation of the state that the organization desires in order to reduce information security risk. Desired state specifications are generally statements of policy.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Destination Address","link":"https://csrc.nist.gov/glossary/term/destination_address","abbrSyn":[{"text":"DA","link":"https://csrc.nist.gov/glossary/term/da"}],"definitions":null},{"term":"Destination Network Address Translation","link":"https://csrc.nist.gov/glossary/term/destination_network_address_translation","abbrSyn":[{"text":"DNAT","link":"https://csrc.nist.gov/glossary/term/dnat"}],"definitions":null},{"term":"Destination-based Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/destination_based_remotely_triggered_black_holing","abbrSyn":[{"text":"D/RTBH","link":"https://csrc.nist.gov/glossary/term/d_rtbh"}],"definitions":null},{"term":"destroy","link":"https://csrc.nist.gov/glossary/term/destroy","abbrSyn":[{"text":"zeroization","link":"https://csrc.nist.gov/glossary/term/zeroization"}],"definitions":[{"text":"An action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Destroy "}]},{"text":"A method of erasing electronically stored data, cryptographic keys, and credentials service providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under zeroization ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"In this Recommendation, to destroy is an action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Destroy "}]},{"text":"In this Recommendation, an action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered. Also known as zeroization in FIPS 140.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Destroy "}]},{"text":"A method of sanitization that renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Destroy "}]},{"text":"An action applied to a key or a piece of (secret) data. In this Recommendation, after a key or a piece of data is destroyed, no information about its value can be recovered.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Destroy "}]}]},{"term":"Destroyed state","link":"https://csrc.nist.gov/glossary/term/destroyed_state","definitions":[{"text":"A lifecycle state of a key whereby the key is no longer available and cannot be reconstructed.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A key state to which a key transitions when it is destroyed. Although the key no longer exists, its previous existence may be recorded (e.g., in metadata or audit logs).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"DET","link":"https://csrc.nist.gov/glossary/term/det","definitions":[{"text":"Detection Error Tradeoff (characteristic) – A plot of FRR vs. FAR, or FNMR vs. FMR, used to inform security-convenience tradeoffs in (biometric) authentication processes","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"detailed assessment","link":"https://csrc.nist.gov/glossary/term/detailed_assessment","definitions":[{"text":"An assessment that contains all the elements (critical and non-critical) for a given breadth.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Detect","link":"https://csrc.nist.gov/glossary/term/detect","abbrSyn":[{"text":"DE","link":"https://csrc.nist.gov/glossary/term/de"}],"definitions":null},{"term":"detect (CSF function)","link":"https://csrc.nist.gov/glossary/term/detect_csf","abbrSyn":[{"text":"DE","link":"https://csrc.nist.gov/glossary/term/de"}],"definitions":[{"text":"Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Detect (function) "}]}]},{"term":"Detect, Anomalies and Events","link":"https://csrc.nist.gov/glossary/term/detect_anomalies_and_events","abbrSyn":[{"text":"DE.AE","link":"https://csrc.nist.gov/glossary/term/de_ae"}],"definitions":null},{"term":"Deterministic Algorithm","link":"https://csrc.nist.gov/glossary/term/deterministic_algorithm","definitions":[{"text":"An algorithm that, given the same inputs, always produces the same outputs.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}],"seeAlso":[{"text":"Deterministic Random Bit Generator","link":"deterministic_random_bit_generator"},{"text":"Pseudorandom Number Generator"}]},{"term":"Deterministic Random Bit Generator","link":"https://csrc.nist.gov/glossary/term/deterministic_random_bit_generator","abbrSyn":[{"text":"Deterministic random bit generator (DRBG)"},{"text":"deterministic random number generator"},{"text":"DRBG","link":"https://csrc.nist.gov/glossary/term/drbg"},{"text":"Pseudorandom Number Generator"},{"text":"Pseudorandom number generator (PRNG)"},{"text":"Pseudo-random Number Generator (PRNG)"}],"definitions":[{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a randomness source. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator. Contrast with NRBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]},{"text":"See Deterministic random bit generator (DRBG).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Pseudorandom number generator (PRNG) "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Pseudorandom number generator (PRNG) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Pseudorandom number generator (PRNG) "}]},{"text":"See Deterministic Random Bit Generator.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Pseudorandom Number Generator "}]},{"text":"A random bit generator that includes a DRBG algorithm and (at least initially) has access to a source of randomness. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A cryptographic DRBG has the additional property that the output is unpredictable, given that the seed is not known. A DRBG is sometimes also called a Pseudo-random Number Generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Deterministic random bit generator (DRBG) "}]},{"text":"A random bit generator that includes a DRBG algorithm and (at least initially) has access to a source of randomness. The DRBG produces a sequence of bits from a secret initial value called a seed. A cryptographic DRBG has the additional property that the output is unpredictable given that the seed is not known. A DRBG is sometimes also called a pseudo-random number generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Deterministic random bit generator (DRBG) "}]},{"text":"An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the DRBG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic DRBG has the additional property that the output is unpredictable, given that the seed is not known. A DRBG is sometimes also called a Pseudo Random Number Generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Deterministic random bit generator (DRBG) "}]}],"seeAlso":[{"text":"Deterministic Algorithm","link":"deterministic_algorithm"},{"text":"NRBG","link":"nrbg"}]},{"term":"developer","link":"https://csrc.nist.gov/glossary/term/developer","abbrSyn":[{"text":"OLIR Developer","link":"https://csrc.nist.gov/glossary/term/olir_developer"}],"definitions":[{"text":"A general term that includes developers or manufacturers of systems, system components, or system services; systems integrators; suppliers; and product resellers. Development of systems, components, or services can occur internally within organizations or through external entities.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"A person, team, or organization that creates an OLIR and submits it to the National OLIR Program.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under OLIR Developer "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under OLIR Developer "}]},{"text":"A general term that includes: (i) developers or manufacturers of information systems, system components, or information system services; (ii) systems integrators; (iii) vendors; (iv) and product resellers. Development of systems, components, or services can occur internally within organizations (i.e., in-house development) or through external entities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Developer "}]},{"text":"The party that develops the entire entropy source or the noise source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Developer "}]},{"text":"A general term that includes developers or manufacturers of systems, system components, or system services; systems integrators; vendors; and product resellers. Development of systems, components, or services can occur internally within organizations or through external entities.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A general term that includes: (i) developers or manufacturers of information systems, system components, or information system services; (ii) systems integrators; (iii) vendors; and (iv) product resellers. Development of systems, components, or services can occur internally within organizations (i.e., in-house development) or through external entities.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Developer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Developer "}]},{"text":"A general term that includes developers or manufacturers of systems, system components, or system services; systems integrators; vendors; and product resellers. The development of systems, components, or services can occur internally within organizations or through external entities.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A person, team, or organization that creates an Informative Reference.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204","underTerm":" under Developer "}]},{"text":"See Informative Reference Developer.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under Developer "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under Developer "}]}]},{"term":"Developers Alliance for Standards Harmonization","link":"https://csrc.nist.gov/glossary/term/developers_alliance_for_standards_harmonization","abbrSyn":[{"text":"DASH7","link":"https://csrc.nist.gov/glossary/term/dash7"}],"definitions":null},{"term":"Developing the Curriculum","link":"https://csrc.nist.gov/glossary/term/developing_the_curriculum","abbrSyn":[{"text":"DACUM","link":"https://csrc.nist.gov/glossary/term/dacum"}],"definitions":null},{"term":"Development Kit","link":"https://csrc.nist.gov/glossary/term/development_kit","abbrSyn":[{"text":"Devkit","link":"https://csrc.nist.gov/glossary/term/devkit"}],"definitions":null},{"term":"Development Operations (DevOps)","link":"https://csrc.nist.gov/glossary/term/development_operations","abbrSyn":[{"text":"DevOps","link":"https://csrc.nist.gov/glossary/term/devops"}],"definitions":[{"text":"A set of practices for automating the processes between software development and information technology operations teams so that they can build, test, and release software faster and more reliably. The goal is to shorten the systems development life cycle and improve reliability while delivering features, fixes, and updates frequently in close alignment with business objectives.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Development, Security, and Operations","link":"https://csrc.nist.gov/glossary/term/development_security_and_operations","abbrSyn":[{"text":"DevSecOps","link":"https://csrc.nist.gov/glossary/term/devsecops"}],"definitions":null},{"term":"Device","link":"https://csrc.nist.gov/glossary/term/device","definitions":[{"text":"A combination of components that function together to serve a specific purpose.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"In automated assessment, a type of assessment object that is either an IP addressable (or equivalent) component of a network or a removable component that is of security significance.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Device Cybersecurity Capability","link":"https://csrc.nist.gov/glossary/term/device_cybersecurity_capability_core_baseline","definitions":[{"text":"A cybersecurity feature or function provided by an IoT device through its own technical means (i.e., device hardware and software).","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"}]},{"text":"Cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software).","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Device Cybersecurity Capability Core Baseline","link":"https://csrc.nist.gov/glossary/term/device_cybersecurity_capability","definitions":[{"text":"See core baseline.","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"},{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"device distribution profile","link":"https://csrc.nist.gov/glossary/term/device_distribution_profile","definitions":[{"text":"An approval-based access control list (ACL) for a specific product that 1) names the user devices in a specific KMI operating account (KOA) to which primary services nodes (PRSNs) distribute the product and 2) states conditions of distribution for each device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Device Identifier","link":"https://csrc.nist.gov/glossary/term/device_identifier","definitions":[{"text":"A context-unique value—a value unique within a specific context—that is associated with a device (for example, a string consisting of a network address).","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","refSources":[{"text":"NIST SP 800-56A Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-56Ar3","note":" - Derived"}]},{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","refSources":[{"text":"ETSI EN 303 645 v2.1.0","link":"https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf","note":" - Adapted"}]},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","refSources":[{"text":"NIST SP 800-56A Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-56Ar3","note":" - Adapted"}]}]}]},{"term":"Device Identifier Composition Engine","link":"https://csrc.nist.gov/glossary/term/device_identifier_composition_engine","abbrSyn":[{"text":"DICE","link":"https://csrc.nist.gov/glossary/term/dice"}],"definitions":null},{"term":"Device Identity","link":"https://csrc.nist.gov/glossary/term/device_identity","abbrSyn":[{"text":"DevID","link":"https://csrc.nist.gov/glossary/term/dev_id"}],"definitions":null},{"term":"device registration manager","link":"https://csrc.nist.gov/glossary/term/device_registration_manager","definitions":[{"text":"The management role that is responsible for performing activities related to registering users that are devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Device Role","link":"https://csrc.nist.gov/glossary/term/device_role","definitions":[{"text":"A device role is a group of devices with the same rules. For example, the list of white-listed software for a server is likely different from that for a workstation. This would cause servers and devices to have separate device roles.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Device-To-Device","link":"https://csrc.nist.gov/glossary/term/device_to_device","abbrSyn":[{"text":"D2D","link":"https://csrc.nist.gov/glossary/term/d2d"}],"definitions":null},{"term":"DevID","link":"https://csrc.nist.gov/glossary/term/dev_id","abbrSyn":[{"text":"Device Identity","link":"https://csrc.nist.gov/glossary/term/device_identity"}],"definitions":null},{"term":"Devkit","link":"https://csrc.nist.gov/glossary/term/devkit","abbrSyn":[{"text":"Development Kit","link":"https://csrc.nist.gov/glossary/term/development_kit"}],"definitions":null},{"term":"DevOps","link":"https://csrc.nist.gov/glossary/term/devops","abbrSyn":[{"text":"development and operations"},{"text":"Development and Operations"},{"text":"Development Operations"}],"definitions":null},{"term":"DevSecOps","link":"https://csrc.nist.gov/glossary/term/devsecops","abbrSyn":[{"text":"Development, Security, and Operations","link":"https://csrc.nist.gov/glossary/term/development_security_and_operations"}],"definitions":null},{"term":"DEX","link":"https://csrc.nist.gov/glossary/term/dex","abbrSyn":[{"text":"Decentralized Exchange","link":"https://csrc.nist.gov/glossary/term/decentralized_exchange"}],"definitions":null},{"term":"DFA","link":"https://csrc.nist.gov/glossary/term/dfa","abbrSyn":[{"text":"Differential Fault Attack","link":"https://csrc.nist.gov/glossary/term/differential_fault_attack"}],"definitions":null},{"term":"DFARS","link":"https://csrc.nist.gov/glossary/term/dfars","abbrSyn":[{"text":"Defense Federal Acquisition Regulations Supplement","link":"https://csrc.nist.gov/glossary/term/defense_federal_acquisition_regulations_supplement"}],"definitions":null},{"term":"DFW","link":"https://csrc.nist.gov/glossary/term/dfw","abbrSyn":[{"text":"Distributed Firewall","link":"https://csrc.nist.gov/glossary/term/distributed_firewall"}],"definitions":null},{"term":"DG","link":"https://csrc.nist.gov/glossary/term/dg","abbrSyn":[{"text":"Data Group","link":"https://csrc.nist.gov/glossary/term/data_group"}],"definitions":null},{"term":"DH","link":"https://csrc.nist.gov/glossary/term/dh","abbrSyn":[{"text":"Diffie Hellman (algorithm)","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_algorithm"},{"text":"Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/diffie_hellman"},{"text":"Diffie−Hellman algorithm"},{"text":"Diffie-Hellman key exchange","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_key_exchange"}],"definitions":[{"text":"A method used to securely exchange or establish secret keys across an insecure network. Ephemeral Diffie-Hellman is used to create temporary or single-use secret keys.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Diffie-Hellman "}]},{"text":"The (non-cofactor) FFC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]}]},{"term":"DHCP","link":"https://csrc.nist.gov/glossary/term/dhcp","abbrSyn":[{"text":"Dynamic Host Client Protocol","link":"https://csrc.nist.gov/glossary/term/dynamic_host_client_protocol"},{"text":"Dynamic Host Configuration Protocol","link":"https://csrc.nist.gov/glossary/term/dynamic_host_configuration_protocol"},{"text":"Dynamic Host Control Protocol","link":"https://csrc.nist.gov/glossary/term/dynamic_host_control_protocol"},{"text":"Dynamics Host Configuration Protocol","link":"https://csrc.nist.gov/glossary/term/dynamics_host_configuration_protocol"}],"definitions":null},{"term":"DHE","link":"https://csrc.nist.gov/glossary/term/dhe","abbrSyn":[{"text":"Ephemeral Diffie-Hellman key exchange","link":"https://csrc.nist.gov/glossary/term/ephemeral_diffie_hellman_key_exchange"}],"definitions":null},{"term":"DHHS","link":"https://csrc.nist.gov/glossary/term/dhhs","abbrSyn":[{"text":"Department of Health and Human Services","link":"https://csrc.nist.gov/glossary/term/department_of_health_and_human_services"}],"definitions":null},{"term":"DHK","link":"https://csrc.nist.gov/glossary/term/dhk","abbrSyn":[{"text":"Diversifier Hiding Key","link":"https://csrc.nist.gov/glossary/term/diversifier_hiding_key"}],"definitions":null},{"term":"DHkey","link":"https://csrc.nist.gov/glossary/term/dhkey","abbrSyn":[{"text":"Diffie-Hellman Key","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_key"}],"definitions":null},{"term":"DHS","link":"https://csrc.nist.gov/glossary/term/dhs","abbrSyn":[{"text":"Department of Homeland Security","link":"https://csrc.nist.gov/glossary/term/department_of_homeland_security"},{"text":"U.S. Department of Homeland Security"}],"definitions":null},{"term":"DI","link":"https://csrc.nist.gov/glossary/term/di","abbrSyn":[{"text":"data integrity","link":"https://csrc.nist.gov/glossary/term/data_integrity"},{"text":"Data Integrity"}],"definitions":[{"text":"The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under data integrity ","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under data integrity "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under data integrity "}]},{"text":"Assurance that the data are unchanged from creation to reception.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Data Integrity "}]},{"text":"The property that data has not been altered by an unauthorized entity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Data Integrity "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Data Integrity "}]},{"text":"The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Data Integrity ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"DIA","link":"https://csrc.nist.gov/glossary/term/dia","abbrSyn":[{"text":"Defense Intelligence Agency","link":"https://csrc.nist.gov/glossary/term/defense_intelligence_agency"}],"definitions":null},{"term":"Diabetes Technology Social","link":"https://csrc.nist.gov/glossary/term/diabetes_technology_social","abbrSyn":[{"text":"DTS","link":"https://csrc.nist.gov/glossary/term/dts"}],"definitions":null},{"term":"DIACAP","link":"https://csrc.nist.gov/glossary/term/diacap","note":"(C.F.D.)","abbrSyn":[{"text":"DoD Information Assurance Certification and Accreditation Process","link":"https://csrc.nist.gov/glossary/term/dod_information_assurance_certification_and_accreditation_process"}],"definitions":null},{"term":"Diagnostics","link":"https://csrc.nist.gov/glossary/term/diagnostics","definitions":[{"text":"Information concerning known failure modes and their characteristics. Such information can be used in troubleshooting and failure analysis to help pinpoint the cause of a failure and help define suitable corrective measures.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"DIB","link":"https://csrc.nist.gov/glossary/term/dib","abbrSyn":[{"text":"Defense Industrial Base","link":"https://csrc.nist.gov/glossary/term/defense_industrial_base"}],"definitions":null},{"term":"DIB CS","link":"https://csrc.nist.gov/glossary/term/dib_cs","abbrSyn":[{"text":"Defense Industrial Base Cybersecurity Sharing","link":"https://csrc.nist.gov/glossary/term/defense_industrial_base_cybersecurity_sharing"}],"definitions":null},{"term":"DICE","link":"https://csrc.nist.gov/glossary/term/dice","abbrSyn":[{"text":"Device Identifier Composition Engine","link":"https://csrc.nist.gov/glossary/term/device_identifier_composition_engine"}],"definitions":null},{"term":"DICOM","link":"https://csrc.nist.gov/glossary/term/dicom","abbrSyn":[{"text":"Digital Imaging and Communications in Medicine","link":"https://csrc.nist.gov/glossary/term/digital_imaging_and_communications_in_medicine"}],"definitions":null},{"term":"Dictionary Contributor","link":"https://csrc.nist.gov/glossary/term/dictionary_contributor","definitions":[{"text":"An organization or person that submits new identifier CPE names to a dictionary for inclusion.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Dictionary Creator","link":"https://csrc.nist.gov/glossary/term/dictionary_creator","definitions":[{"text":"An organization that instantiates a CPE dictionary that conforms to the guidance within this specification. A dictionary creator is the organization that is ultimately responsible for the dictionary.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Dictionary Maintainer","link":"https://csrc.nist.gov/glossary/term/dictionary_maintainer","definitions":[{"text":"An organization that manages a CPE dictionary and all processes relating to that CPE dictionary. In the majority of cases, the organization that serves as the dictionary creator for a specific CPE dictionary will also serve as the dictionary maintainer. Otherwise, generally the dictionary maintainer is supporting the dictionary on behalf of the dictionary creator.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Dictionary Management Documents","link":"https://csrc.nist.gov/glossary/term/dictionary_management_documents","definitions":[{"text":"A set of documentation that captures the rules and processes specific to a CPE dictionary.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Dictionary Search","link":"https://csrc.nist.gov/glossary/term/dictionary_search","definitions":[{"text":"The process of determining which identifier names within a CPE dictionary are members of a source name that represents a set of products.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Dictionary User","link":"https://csrc.nist.gov/glossary/term/dictionary_user","definitions":[{"text":"An organization, individual, product, or service that consumes a CPE dictionary for any purpose.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"DICWG","link":"https://csrc.nist.gov/glossary/term/dicwg","abbrSyn":[{"text":"Digital Instrumentation and Control Working Group","link":"https://csrc.nist.gov/glossary/term/digital_instrumentation_and_control_working_group"}],"definitions":null},{"term":"DID","link":"https://csrc.nist.gov/glossary/term/did","abbrSyn":[{"text":"Decentralized Identifier","link":"https://csrc.nist.gov/glossary/term/decentralized_identifier"}],"definitions":null},{"term":"Differential Analysis aided Power Attack","link":"https://csrc.nist.gov/glossary/term/differential_analysis_aided_power_attack","abbrSyn":[{"text":"DAPA","link":"https://csrc.nist.gov/glossary/term/dapa"}],"definitions":null},{"term":"Differential Fault Attack","link":"https://csrc.nist.gov/glossary/term/differential_fault_attack","abbrSyn":[{"text":"DFA","link":"https://csrc.nist.gov/glossary/term/dfa"}],"definitions":null},{"term":"Differential Power Analysis","link":"https://csrc.nist.gov/glossary/term/differential_power_analysis","abbrSyn":[{"text":"DPA","link":"https://csrc.nist.gov/glossary/term/dpa"}],"definitions":null},{"term":"differential privacy","link":"https://csrc.nist.gov/glossary/term/differential_privacy","definitions":[{"text":"A rigorous mathematical definition of disclosure that considers the risk that an individual's confidential data may be learned as a result of a mathematical analysis based on that data being made publicly available.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Differential Quaternary Phase Shift Keying","link":"https://csrc.nist.gov/glossary/term/differential_quaternary_phase_shift_keying","abbrSyn":[{"text":"DQPSK","link":"https://csrc.nist.gov/glossary/term/dqpsk"}],"definitions":null},{"term":"Differentiated Services Code Point","link":"https://csrc.nist.gov/glossary/term/differentiated_services_code_point","abbrSyn":[{"text":"DSCP","link":"https://csrc.nist.gov/glossary/term/dscp"}],"definitions":null},{"term":"Diffie Hellman (algorithm)","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_algorithm","abbrSyn":[{"text":"DH","link":"https://csrc.nist.gov/glossary/term/dh"}],"definitions":[{"text":"The (non-cofactor) FFC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under DH "}]}]},{"term":"Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/diffie_hellman","abbrSyn":[{"text":"DH","link":"https://csrc.nist.gov/glossary/term/dh"}],"definitions":[{"text":"A method used to securely exchange or establish secret keys across an insecure network. Ephemeral Diffie-Hellman is used to create temporary or single-use secret keys.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]},{"text":"The (non-cofactor) FFC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under DH "}]}]},{"term":"Diffie-Hellman Key","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_key","abbrSyn":[{"text":"DHkey","link":"https://csrc.nist.gov/glossary/term/dhkey"}],"definitions":null},{"term":"Diffie-Hellman key exchange","link":"https://csrc.nist.gov/glossary/term/diffie_hellman_key_exchange","abbrSyn":[{"text":"DH","link":"https://csrc.nist.gov/glossary/term/dh"}],"definitions":[{"text":"The (non-cofactor) FFC Diffie-Hellman key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under DH "}]}]},{"term":"Digest","link":"https://csrc.nist.gov/glossary/term/digest","abbrSyn":[{"text":"hash digest","link":"https://csrc.nist.gov/glossary/term/hash_digest"}],"definitions":[{"text":"See hash digest","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Digital","link":"https://csrc.nist.gov/glossary/term/digital","definitions":[{"text":"The coding scheme generally used in computer technology to represent data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Digital asset","link":"https://csrc.nist.gov/glossary/term/digital_asset","definitions":[{"text":"Any asset that is purely digital, or is a digital representation of a physical asset.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Digital Authentication","link":"https://csrc.nist.gov/glossary/term/digital_authentication","abbrSyn":[{"text":"Electronic Authentication (E-Authentication)","link":"https://csrc.nist.gov/glossary/term/electronic_authentication"}],"definitions":[{"text":"The process of establishing confidence in user identities presented digitally to a system. In previous editions of SP 800-63, this was referred to asElectronic Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"See Digital Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Electronic Authentication (E-Authentication) "}]},{"text":"The process of establishing confidence in user identities presented digitally to a system. In previous editions of SP 800-63, this was referred to as Electronic Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The process of establishing confidence in user identities electronically presented to an information system.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Electronic Authentication (E-Authentication) "}]}]},{"term":"Digital Certificate","link":"https://csrc.nist.gov/glossary/term/digital_certificate","definitions":[{"text":"Certificate (as defined above).","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Digital Evidence","link":"https://csrc.nist.gov/glossary/term/digital_evidence","definitions":[{"text":"Electronic information stored or transmitted in binary form.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Digital Fingerprint","link":"https://csrc.nist.gov/glossary/term/digital_fingerprint","abbrSyn":[{"text":"Message Digest"}],"definitions":[{"text":"A hash that uniquely identifies data. Changing a single bit in the data stream used to generate the message digest will yield a completely different message digest.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Message Digest "}]},{"text":"A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Message Digest "}]},{"text":"A crytpographic checksum, typically generated for a file that can be used to detect changes to the file.. Synonyous with hash value/result.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"CNSSI 4009"}]}]},{"text":"A digital signature that uniquely identifes data and has the property that changing a single bit in the data will cause a completely different message diges to be generated.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"text":"See Digital Fingerprint","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"text":"The result of applying a hash function to a message.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest "}]},{"text":"See message digest.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"term":"digital forensics","link":"https://csrc.nist.gov/glossary/term/digital_forensics","abbrSyn":[{"text":"computer forensics","link":"https://csrc.nist.gov/glossary/term/computer_forensics"}],"definitions":[{"text":"In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence - following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDD 5505.13E","link":"https://www.esd.whs.mil/Directives/issuances/dodd/"}]}]},{"text":"See digital forensics.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under computer forensics "}]},{"text":"The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Digital Forensics "}]},{"text":"The process used to acquire, preserve, analyze, and report on evidence using scientific methods that are demonstrably reliable, accurate, and repeatable such that it may be used in judicial proceedings","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","underTerm":" under Digital forensics ","refSources":[{"text":"SWDGE v2.0","link":"https://drive.google.com/file/d/1OBux0n7VZQe7HSgObwAtmhz5LgwvX0oY/view"}]}]}]},{"term":"digital identity","link":"https://csrc.nist.gov/glossary/term/digital_identity","definitions":[{"text":"The unique representation of a subject engaged in an online transaction. A digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject in all contexts. In other words, accessing a digital service may not mean that the subject’s real-life identity is known.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Digital Imaging and Communications in Medicine","link":"https://csrc.nist.gov/glossary/term/digital_imaging_and_communications_in_medicine","abbrSyn":[{"text":"DICOM","link":"https://csrc.nist.gov/glossary/term/dicom"}],"definitions":null},{"term":"digital infrastructure","link":"https://csrc.nist.gov/glossary/term/digital_infrastructure","definitions":[{"text":"The ability to store and exchange data through a centralized communication system. Data communication and exchange are all simplified with the right software and hardware equipment.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]}]},{"term":"Digital Instrumentation and Control Working Group","link":"https://csrc.nist.gov/glossary/term/digital_instrumentation_and_control_working_group","abbrSyn":[{"text":"DICWG","link":"https://csrc.nist.gov/glossary/term/dicwg"}],"definitions":null},{"term":"digital media","link":"https://csrc.nist.gov/glossary/term/digital_media","definitions":[{"text":"A form of electronic media where data are stored in digital (as opposed to analog) form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Digital Media "}]},{"text":"A form of electronic media where data is stored in digital (as opposed to analog) form.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Digital Policy","link":"https://csrc.nist.gov/glossary/term/digital_policy","abbrSyn":[{"text":"DP","link":"https://csrc.nist.gov/glossary/term/dp_acronym"}],"definitions":null},{"term":"Digital Policy Management","link":"https://csrc.nist.gov/glossary/term/digital_policy_management","abbrSyn":[{"text":"DPM","link":"https://csrc.nist.gov/glossary/term/dpm"}],"definitions":null},{"term":"Digital Rights Management","link":"https://csrc.nist.gov/glossary/term/digital_rights_management","abbrSyn":[{"text":"DRM","link":"https://csrc.nist.gov/glossary/term/drm"}],"definitions":null},{"term":"Digital Security by Design","link":"https://csrc.nist.gov/glossary/term/digital_security_by_design","abbrSyn":[{"text":"DSbD","link":"https://csrc.nist.gov/glossary/term/dsbd"}],"definitions":null},{"term":"Digital Signal Processor","link":"https://csrc.nist.gov/glossary/term/digital_signal_processor","abbrSyn":[{"text":"DSP","link":"https://csrc.nist.gov/glossary/term/dsp"}],"definitions":null},{"term":"digital signature","link":"https://csrc.nist.gov/glossary/term/digital_signature","abbrSyn":[{"text":"DSIG","link":"https://csrc.nist.gov/glossary/term/dsig"}],"definitions":[{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Digital Signature ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation, but not confidentiality protection.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Digital Signature "},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, assurance of data integrity and signatory non-repudiation.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Digital signature "},{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Digital signature "}]},{"text":"The output that results from the successful completion of a digital signature algorithm operating on data (e.g., a message) that is to be signed. When used appropriately, a digital signature can provide assurance of data integrity, origin authentication, and signatory non-repudiation. See [FIPS 186-3] for details.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Digital signature "}]},{"text":"The result of applying two cryptographic functions (a hash function, followed by a digital signature function; see FIPS 186-3 for details). When the functions are properly implemented, the digital signature provides origin authentication, data integrity protection and signatory non-repudiation.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Digital signature "}]},{"text":"a data unit that allows a recipient of a message to verify the identity of the signatory and integrity of the message.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented with a supporting infrastructure and policy, provides the services of: \n1. Origin authentication, \n2. Data integrity, and \n3. Signer non-repudiation.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Digital signature "}]},{"text":"The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine: (1) whether the transformation was created using the private key that corresponds to the public key in the signer’s digital certificate; and (2) whether the message has been altered since the transformation was made.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Digital Signature "}]},{"text":"The result of a cryptographic transformation of data that, when\nproperly implemented, provides the services of:\n1. origin authentication\n2. data integrity, and\n3. signer non-repudiation.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity and signatory non-repudiation.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides the services of: 1. Source/entity authentication, 2. Data integrity authentication, and/or 3. Support for signer non-redudiation.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, assurance of data integrity and supports signatory nonrepudiation.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented with a supporting infrastructure and policy, provides the services of: \n1. Origin (i.e., source) authentication, \n2. Data integrity authentication, and \n3. Support for signer non-repudiation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides the services of 1. Source authentication, 2. Data integrity, and 3. Support for signer non-repudiation.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented with a supporting infrastructure and policy, provides the services of: 1. Source/identity authentication, 2. Data integrity authentication, and/or 3. Support for signer non-repudiation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides source authentication, assurance of data integrity, and supports signatory non-repudiation.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, assurance of data integrity, and signatory non-repudiation.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer nonrepudiation.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Digital Signature "}]},{"text":"A cryptographic technique that utilizes asymmetric-keys to determine authenticity (i.e., users can verify that the message was signed with a private key corresponding to the specified public key), non-repudiation (a user cannot deny having sent a message) and integrity (that the message was not altered during transmission).","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Digital signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented with a supporting infrastructure and policy, provides the services of: 1. Origin authentication, 2. Data integrity, and 3. Signer non-repudiation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Digital signature "}]},{"text":"An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Digital Signature "}]}],"seeAlso":[{"text":"electronic signature","link":"electronic_signature"},{"text":"signature","link":"signature"}]},{"term":"Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/digital_signature_algorithm","abbrSyn":[{"text":"DSA","link":"https://csrc.nist.gov/glossary/term/dsa"}],"definitions":[{"text":"the digital signature algorithm specified in FIPS PUB 186.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"A public-key algorithm that is used for the generation and verification of digital signatures.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"Digital Signature Algorithm specified in [FIPS 186].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under DSA "}]},{"text":"A Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]}]}]},{"term":"Digital Signature Standard","link":"https://csrc.nist.gov/glossary/term/digital_signature_standard","abbrSyn":[{"text":"DSS","link":"https://csrc.nist.gov/glossary/term/dss"}],"definitions":null},{"term":"Digital Subscriber Line","link":"https://csrc.nist.gov/glossary/term/digital_subscriber_line","abbrSyn":[{"text":"DSL","link":"https://csrc.nist.gov/glossary/term/dsl"}],"definitions":null},{"term":"Digital Versatile Disc-Recordable","link":"https://csrc.nist.gov/glossary/term/digital_versatile_disc_recordable","abbrSyn":[{"text":"DVD-R","link":"https://csrc.nist.gov/glossary/term/dvd_r"}],"definitions":[{"text":"A write-once (read only) DVD for both movies and data endorsed by the DVD Forum.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under DVD-R "}]}]},{"term":"Digital Video Disc","link":"https://csrc.nist.gov/glossary/term/digital_video_disc","abbrSyn":[{"text":"DVD","link":"https://csrc.nist.gov/glossary/term/dvd"}],"definitions":[{"text":"A Digital Video Disc (DVD) has the same shape and size as a CD, but with a higher density that gives the option for data to be double-sided and/or double-layered.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under DVD "}]},{"text":"Has the same shape and size as a CD, but with a higher density that gives the option for data to be double-sided and/or double-layered.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]}]},{"term":"Digital Video Recorder","link":"https://csrc.nist.gov/glossary/term/digital_video_recorder","abbrSyn":[{"text":"DVR","link":"https://csrc.nist.gov/glossary/term/dvr"}],"definitions":null},{"term":"DIMA","link":"https://csrc.nist.gov/glossary/term/dima","abbrSyn":[{"text":"DoD portion of the Intelligence Mission Area","link":"https://csrc.nist.gov/glossary/term/dod_portion_of_the_intelligence_mission_area"}],"definitions":null},{"term":"DIMM","link":"https://csrc.nist.gov/glossary/term/dimm","abbrSyn":[{"text":"Dual In-Line Memory Module","link":"https://csrc.nist.gov/glossary/term/dual_in_line_memory_module"}],"definitions":null},{"term":"direct BLACK wireline","link":"https://csrc.nist.gov/glossary/term/direct_black_wireline","definitions":[{"text":"A BLACK metallic wireline that directly leaves the inspectable space in a continuous electrical path with no signal interruption or isolation. Continuous wirelines may be patched or spliced. Examples of wirelines that directly leave the inspectable space are analog telephone lines, commercial television cables, and alarm lines. Wirelines that do not leave the inspectable space are wirelines that pass through a digital switch or converter that reestablishes the signal level or reformats the signaling. Examples of BLACK wirelines that do not directly leave the inspectable space are telephone lines that connect to digital telephone switches, Ethernet lines that connect to digital network routers and alarm lines that connect to an alarm panel.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"Direct Current","link":"https://csrc.nist.gov/glossary/term/direct_current","abbrSyn":[{"text":"DC","link":"https://csrc.nist.gov/glossary/term/dc"}],"definitions":null},{"term":"Direct Digital Manufacturing","link":"https://csrc.nist.gov/glossary/term/direct_digital_manufacturing","definitions":[{"text":"fabricating physical objects from a data file using computer-controlled processes with little to no human intervention. It includes Additive Manufacturing (AM), 3D printing, and rapid prototyping.","sources":[{"text":"NISTIR 8041","link":"https://doi.org/10.6028/NIST.IR.8041"}]}]},{"term":"Direct Memory Access","link":"https://csrc.nist.gov/glossary/term/direct_memory_access","abbrSyn":[{"text":"DMA","link":"https://csrc.nist.gov/glossary/term/dma"}],"definitions":null},{"term":"Direct Platform Data","link":"https://csrc.nist.gov/glossary/term/direct_platform_data","abbrSyn":[{"text":"DPD","link":"https://csrc.nist.gov/glossary/term/dpd"}],"definitions":null},{"term":"Direct Random String","link":"https://csrc.nist.gov/glossary/term/direct_random_string","definitions":[{"text":"In the RBG-based construction of IVs, an output string of an RBG that is used as the random field for an IV.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Directed Acyclic Graph","link":"https://csrc.nist.gov/glossary/term/directed_acyclic_graph","abbrSyn":[{"text":"DAG","link":"https://csrc.nist.gov/glossary/term/dag"}],"definitions":null},{"term":"Directly Attached Storage","link":"https://csrc.nist.gov/glossary/term/directly_attached_storage","abbrSyn":[{"text":"DAS","link":"https://csrc.nist.gov/glossary/term/das"}],"definitions":null},{"term":"directly identifying variables","link":"https://csrc.nist.gov/glossary/term/directly_identifying_variables","definitions":[{"text":"a category of data that contains direct identifiers","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Director Central Intelligence Directive","link":"https://csrc.nist.gov/glossary/term/director_central_intelligence_directive","abbrSyn":[{"text":"DCID","link":"https://csrc.nist.gov/glossary/term/dcid"}],"definitions":null},{"term":"Director of National Intelligence","link":"https://csrc.nist.gov/glossary/term/director_of_national_intelligence","abbrSyn":[{"text":"DNI","link":"https://csrc.nist.gov/glossary/term/dni"}],"definitions":null},{"term":"Directory","link":"https://csrc.nist.gov/glossary/term/directory","definitions":[{"text":"Organizational structures that are used to group files together.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Directory Services Protector","link":"https://csrc.nist.gov/glossary/term/directory_services_protector","abbrSyn":[{"text":"DSP","link":"https://csrc.nist.gov/glossary/term/dsp"}],"definitions":null},{"term":"Directory Services Restore Mode","link":"https://csrc.nist.gov/glossary/term/directory_services_restore_mode","abbrSyn":[{"text":"DSRM","link":"https://csrc.nist.gov/glossary/term/dsrm"}],"definitions":null},{"term":"Direct-Sequence Spread Spectrum","link":"https://csrc.nist.gov/glossary/term/direct_sequence_spread_spectrum","abbrSyn":[{"text":"DSS","link":"https://csrc.nist.gov/glossary/term/dss"}],"definitions":null},{"term":"Direct-To-Consumer","link":"https://csrc.nist.gov/glossary/term/direct_to_consumer","abbrSyn":[{"text":"DTC","link":"https://csrc.nist.gov/glossary/term/dtc"}],"definitions":null},{"term":"dirty word list","link":"https://csrc.nist.gov/glossary/term/dirty_word_list","abbrSyn":[{"text":"blacklist","link":"https://csrc.nist.gov/glossary/term/blacklist"}],"definitions":[{"text":"A list of discrete entities that have been previously determined to be associated with malicious activity.","sources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167","underTerm":" under blacklist "}]},{"text":"A list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications, that have been previously determined to be associated with malicious activity. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under blacklist ","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]},{"text":"List of words that have been pre-defined as being unacceptable for transmission and may be used in conjunction with a clean word list to avoid false negatives (e.g., secret within secretary).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"clean word list","link":"clean_word_list"}]},{"term":"DIS","link":"https://csrc.nist.gov/glossary/term/dis","abbrSyn":[{"text":"Draft International Standard","link":"https://csrc.nist.gov/glossary/term/draft_international_standard"}],"definitions":null},{"term":"DISA","link":"https://csrc.nist.gov/glossary/term/disa","abbrSyn":[{"text":"Defense Information Systems Agency","link":"https://csrc.nist.gov/glossary/term/defense_information_systems_agency"},{"text":"Dial In System Access","link":"https://csrc.nist.gov/glossary/term/dial_in_system_access"}],"definitions":null},{"term":"disallowed","link":"https://csrc.nist.gov/glossary/term/disallowed","definitions":[{"text":"The algorithm or key length is no longer allowed for applying cryptographic protection.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Disaster Recovery","link":"https://csrc.nist.gov/glossary/term/disaster_recovery","abbrSyn":[{"text":"DR","link":"https://csrc.nist.gov/glossary/term/dr"}],"definitions":null},{"term":"disciplined oscillator","link":"https://csrc.nist.gov/glossary/term/disciplined_oscillator_do","definitions":[{"text":"An oscillator whose output frequency is continuously adjusted (often through the use of a phase locked loop) to agree with an external reference. For example, a GPS disciplined oscillator (GPSDO) usually consists of a quartz or rubidium oscillator whose output frequency is continuously adjusted to agree with signals broadcast by the GPS satellites.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]}]},{"term":"Disclosure Review Board","link":"https://csrc.nist.gov/glossary/term/disclosure_review_board","abbrSyn":[{"text":"DRB","link":"https://csrc.nist.gov/glossary/term/drb"}],"definitions":null},{"term":"Discovery","link":"https://csrc.nist.gov/glossary/term/discovery","definitions":[{"text":"The act of locating a machine-processable description of a Web service-related resource that may have been previously unknown and that meets certain functional criteria. It involves matching a set of functional and other criteria with a set of resource descriptions. The goal is to find an appropriate Web service-related resource.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"Discovery Service","link":"https://csrc.nist.gov/glossary/term/discovery_service","definitions":[{"text":"A service that enables agents to retrieve Web services-related resource description.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"Discrete Fourier Transform Test","link":"https://csrc.nist.gov/glossary/term/discrete_fourier_transform_test","definitions":[{"text":"The purpose of this test is to detect periodic features (i.e., repetitive patterns that are near each other) in the tested sequence that would indicate a deviation from the assumption of randomness.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Discrete Logarithm Cryptography","link":"https://csrc.nist.gov/glossary/term/discrete_logarithm_cryptography","abbrSyn":[{"text":"DLC","link":"https://csrc.nist.gov/glossary/term/dlc"}],"definitions":[{"text":"Discrete Logarithm Cryptography, which is comprised of both Finite Field Cryptography (FFC) and Elliptic Curve Cryptography (ECC).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under DLC "}]}]},{"term":"Discrete Process","link":"https://csrc.nist.gov/glossary/term/discrete_process","definitions":[{"text":"A type of process where a specified quantity of material moves as a unit (part or group of parts) between work stations and each unit maintains its unique identity.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"discretionary access control (DAC)","link":"https://csrc.nist.gov/glossary/term/discretionary_access_control","abbrSyn":[{"text":"DAC","link":"https://csrc.nist.gov/glossary/term/dac"}],"definitions":[{"text":"An access control policy that is enforced over all subjects and objects in an information system where the policy specifies that a subject that has been granted access to information can do one or more of the following: (i) pass the information to other subjects or objects; (ii) grant its privileges to other subjects; (iii) change security attributes on subjects, objects, information systems, or system components; (iv) choose the security attributes to be associated with newly-created or revised objects; or (v) change the rules governing access control. Mandatory access controls restrict this capability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Discretionary Access Control "}]},{"text":"leaves a certain amount of access control to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Discretionary access control (DAC) "}]},{"text":"A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Discretionary Access Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An access control policy that is enforced over all subjects and objects in a system where the policy specifies that a subject that has been granted access to information can do one or more of the following: pass the information to other subjects or objects; grant its privileges to other subjects; change the security attributes of subjects, objects, systems, or system components; choose the security attributes to be associated with newly-created or revised objects; or change the rules governing access control. Mandatory access controls restrict this capability.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under discretionary access control "}]}]},{"term":"Discretionary Access Control List","link":"https://csrc.nist.gov/glossary/term/discretionary_access_control_list","abbrSyn":[{"text":"DACL","link":"https://csrc.nist.gov/glossary/term/dacl"}],"definitions":null},{"term":"discussion","link":"https://csrc.nist.gov/glossary/term/discussion","definitions":[{"text":"Statements used to provide additional explanatory information for security controls or security control enhancements.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Disinfecting","link":"https://csrc.nist.gov/glossary/term/disinfecting","definitions":[{"text":"Removing malware from within a file.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]}]},{"term":"disinformation","link":"https://csrc.nist.gov/glossary/term/disinformation","definitions":[{"text":"The process of providing deliberately deceptive information to adversaries to mislead or confuse them regarding the security posture of the system or organization or the state of cyber preparedness.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Disintegration","link":"https://csrc.nist.gov/glossary/term/disintegration","definitions":[{"text":"A physically Destructive method of sanitizing media; the act of separating into component parts.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Disk image","link":"https://csrc.nist.gov/glossary/term/disk_image","definitions":[{"text":"A virtual representation of a real disk drive.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"Disk Imaging","link":"https://csrc.nist.gov/glossary/term/disk_imaging","definitions":[{"text":"Generating a bit-for-bit copy of the original media, including free space and slack space.\nAlso known as a bit stream image.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Disk-to-Disk Copy","link":"https://csrc.nist.gov/glossary/term/disk_to_disk_copy","definitions":[{"text":"Copying the contents of media directly to another media.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Disk-to-File Copy","link":"https://csrc.nist.gov/glossary/term/disk_to_file_copy","definitions":[{"text":"Copying the contents of media to a single logical data file.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"DISN","link":"https://csrc.nist.gov/glossary/term/disn","abbrSyn":[{"text":"Defense Information System Network","link":"https://csrc.nist.gov/glossary/term/defense_information_system_network"}],"definitions":null},{"term":"Disposal","link":"https://csrc.nist.gov/glossary/term/disposal","definitions":[{"text":"Disposal is a release outcome following the decision that media does not contain sensitive data. This occurs either because the media never contained sensitive data or because Sanitization techniques were applied and the media no longer contains sensitive data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"disruption","link":"https://csrc.nist.gov/glossary/term/disruption","definitions":[{"text":"An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","note":" - Adapted"}]}]},{"text":"An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Disruption "}]}]},{"term":"distinguishable information","link":"https://csrc.nist.gov/glossary/term/distinguishable_information","definitions":[{"text":"Information that can be used to identify an individual.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Distinguishable Information "}]},{"text":"information that can be used to identify an individual","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"distinguished name (DN)","link":"https://csrc.nist.gov/glossary/term/distinguished_name","abbrSyn":[{"text":"DN","link":"https://csrc.nist.gov/glossary/term/dn"}],"definitions":[{"text":"An identifier that uniquely represents an object in the X.500 directory information tree.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]}]},{"term":"distinguishing identifier","link":"https://csrc.nist.gov/glossary/term/distinguishing_identifier","definitions":[{"text":"Information which unambiguously distinguishes an entity in the authentication process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 196","link":"https://doi.org/10.6028/NIST.FIPS.196"}]}]}]},{"term":"Distributed Computing Environment","link":"https://csrc.nist.gov/glossary/term/distributed_computing_environment","abbrSyn":[{"text":"DCE","link":"https://csrc.nist.gov/glossary/term/dce"}],"definitions":null},{"term":"distributed denial of service (DDoS)","link":"https://csrc.nist.gov/glossary/term/distributed_denial_of_service","abbrSyn":[{"text":"DDoS","link":"https://csrc.nist.gov/glossary/term/ddos"}],"definitions":[{"text":"A denial of service technique that uses numerous hosts to perform the attack.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Distributed Denial of Service (DDoS) ","refSources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Distributed Denial of Service (DDoS) ","refSources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711"}]},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Distributed Denial of Service "}]}]},{"term":"distributed energy resource","link":"https://csrc.nist.gov/glossary/term/distributed_energy_resource","abbrSyn":[{"text":"DER","link":"https://csrc.nist.gov/glossary/term/der"}],"definitions":null},{"term":"Distributed Firewall","link":"https://csrc.nist.gov/glossary/term/distributed_firewall","abbrSyn":[{"text":"DFW","link":"https://csrc.nist.gov/glossary/term/dfw"}],"definitions":null},{"term":"Distributed Ledger Technology","link":"https://csrc.nist.gov/glossary/term/distributed_ledger_technology","abbrSyn":[{"text":"DLT","link":"https://csrc.nist.gov/glossary/term/dlt"}],"definitions":null},{"term":"Distributed Logical Router","link":"https://csrc.nist.gov/glossary/term/distributed_logical_router","abbrSyn":[{"text":"DLR","link":"https://csrc.nist.gov/glossary/term/dlr"}],"definitions":null},{"term":"Distributed network","link":"https://csrc.nist.gov/glossary/term/distributed_network","definitions":[{"text":"A network configuration where every participant can communicate with one another without going through a centralized point. Since there are multiple pathways for communication, the loss of any participant will not prevent communication. This is also known as peer-to-peer network.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Distributed Network Protocol","link":"https://csrc.nist.gov/glossary/term/distributed_network_protocol","abbrSyn":[{"text":"DNP3","link":"https://csrc.nist.gov/glossary/term/dnp3"}],"definitions":[{"text":"DNP3 Distributed Network Protocol (published as IEEE 1815)","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under DNP3 "}]}]},{"term":"distributed self-assessment","link":"https://csrc.nist.gov/glossary/term/distributed_self_assessment","definitions":[{"text":"The least formal type of assessment; the element judgments are based on the evaluations by small groups that work in parallel.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"The least formal type of assessment, the element judgments are based on the evaluations by small groups that work in parallel.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Distribution","link":"https://csrc.nist.gov/glossary/term/distribution","abbrSyn":[{"text":"key distribution","link":"https://csrc.nist.gov/glossary/term/key_distribution"},{"text":"Key distribution"}],"definitions":[{"text":"The transport of a key and other keying material from an entity that either owns or generates the key to another entity that is intended to use the key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under key distribution ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key distribution "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"See Key transport.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key distribution "}]},{"text":"The transport of a key and other keying material from an entity that either owns the key or generates the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"See Key distribution.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The transport of key information from one entity (the sender) to one or more other entities (the receivers). The sender may have generated the key information or acquired it from another source as part of a separate process. The key information may be distributed manually or using automated key transport mechanisms.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key distribution "}]},{"text":"The transport of a key and other keying material from an entity that either owns, generates or otherwise acquires the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key distribution "}]}]},{"term":"Distribution System","link":"https://csrc.nist.gov/glossary/term/distribution_system","abbrSyn":[{"text":"DS","link":"https://csrc.nist.gov/glossary/term/ds"}],"definitions":null},{"term":"District of Columbia","link":"https://csrc.nist.gov/glossary/term/district_of_columbia","abbrSyn":[{"text":"DC","link":"https://csrc.nist.gov/glossary/term/dc"}],"definitions":null},{"term":"Disturbance","link":"https://csrc.nist.gov/glossary/term/disturbance","definitions":[{"text":"An undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"ANSI/ISA-51.1-1979","link":"https://www.isa.org/store/isa-511-1979-r1993-process-instrumentation-terminology/116810"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","refSources":[{"text":"ANSI/ISA-51.1-1979","link":"https://www.isa.org/store/isa-511-1979-r1993-process-instrumentation-terminology/116810"}]}]}]},{"term":"DIT","link":"https://csrc.nist.gov/glossary/term/dit","abbrSyn":[{"text":"Data in Transit","link":"https://csrc.nist.gov/glossary/term/data_in_transit"}],"definitions":null},{"term":"DITSCAP","link":"https://csrc.nist.gov/glossary/term/ditscap","abbrSyn":[{"text":"DoD Information Technology Security Certification and Accreditation Process","link":"https://csrc.nist.gov/glossary/term/dod_information_technology_security_certification_and_accreditation_process"}],"definitions":null},{"term":"DIV","link":"https://csrc.nist.gov/glossary/term/div","abbrSyn":[{"text":"Diversifier","link":"https://csrc.nist.gov/glossary/term/diversifier"}],"definitions":null},{"term":"Diversifier","link":"https://csrc.nist.gov/glossary/term/diversifier","abbrSyn":[{"text":"DIV","link":"https://csrc.nist.gov/glossary/term/div"}],"definitions":null},{"term":"Diversifier Hiding Key","link":"https://csrc.nist.gov/glossary/term/diversifier_hiding_key","abbrSyn":[{"text":"DHK","link":"https://csrc.nist.gov/glossary/term/dhk"}],"definitions":null},{"term":"Diversionary","link":"https://csrc.nist.gov/glossary/term/diversionary","definitions":[{"text":"In regards to KBV, a multiple-choice question for which all answers provided are incorrect, requiring the applicant to select an option similar to “none of the above.”","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"DKEYx(Y)","link":"https://csrc.nist.gov/glossary/term/dkeyy","definitions":[{"text":"Decrypt Y with the key KEYx","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"DKIM","link":"https://csrc.nist.gov/glossary/term/dkim","abbrSyn":[{"text":"Domain Keys Identified Mail","link":"https://csrc.nist.gov/glossary/term/domain_keys_identified_mail"},{"text":"DomainKeys Identified Mail","link":"https://csrc.nist.gov/glossary/term/domainkeys_identified_mail"}],"definitions":null},{"term":"DLC","link":"https://csrc.nist.gov/glossary/term/dlc","abbrSyn":[{"text":"Discrete Logarithm Cryptography","link":"https://csrc.nist.gov/glossary/term/discrete_logarithm_cryptography"}],"definitions":[{"text":"Discrete Logarithm Cryptography, which is comprised of both Finite Field Cryptography (FFC) and Elliptic Curve Cryptography (ECC).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]}]},{"term":"DLL","link":"https://csrc.nist.gov/glossary/term/dll","abbrSyn":[{"text":"Dynamic Link Library","link":"https://csrc.nist.gov/glossary/term/dynamic_link_library"},{"text":"Dynamically Linked Library","link":"https://csrc.nist.gov/glossary/term/dynamically_linked_library"}],"definitions":null},{"term":"DLO","link":"https://csrc.nist.gov/glossary/term/dlo","abbrSyn":[{"text":"Damage-Limiting Operations"}],"definitions":null},{"term":"DLP","link":"https://csrc.nist.gov/glossary/term/dlp","abbrSyn":[{"text":"Data Loss Prevention"}],"definitions":null},{"term":"DLR","link":"https://csrc.nist.gov/glossary/term/dlr","abbrSyn":[{"text":"Distributed Logical Router","link":"https://csrc.nist.gov/glossary/term/distributed_logical_router"}],"definitions":null},{"term":"DLT","link":"https://csrc.nist.gov/glossary/term/dlt","abbrSyn":[{"text":"Distributed Ledger Technology","link":"https://csrc.nist.gov/glossary/term/distributed_ledger_technology"}],"definitions":null},{"term":"DMA","link":"https://csrc.nist.gov/glossary/term/dma","abbrSyn":[{"text":"Direct Memory Access","link":"https://csrc.nist.gov/glossary/term/direct_memory_access"}],"definitions":null},{"term":"DMARC","link":"https://csrc.nist.gov/glossary/term/dmarc","abbrSyn":[{"text":"Domain-based Message Authentication, Reporting & Conformance"},{"text":"Domain-based Message Authentication, Reporting and Conformance","link":"https://csrc.nist.gov/glossary/term/domain_based_message_authentication_reporting_and_conformance"}],"definitions":null},{"term":"DMZ","link":"https://csrc.nist.gov/glossary/term/dmz","abbrSyn":[{"text":"Demilitarized Zone"},{"text":"DeMilitarized Zone"}],"definitions":[{"text":"A perimeter network or screened subnet separating an internal network that is more trusted from an external network that is less trusted.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Demilitarized Zone "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Demilitarized Zone "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Demilitarized Zone "}]},{"text":"A network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Demilitarized Zone "}]}]},{"term":"DN","link":"https://csrc.nist.gov/glossary/term/dn","abbrSyn":[{"text":"Distinguished Name"}],"definitions":[{"text":"An identifier that uniquely represents an object in the X.500 directory information tree.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Distinguished Name ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]}]},{"term":"DNA","link":"https://csrc.nist.gov/glossary/term/dna","abbrSyn":[{"text":"Deoxyribonucleic acid","link":"https://csrc.nist.gov/glossary/term/deoxyribonucleic_acid"}],"definitions":null},{"term":"DNAT","link":"https://csrc.nist.gov/glossary/term/dnat","abbrSyn":[{"text":"Destination Network Address Translation","link":"https://csrc.nist.gov/glossary/term/destination_network_address_translation"}],"definitions":null},{"term":"DNI","link":"https://csrc.nist.gov/glossary/term/dni","abbrSyn":[{"text":"Director of National Intelligence","link":"https://csrc.nist.gov/glossary/term/director_of_national_intelligence"}],"definitions":null},{"term":"DNP3","link":"https://csrc.nist.gov/glossary/term/dnp3","abbrSyn":[{"text":"Distributed Network Protocol","link":"https://csrc.nist.gov/glossary/term/distributed_network_protocol"}],"definitions":[{"text":"DNP3 Distributed Network Protocol (published as IEEE 1815)","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"}]}]},{"term":"DNS","link":"https://csrc.nist.gov/glossary/term/dns","abbrSyn":[{"text":"Domain Name System"}],"definitions":[{"text":"The system by which Internet domain names and addresses are tracked and regulated as defined by IETF RFC 1034 and other related RFCs.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain Name System "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain Name System ","refSources":[{"text":"RFC 1034","link":"https://doi.org/10.17487/RFC1034"}]}]}]},{"term":"DNS Administrator","link":"https://csrc.nist.gov/glossary/term/dns_administrator","definitions":[{"text":"Used in this document to cover the person (or persons) tasked with updating zone data and operating an enterprise’s DNS server. This term may actually cover several official roles, but these roles are covered by one term here.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"DNS Full Zone Transfer Query Type","link":"https://csrc.nist.gov/glossary/term/dns_full_zone_transfer_query_type","abbrSyn":[{"text":"AXFR","link":"https://csrc.nist.gov/glossary/term/axfr"}],"definitions":null},{"term":"DNS Security Extensions","link":"https://csrc.nist.gov/glossary/term/dns_security_extensions","abbrSyn":[{"text":"DNSSEC","link":"https://csrc.nist.gov/glossary/term/dnssec"}],"definitions":null},{"term":"DNS-Based Authentication of Named Entities","link":"https://csrc.nist.gov/glossary/term/dns_based_authentication_of_named_entities","abbrSyn":[{"text":"DANE","link":"https://csrc.nist.gov/glossary/term/dane"}],"definitions":null},{"term":"DNSBL","link":"https://csrc.nist.gov/glossary/term/dnsbl","abbrSyn":[{"text":"Domain Name System Blacklist","link":"https://csrc.nist.gov/glossary/term/domain_name_system_blacklist"}],"definitions":null},{"term":"DNS-SD","link":"https://csrc.nist.gov/glossary/term/dns_sd","abbrSyn":[{"text":"Domain Name System Service Discovery","link":"https://csrc.nist.gov/glossary/term/domain_name_system_service_discovery"}],"definitions":null},{"term":"DNSSEC","link":"https://csrc.nist.gov/glossary/term/dnssec","abbrSyn":[{"text":"DNS Security Extensions","link":"https://csrc.nist.gov/glossary/term/dns_security_extensions"},{"text":"Domain Name System Security Extensions","link":"https://csrc.nist.gov/glossary/term/domain_name_system_security_extensions"}],"definitions":null},{"term":"DNSSEC-Aware Name Server","link":"https://csrc.nist.gov/glossary/term/dnssec_aware_name_server","definitions":[{"text":"An entity acting in the role of a name server that understands the DNS security extensions defined in this document set. In particular, a DNSSEC-aware name server is an entity that receives DNS queries, sends DNS responses, supports the EDNS0 [RFC 2671] message size extension and the DO bit [RFC 4035], and supports the RR types and message header bits defined in this document set.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"DNSSEC-Aware Recursive Name Server","link":"https://csrc.nist.gov/glossary/term/dnssec_aware_recursive_name_server","definitions":[{"text":"An entity that acts in both the DNSSEC-aware name server and DNSSEC-aware resolver roles. A more cumbersome equivalent phrase would be “a DNSSEC-aware name server that offers recursive service.” Also sometimes referred to as a “security-aware caching name server.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"DNSSEC-Aware Resolver","link":"https://csrc.nist.gov/glossary/term/dnssec_aware_resolver","definitions":[{"text":"An entity acting in the role of a resolver (defined in section 2.4 of [RFC 4033]) that understands the DNS security extensions. In particular, a DNSSEC-aware resolver is an entity that sends DNS queries, receives DNS responses, and understands the DNSSEC specification, even if it is incapable of performing validation.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"DNSSEC-Aware Stub Resolver","link":"https://csrc.nist.gov/glossary/term/dnssec_aware_stub_resolver","definitions":[{"text":"An entity acting in the role of a stub resolver that has an understanding of the DNS security extensions. DNSSEC-aware stub resolvers may be either “validating” or “nonvalidating,” depending on whether the stub resolver attempts to verify DNSSEC signatures on its own or trusts a friendly DNSSEC-aware name server to do so. See also “validating stub resolver” and “nonvalidating stub resolver.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}],"seeAlso":[{"text":"Nonvalidating DNSSEC-Aware Stub Resolver","link":"nonvalidating_dnssec_aware_stub_resolver"},{"text":"nonvalidating stub resolver","link":"nonvalidating_stub_resolver"},{"text":"validating stub resolver","link":"validating_stub_resolver"}]},{"term":"DOB","link":"https://csrc.nist.gov/glossary/term/dob","abbrSyn":[{"text":"Date of Birth","link":"https://csrc.nist.gov/glossary/term/date_of_birth"}],"definitions":null},{"term":"DOC","link":"https://csrc.nist.gov/glossary/term/doc","note":"(C.F.D.)","abbrSyn":[{"text":"Delivery-Only Client"},{"text":"Department of Commerce","link":"https://csrc.nist.gov/glossary/term/department_of_commerce"}],"definitions":null},{"term":"Document Type Definition (DTD)","link":"https://csrc.nist.gov/glossary/term/document_type_definition","abbrSyn":[{"text":"DTD","link":"https://csrc.nist.gov/glossary/term/dtd"}],"definitions":[{"text":"A document defining the format of the contents present between the tags in an XML or SGML document, and the way they should be interpreted by the application reading the XML or SGML document.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary","link":"https://www.developer.com/services/article.php/1485771/Web-Services-Glossary.htm"}]}]}]},{"term":"DoD","link":"https://csrc.nist.gov/glossary/term/dod","abbrSyn":[{"text":"Department of Defense","link":"https://csrc.nist.gov/glossary/term/department_of_defense"}],"definitions":null},{"term":"DoD Cybersecurity Analysis and Review","link":"https://csrc.nist.gov/glossary/term/dod_cybersecurity_analysis_and_review","abbrSyn":[{"text":"DODCAR","link":"https://csrc.nist.gov/glossary/term/dodcar"}],"definitions":null},{"term":"DoD Discovery Metadata Standard","link":"https://csrc.nist.gov/glossary/term/dod_discovery_metadata_standard","abbrSyn":[{"text":"DDMS","link":"https://csrc.nist.gov/glossary/term/ddms"}],"definitions":null},{"term":"DoD information","link":"https://csrc.nist.gov/glossary/term/dod_information","definitions":[{"text":"Any information that has not been cleared for public release in accordance with Department of Defense (DoD) Directive 5230.09, “Clearance of DoD Information for Public Release”, and that has been collected, developed, received, transmitted, used, or stored by DoD, or by a non-DoD entity in support of an official DoD activity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"DoD Information Assurance Certification and Accreditation Process","link":"https://csrc.nist.gov/glossary/term/dod_information_assurance_certification_and_accreditation_process","abbrSyn":[{"text":"DIACAP","link":"https://csrc.nist.gov/glossary/term/diacap"}],"definitions":null},{"term":"DoD Information Technology Security Certification and Accreditation Process","link":"https://csrc.nist.gov/glossary/term/dod_information_technology_security_certification_and_accreditation_process","abbrSyn":[{"text":"DITSCAP","link":"https://csrc.nist.gov/glossary/term/ditscap"}],"definitions":null},{"term":"DoD portion of the Intelligence Mission Area","link":"https://csrc.nist.gov/glossary/term/dod_portion_of_the_intelligence_mission_area","abbrSyn":[{"text":"DIMA","link":"https://csrc.nist.gov/glossary/term/dima"}],"definitions":null},{"term":"DoD Strategy for Operating in Cyberspace","link":"https://csrc.nist.gov/glossary/term/dod_strategy_for_operating_in_cyberspace","abbrSyn":[{"text":"DSOC","link":"https://csrc.nist.gov/glossary/term/dsoc"}],"definitions":null},{"term":"DODCAR","link":"https://csrc.nist.gov/glossary/term/dodcar","abbrSyn":[{"text":"DoD Cybersecurity Analysis and Review","link":"https://csrc.nist.gov/glossary/term/dod_cybersecurity_analysis_and_review"}],"definitions":null},{"term":"DoDD","link":"https://csrc.nist.gov/glossary/term/dodd","abbrSyn":[{"text":"Department of Defense Directive","link":"https://csrc.nist.gov/glossary/term/department_of_defense_directive"}],"definitions":null},{"term":"DoD-Defense Industrial Base Collaborative Information Sharing Environment","link":"https://csrc.nist.gov/glossary/term/dod_defense_industrial_base_collab_info_sharing_environment","abbrSyn":[{"text":"DCISE","link":"https://csrc.nist.gov/glossary/term/dcise"}],"definitions":null},{"term":"DoDI","link":"https://csrc.nist.gov/glossary/term/dodi","abbrSyn":[{"text":"Department of Defense Instruction","link":"https://csrc.nist.gov/glossary/term/department_of_defense_instruction"}],"definitions":null},{"term":"DoDIN","link":"https://csrc.nist.gov/glossary/term/dodin","abbrSyn":[{"text":"Department of Defense Information Networks"}],"definitions":null},{"term":"DoDM","link":"https://csrc.nist.gov/glossary/term/dodm","abbrSyn":[{"text":"Department of Defense Manual","link":"https://csrc.nist.gov/glossary/term/department_of_defense_manual"}],"definitions":null},{"term":"DOE","link":"https://csrc.nist.gov/glossary/term/doe","abbrSyn":[{"text":"Department of Energy","link":"https://csrc.nist.gov/glossary/term/department_of_energy"}],"definitions":null},{"term":"DOI","link":"https://csrc.nist.gov/glossary/term/doi","abbrSyn":[{"text":"Domain of Interpretation","link":"https://csrc.nist.gov/glossary/term/domain_of_interpretation"}],"definitions":null},{"term":"domain","link":"https://csrc.nist.gov/glossary/term/domain","abbrSyn":[{"text":"security domain","link":"https://csrc.nist.gov/glossary/term/security_domain"}],"definitions":[{"text":"A set of elements, data, resources, and functions that share a commonality in combinations of (1) roles supported, (2) rules governing their use, and (3) protection needs.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"Set of assets and resources subject to a common security policy.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under security domain ","refSources":[{"text":"ISO/IEC 19989-3:2020","link":"https://www.iso.org/standard/73721.html"}]}]},{"text":"A domain that implements a security policy and is administered by a single authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security domain ","refSources":[{"text":"CNSSP 24","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"},{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under security domain ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security domain ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under security domain ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under security domain ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under security domain "}]},{"text":"An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"The term domain refers to a part of the network that is administered by a single authority.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under Domain "}]},{"text":"See security domain.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A set of subjects, their information objects, and a common security policy.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under security domain "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under security domain "}]},{"text":"An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Domain ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Domain ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"A distinct group of computers under a central administration or authority.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain "}]},{"text":"A logical structure, group or sphere of influence over which control is exercised.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Domain "}]},{"text":"A domain within which behaviors, interactions, and outcomes occur and that is defined by a governing security policy. \nNote: A security domain is defined by rules for users, processes, systems, and services that apply to activity within the domain and activity with similar entities in other domains.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security domain "}]},{"text":"A domain within which behaviors, interactions, and outcomes occur and that is defined by a governing security policy.  \nNote: A security domain is defined by rules for users, processes, systems, and services that apply to activity within the domain and activity with similar entities in other domains.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security domain "}]}],"seeAlso":[{"text":"Security Domain"}]},{"term":"Domain authority","link":"https://csrc.nist.gov/glossary/term/domain_authority","definitions":[{"text":"An FCKMS role that is responsible for determining whether another domain’s FCKMS Security Policy is equivalent to or compatible with its own domain policy. The FCKMS system authority often performs this role.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Domain Controller","link":"https://csrc.nist.gov/glossary/term/domain_controller","abbrSyn":[{"text":"DC","link":"https://csrc.nist.gov/glossary/term/dc"}],"definitions":[{"text":"A server responsible for managing domain information, such as login identification and passwords.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]}]}]},{"term":"Domain Keys Identified Mail","link":"https://csrc.nist.gov/glossary/term/domain_keys_identified_mail","abbrSyn":[{"text":"DKIM","link":"https://csrc.nist.gov/glossary/term/dkim"}],"definitions":null},{"term":"Domain Name","link":"https://csrc.nist.gov/glossary/term/domain_name","definitions":[{"text":"A label that identifies a network domain using the Domain Naming System.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Domain Name Server","link":"https://csrc.nist.gov/glossary/term/domain_name_server","definitions":[{"text":"The internet's equivalent of a phone book. It maintains a directory of domain names, as defined by the Domain Name System, and translates them to Internet Protocol addresses.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Domain Name System (DNS)","link":"https://csrc.nist.gov/glossary/term/domain_name_system_DNS","abbrSyn":[{"text":"DNS","link":"https://csrc.nist.gov/glossary/term/dns"}],"definitions":[{"text":"The system by which Internet domain names and addresses are tracked and regulated as defined by IETF RFC 1034 and other related RFCs.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain Name System "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Domain Name System ","refSources":[{"text":"RFC 1034","link":"https://doi.org/10.17487/RFC1034"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"RFC 1034","link":"https://doi.org/10.17487/RFC1034"}]}]}]},{"term":"Domain Name System Blacklist","link":"https://csrc.nist.gov/glossary/term/domain_name_system_blacklist","abbrSyn":[{"text":"DNSBL","link":"https://csrc.nist.gov/glossary/term/dnsbl"}],"definitions":null},{"term":"Domain Name System Security Extensions","link":"https://csrc.nist.gov/glossary/term/domain_name_system_security_extensions","abbrSyn":[{"text":"DNSSEC","link":"https://csrc.nist.gov/glossary/term/dnssec"}],"definitions":null},{"term":"Domain Name System Service Discovery","link":"https://csrc.nist.gov/glossary/term/domain_name_system_service_discovery","abbrSyn":[{"text":"DNS-SD","link":"https://csrc.nist.gov/glossary/term/dns_sd"}],"definitions":null},{"term":"Domain of Interpretation","link":"https://csrc.nist.gov/glossary/term/domain_of_interpretation","abbrSyn":[{"text":"DOI","link":"https://csrc.nist.gov/glossary/term/doi"}],"definitions":null},{"term":"Domain of Use","link":"https://csrc.nist.gov/glossary/term/domain_of_use","definitions":[{"text":"The intended usage of a format","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"Domain parameter","link":"https://csrc.nist.gov/glossary/term/domain_parameter","definitions":[{"text":"Parameters used with cryptographic algorithms that are usually common to a domain of users. An ECDSA or EdDSA cryptographic key pair is associated with a specific set of domain parameters.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Domain parameters "}]},{"text":"The parameters used with a cryptographic algorithm that are common to a domain of users.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Domain parameters "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Domain parameters "}]},{"text":"A parameter used in conjunction with some public-key algorithms to generate key pairs, to create digital signatures, or to establish keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"Parameters used with a cryptographic algorithm that are usually common to a domain of users.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Domain parameters "}]},{"text":"Parameters used in conjunction with some public-key algorithms to generate key pairs, to create digital signatures, or to establish keying material.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Domain parameters "}]},{"text":"A parameter used in conjunction with some public-key algorithms to generate key pairs or to perform cryptographic operations (e.g., to create digital signatures or to establish keying material).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Domain parameter seed","link":"https://csrc.nist.gov/glossary/term/domain_parameter_seed","definitions":[{"text":"A string of bits that is used as input for a domain parameter generation or validation process.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Domain Separation","link":"https://csrc.nist.gov/glossary/term/domain_separation","definitions":[{"text":"For a function, a partitioning of the inputs to different application domains so that no input is assigned to more than one domain.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Domain Services","link":"https://csrc.nist.gov/glossary/term/domain_services","abbrSyn":[{"text":"DS","link":"https://csrc.nist.gov/glossary/term/ds"}],"definitions":null},{"term":"Domain-based Message Authentication, Reporting and Conformance","link":"https://csrc.nist.gov/glossary/term/domain_based_message_authentication_reporting_and_conformance","abbrSyn":[{"text":"DMARC","link":"https://csrc.nist.gov/glossary/term/dmarc"}],"definitions":null},{"term":"DomainKeys Identified Mail","link":"https://csrc.nist.gov/glossary/term/domainkeys_identified_mail","abbrSyn":[{"text":"DKIM","link":"https://csrc.nist.gov/glossary/term/dkim"}],"definitions":null},{"term":"dominance rule","link":"https://csrc.nist.gov/glossary/term/dominance_rule","abbrSyn":[{"text":"(n,k) rule","link":"https://csrc.nist.gov/glossary/term/n_k_rule"}],"definitions":[{"text":"A cell is regarded as confidential, if the n largest units contribute more than k % to the cell total, e.g., n=2 and k=85 means that a cell is defined as risky if the two largest units contribute more than 85 % to the cell total. The n and k are given by the statistical authority. In some NSOs [national statistical office] the values of n and k are confidential.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under (n,k) rule ","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"Donor eNodeB","link":"https://csrc.nist.gov/glossary/term/donor_enodeb","abbrSyn":[{"text":"DeNB","link":"https://csrc.nist.gov/glossary/term/denb"}],"definitions":null},{"term":"DoS","link":"https://csrc.nist.gov/glossary/term/dos","abbrSyn":[{"text":"denial of service"},{"text":"Denial of Service"}],"definitions":[{"text":"The prevention of authorized access to a system resource or the delaying of system operations and functions.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under denial of service ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided).","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Denial of Service ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The prevention of authorized access to a system resource or the delaying of system operations and functions.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Denial of Service ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Denial of Service ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under denial of service "},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Denial of Service "}]},{"text":"The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under denial of service "}]}]},{"term":"DoT","link":"https://csrc.nist.gov/glossary/term/DoT","abbrSyn":[{"text":"Department of Transportation","link":"https://csrc.nist.gov/glossary/term/department_of_transportation"}],"definitions":null},{"term":"Dots Per Inch","link":"https://csrc.nist.gov/glossary/term/dots_per_inch","abbrSyn":[{"text":"dpi","link":"https://csrc.nist.gov/glossary/term/dpi"}],"definitions":null},{"term":"Double spend (attack)","link":"https://csrc.nist.gov/glossary/term/double_spend_attack","definitions":[{"text":"An attack where a blockchain network user attempts to explicitly double spend a digital asset.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Double spend (problem)","link":"https://csrc.nist.gov/glossary/term/double_spend_problem","definitions":[{"text":"Transacting with the same set of digital assets more than once. This is a problem which has plagued many digital money systems, and a problem that most blockchain networks are designed to prevent.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Double-Block-Length","link":"https://csrc.nist.gov/glossary/term/double_block_length","abbrSyn":[{"text":"DBL","link":"https://csrc.nist.gov/glossary/term/dbl"}],"definitions":null},{"term":"Downgrading","link":"https://csrc.nist.gov/glossary/term/downgrading","definitions":[{"text":"An authorized reduction in the level of protection to be provided to specified information, e.g., from a Moderate impact-level down to a Low impact-level.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"downlink","link":"https://csrc.nist.gov/glossary/term/downlink","definitions":[{"text":"Communication that originates from the satellite to the ground.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"DP","link":"https://csrc.nist.gov/glossary/term/dp_acronym","abbrSyn":[{"text":"Digital Policy","link":"https://csrc.nist.gov/glossary/term/digital_policy"}],"definitions":null},{"term":"DPA","link":"https://csrc.nist.gov/glossary/term/dpa","abbrSyn":[{"text":"Differential Power Analysis","link":"https://csrc.nist.gov/glossary/term/differential_power_analysis"}],"definitions":null},{"term":"DPC","link":"https://csrc.nist.gov/glossary/term/dpc","abbrSyn":[{"text":"Derived Personal Identity Verification Credential","link":"https://csrc.nist.gov/glossary/term/derived_personal_identity_verification_credential"},{"text":"Derived PIV Credential","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential"},{"text":"Derived PIV Credentials","link":"https://csrc.nist.gov/glossary/term/derived_piv_credentials"}],"definitions":[{"text":"A credential issued based on proof of possession and control of a PIV Card. Derived PIV credentials are typically used in situations that do not easily accommodate a PIV Card, such as in conjunction with mobile devices.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Derived PIV Credential "}]},{"text":"An X.509 Derived PIV Authentication certificate, which is issued in accordance with the requirements specified in this document where the PIV Authentication certificate on the Applicant’s PIV Card serves as the original credential. The Derived PIV Credential is an additional common identity credential under HSPD-12 and FIPS 201 that is issued by a Federal department or agency and that is used with mobile devices.","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157","underTerm":" under Derived PIV Credential "}]},{"text":"A credential issued based on proof of possession and control of the PIV Card, so as not to duplicate the identity proofing process as defined in [NIST SP 800-63-2]. A Derived PIV Credential token is a hardware or software based token that contains the Derived PIV Credential.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Derived PIV Credential "}]},{"text":"An X.509 Derived PIV Authentication certificate with associated public and private key that is issued in accordance with the requirements specified in this document where the PIV Authentication certificate on the applicant’s PIV Card serves as the original credential. The Derived PIV Credential (DPC) is an additional common identity credential under Homeland Security Presidential Directive-12 and Federal Information Processing Standards (FIPS) 201 that is issued by a federal department or agency and is used with mobile devices.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under Derived PIV Credential "}]}]},{"term":"DPCI","link":"https://csrc.nist.gov/glossary/term/dpci","abbrSyn":[{"text":"Derived PIV Credential Issuer","link":"https://csrc.nist.gov/glossary/term/derived_piv_credential_issuer"}],"definitions":[{"text":"Derived PIV Credential (and associated token) Issuer; an issuer of Derived PIV Credentials as defined in [NIST SP 800-63-2]and [NIST SP 800-157].","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"DPD","link":"https://csrc.nist.gov/glossary/term/dpd","abbrSyn":[{"text":"Dead Peer Detection","link":"https://csrc.nist.gov/glossary/term/dead_peer_detection"},{"text":"Direct Platform Data","link":"https://csrc.nist.gov/glossary/term/direct_platform_data"}],"definitions":null},{"term":"DPI","link":"https://csrc.nist.gov/glossary/term/dpi_caps","abbrSyn":[{"text":"Deep Packet Inspection","link":"https://csrc.nist.gov/glossary/term/deep_packet_inspection"}],"definitions":null},{"term":"dpi","link":"https://csrc.nist.gov/glossary/term/dpi","abbrSyn":[{"text":"Dots Per Inch","link":"https://csrc.nist.gov/glossary/term/dots_per_inch"}],"definitions":null},{"term":"DPM","link":"https://csrc.nist.gov/glossary/term/dpm","abbrSyn":[{"text":"Digital Policy Management","link":"https://csrc.nist.gov/glossary/term/digital_policy_management"}],"definitions":null},{"term":"DQPSK","link":"https://csrc.nist.gov/glossary/term/dqpsk","abbrSyn":[{"text":"Differential Quaternary Phase Shift Keying","link":"https://csrc.nist.gov/glossary/term/differential_quaternary_phase_shift_keying"}],"definitions":null},{"term":"DR","link":"https://csrc.nist.gov/glossary/term/dr","abbrSyn":[{"text":"Disaster Recovery","link":"https://csrc.nist.gov/glossary/term/disaster_recovery"}],"definitions":null},{"term":"Draft International Standard","link":"https://csrc.nist.gov/glossary/term/draft_international_standard","abbrSyn":[{"text":"DIS","link":"https://csrc.nist.gov/glossary/term/dis"}],"definitions":null},{"term":"DRAM","link":"https://csrc.nist.gov/glossary/term/dram","abbrSyn":[{"text":"Dynamic Random-Access Memory","link":"https://csrc.nist.gov/glossary/term/dynamic_random_access_memory"}],"definitions":null},{"term":"DRB","link":"https://csrc.nist.gov/glossary/term/drb","abbrSyn":[{"text":"Data Radio Bearer","link":"https://csrc.nist.gov/glossary/term/data_radio_bearer"},{"text":"Disclosure Review Board","link":"https://csrc.nist.gov/glossary/term/disclosure_review_board"}],"definitions":null},{"term":"DRBG","link":"https://csrc.nist.gov/glossary/term/drbg","abbrSyn":[{"text":"Deterministic Random Bit Generator","link":"https://csrc.nist.gov/glossary/term/deterministic_random_bit_generator"}],"definitions":[{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a randomness source. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator. Contrast with NRBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Deterministic Random Bit Generator "}]},{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Deterministic Random Bit Generator "}]}],"seeAlso":[{"text":"Non-deterministic Random Bit Generator (NRBG)","link":"non_deterministic_random_bit_generator"}]},{"term":"DRBG mechanism","link":"https://csrc.nist.gov/glossary/term/drbg_mechanism","definitions":[{"text":"The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the the DRBG mechanism.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under DRBG Mechanism "}]},{"text":"The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism. Approved DRBG mechanisms are specified in SP 800-90A.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"DRBG Mechanism Boundary","link":"https://csrc.nist.gov/glossary/term/drbg_mechanism_boundary","definitions":[{"text":"A conceptual boundary that is used to explain the operations of a DRBG mechanism and its interaction with and relation to other processes. (See min-entropy.)","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}],"seeAlso":[{"text":"min-entropy","link":"min_entropy"}]},{"term":"Driver Execution Environment","link":"https://csrc.nist.gov/glossary/term/driver_execution_environment","abbrSyn":[{"text":"DXE","link":"https://csrc.nist.gov/glossary/term/dxe"}],"definitions":null},{"term":"DRM","link":"https://csrc.nist.gov/glossary/term/drm","abbrSyn":[{"text":"Data and Information Reference Model","link":"https://csrc.nist.gov/glossary/term/data_and_information_reference_model"},{"text":"Derived Relationship Mapping","link":"https://csrc.nist.gov/glossary/term/derived_relationship_mapping"},{"text":"Digital Rights Management","link":"https://csrc.nist.gov/glossary/term/digital_rights_management"}],"definitions":[{"text":"A potential mapping between Reference Document Elements identified by finding elements from two or more Reference Documents that map to the same Focal Document Element.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Derived Relationship Mapping "}]}]},{"term":"DRP","link":"https://csrc.nist.gov/glossary/term/drp","abbrSyn":[{"text":"Disaster Recovery Plan"}],"definitions":[{"text":"A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Disaster Recovery Plan ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","note":" - adapted"}]}]}]},{"term":"DS","link":"https://csrc.nist.gov/glossary/term/ds","abbrSyn":[{"text":"Delegation Signer","link":"https://csrc.nist.gov/glossary/term/delegation_signer"},{"text":"Distribution System","link":"https://csrc.nist.gov/glossary/term/distribution_system"},{"text":"Domain Services","link":"https://csrc.nist.gov/glossary/term/domain_services"}],"definitions":null},{"term":"DSA","link":"https://csrc.nist.gov/glossary/term/dsa","abbrSyn":[{"text":"Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/digital_signature_algorithm"}],"definitions":[{"text":"the digital signature algorithm specified in FIPS PUB 186.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Digital Signature Algorithm "}]},{"text":"A public-key algorithm that is used for the generation and verification of digital signatures.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Digital Signature Algorithm "}]},{"text":"Digital Signature Algorithm specified in [FIPS 186].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiations and the discrete logarithm problem.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature Algorithm ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature Algorithm ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature Algorithm ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]}]}]},{"term":"DSB","link":"https://csrc.nist.gov/glossary/term/dsb","abbrSyn":[{"text":"Defense Science Board","link":"https://csrc.nist.gov/glossary/term/defense_science_board"}],"definitions":null},{"term":"DSbD","link":"https://csrc.nist.gov/glossary/term/dsbd","abbrSyn":[{"text":"Digital Security by Design","link":"https://csrc.nist.gov/glossary/term/digital_security_by_design"}],"definitions":null},{"term":"DSCP","link":"https://csrc.nist.gov/glossary/term/dscp","abbrSyn":[{"text":"Differentiated Services Code Point","link":"https://csrc.nist.gov/glossary/term/differentiated_services_code_point"}],"definitions":null},{"term":"DSIG","link":"https://csrc.nist.gov/glossary/term/dsig","abbrSyn":[{"text":"Digital Signature"}],"definitions":[{"text":"The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Digital Signature ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation, but not confidentiality protection.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Digital Signature "},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The result of a transformation of a message by means of a cryptographic system using keys such that a Relying Party can determine: (1) whether the transformation was created using the private key that corresponds to the public key in the signer’s digital certificate; and (2) whether the message has been altered since the transformation was made.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Digital Signature "}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, assurance of data integrity, and signatory non-repudiation.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Digital Signature ","refSources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133"}]}]},{"text":"The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer nonrepudiation.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Digital Signature "}]},{"text":"An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Digital Signature "}]}]},{"term":"DSL","link":"https://csrc.nist.gov/glossary/term/dsl","abbrSyn":[{"text":"Digital Subscriber Line","link":"https://csrc.nist.gov/glossary/term/digital_subscriber_line"}],"definitions":null},{"term":"DSN","link":"https://csrc.nist.gov/glossary/term/dsn","abbrSyn":[{"text":"Delivery Status Notification","link":"https://csrc.nist.gov/glossary/term/delivery_status_notification"}],"definitions":null},{"term":"DSOC","link":"https://csrc.nist.gov/glossary/term/dsoc","abbrSyn":[{"text":"DoD Strategy for Operating in Cyberspace","link":"https://csrc.nist.gov/glossary/term/dod_strategy_for_operating_in_cyberspace"}],"definitions":null},{"term":"DSP","link":"https://csrc.nist.gov/glossary/term/dsp","abbrSyn":[{"text":"Digital Signal Processor","link":"https://csrc.nist.gov/glossary/term/digital_signal_processor"},{"text":"Directory Services Protector","link":"https://csrc.nist.gov/glossary/term/directory_services_protector"}],"definitions":null},{"term":"DSRM","link":"https://csrc.nist.gov/glossary/term/dsrm","abbrSyn":[{"text":"Directory Services Restore Mode","link":"https://csrc.nist.gov/glossary/term/directory_services_restore_mode"}],"definitions":null},{"term":"DSS","link":"https://csrc.nist.gov/glossary/term/dss","abbrSyn":[{"text":"Data Security Standard","link":"https://csrc.nist.gov/glossary/term/data_security_standard"},{"text":"Digital Signature Standard","link":"https://csrc.nist.gov/glossary/term/digital_signature_standard"},{"text":"Direct-Sequence Spread Spectrum","link":"https://csrc.nist.gov/glossary/term/direct_sequence_spread_spectrum"}],"definitions":null},{"term":"DSS PCI","link":"https://csrc.nist.gov/glossary/term/dss_pci","abbrSyn":[{"text":"Data Security Standard Payment Card Industry","link":"https://csrc.nist.gov/glossary/term/data_security_standard_payment_card_industry"}],"definitions":null},{"term":"DT","link":"https://csrc.nist.gov/glossary/term/dt","abbrSyn":[{"text":"decision tree","link":"https://csrc.nist.gov/glossary/term/decision_tree"}],"definitions":null},{"term":"DTC","link":"https://csrc.nist.gov/glossary/term/dtc","abbrSyn":[{"text":"Direct-To-Consumer","link":"https://csrc.nist.gov/glossary/term/direct_to_consumer"}],"definitions":null},{"term":"DTD","link":"https://csrc.nist.gov/glossary/term/dtd","abbrSyn":[{"text":"Data Transfer Device","link":"https://csrc.nist.gov/glossary/term/data_transfer_device"},{"text":"Dell Trusted Device","link":"https://csrc.nist.gov/glossary/term/dell_trusted_device"},{"text":"Document Type Definition"}],"definitions":null},{"term":"DTLS","link":"https://csrc.nist.gov/glossary/term/dtls","abbrSyn":[{"text":"Datagram Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/datagram_transport_layer_security"}],"definitions":null},{"term":"DTR","link":"https://csrc.nist.gov/glossary/term/dtr","abbrSyn":[{"text":"Derived Test Requirement","link":"https://csrc.nist.gov/glossary/term/derived_test_requirement"},{"text":"Derived Test Requirements"}],"definitions":null},{"term":"DTS","link":"https://csrc.nist.gov/glossary/term/dts","abbrSyn":[{"text":"Diabetes Technology Social","link":"https://csrc.nist.gov/glossary/term/diabetes_technology_social"}],"definitions":null},{"term":"DUA","link":"https://csrc.nist.gov/glossary/term/dua","abbrSyn":[{"text":"Data Use Agreement"}],"definitions":null},{"term":"dual authorization","link":"https://csrc.nist.gov/glossary/term/dual_authorization","definitions":[{"text":"The system of storage and handling designed to prohibit individual access to certain resources by requiring the presence and actions of at least two authorized persons, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"Dual In-Line Memory Module","link":"https://csrc.nist.gov/glossary/term/dual_in_line_memory_module","abbrSyn":[{"text":"DIMM","link":"https://csrc.nist.gov/glossary/term/dimm"}],"definitions":null},{"term":"Dual_EC_DRBG","link":"https://csrc.nist.gov/glossary/term/dual_ec_drbg","definitions":[{"text":"A DRBG originally specified in SP 800-90A that has been withdrawn.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Duplicate Digital Evidence","link":"https://csrc.nist.gov/glossary/term/duplicate_digital_evidence","definitions":[{"text":"A duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media (e.g., flash memory, RAM, ROM).","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"duplicate disk/data dump","link":"https://csrc.nist.gov/glossary/term/duplicate_disk_data_dump","abbrSyn":[{"text":"dd","link":"https://csrc.nist.gov/glossary/term/dd"}],"definitions":null},{"term":"Duty Cycle","link":"https://csrc.nist.gov/glossary/term/duty_cycle","definitions":[{"text":"The percentage of time that a device is operating over a specified period. For example, a reader that is emitting energy to communicate with tags for 15 seconds every minute has a duty cycle of 25%.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"DVD","link":"https://csrc.nist.gov/glossary/term/dvd","abbrSyn":[{"text":"Digital Versatile Disc"},{"text":"Digital Video Disc","link":"https://csrc.nist.gov/glossary/term/digital_video_disc"},{"text":"Digital Video Disc or Digital Versatile Disc"}],"definitions":[{"text":"A Digital Video Disc (DVD) has the same shape and size as a CD, but with a higher density that gives the option for data to be double-sided and/or double-layered.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"Has the same shape and size as a CD, but with a higher density that gives the option for data to be double-sided and/or double-layered.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Digital Video Disc ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]}]},{"term":"DVD+R","link":"https://csrc.nist.gov/glossary/term/dvd_plus_r","definitions":[{"text":"A write-once (read only) version of the DVD+RW from the DVD+RW Alliance.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"DVD+RW","link":"https://csrc.nist.gov/glossary/term/dvd_plus_rw","definitions":[{"text":"A rewritable (re-recordable) DVD for both movies and data from the DVD+RW Alliance.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"DVD-R","link":"https://csrc.nist.gov/glossary/term/dvd_r","abbrSyn":[{"text":"Digital Versatile Disc-Recordable","link":"https://csrc.nist.gov/glossary/term/digital_versatile_disc_recordable"},{"text":"DVD-Recordable","link":"https://csrc.nist.gov/glossary/term/dvd_recordable"}],"definitions":[{"text":"A write-once (read only) DVD for both movies and data endorsed by the DVD Forum.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"DVD–Read Only Memory","link":"https://csrc.nist.gov/glossary/term/dvd_read_only_memory","abbrSyn":[{"text":"DVD-ROM","link":"https://csrc.nist.gov/glossary/term/dvd_rom"}],"definitions":null},{"term":"DVD-Recordable","link":"https://csrc.nist.gov/glossary/term/dvd_recordable","abbrSyn":[{"text":"DVD-R","link":"https://csrc.nist.gov/glossary/term/dvd_r"}],"definitions":[{"text":"A write-once (read only) DVD for both movies and data endorsed by the DVD Forum.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under DVD-R "}]}]},{"term":"DVD-Rewritable","link":"https://csrc.nist.gov/glossary/term/dvd_rewritable","abbrSyn":[{"text":"DVD-RW","link":"https://csrc.nist.gov/glossary/term/dvd_rw"}],"definitions":[{"text":"A rewritable (re-recordable) DVD for both movies and data from the DVD Forum.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under DVD-RW "}]}]},{"term":"DVD-ROM","link":"https://csrc.nist.gov/glossary/term/dvd_rom","abbrSyn":[{"text":"DVD–Read Only Memory","link":"https://csrc.nist.gov/glossary/term/dvd_read_only_memory"}],"definitions":null},{"term":"DVD-RW","link":"https://csrc.nist.gov/glossary/term/dvd_rw","abbrSyn":[{"text":"DVD-Rewritable","link":"https://csrc.nist.gov/glossary/term/dvd_rewritable"}],"definitions":[{"text":"A rewritable (re-recordable) DVD for both movies and data from the DVD Forum.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"DVR","link":"https://csrc.nist.gov/glossary/term/dvr","abbrSyn":[{"text":"Digital Video Recorder","link":"https://csrc.nist.gov/glossary/term/digital_video_recorder"}],"definitions":null},{"term":"DXE","link":"https://csrc.nist.gov/glossary/term/dxe","abbrSyn":[{"text":"Driver Execution Environment","link":"https://csrc.nist.gov/glossary/term/driver_execution_environment"}],"definitions":null},{"term":"Dynamic Access Control List","link":"https://csrc.nist.gov/glossary/term/dynamic_access_control_list","abbrSyn":[{"text":"DACL","link":"https://csrc.nist.gov/glossary/term/dacl"}],"definitions":null},{"term":"dynamic application security testing","link":"https://csrc.nist.gov/glossary/term/dynamic_application_security_testing","abbrSyn":[{"text":"DAST","link":"https://csrc.nist.gov/glossary/term/dast"}],"definitions":null},{"term":"dynamic code analyzer","link":"https://csrc.nist.gov/glossary/term/dynamic_code_analyzer","definitions":[{"text":"A tool that analyzes computer software by executing programs built from the software being analyzed on a real or virtual processor and observing its behavior, probing the application and analyzing application responses.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Dynamic Core Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/dynamic_core_root_of_trust_for_measurement","abbrSyn":[{"text":"DCRTM","link":"https://csrc.nist.gov/glossary/term/dcrtm"}],"definitions":null},{"term":"Dynamic Domain Name System","link":"https://csrc.nist.gov/glossary/term/dynamic_domain_name_system","abbrSyn":[{"text":"DDNS","link":"https://csrc.nist.gov/glossary/term/ddns"}],"definitions":null},{"term":"Dynamic Host Client Protocol","link":"https://csrc.nist.gov/glossary/term/dynamic_host_client_protocol","abbrSyn":[{"text":"DHCP","link":"https://csrc.nist.gov/glossary/term/dhcp"}],"definitions":null},{"term":"Dynamic Host Configuration Protocol","link":"https://csrc.nist.gov/glossary/term/dynamic_host_configuration_protocol","abbrSyn":[{"text":"DHCP","link":"https://csrc.nist.gov/glossary/term/dhcp"}],"definitions":null},{"term":"Dynamic Link Library","link":"https://csrc.nist.gov/glossary/term/dynamic_link_library","abbrSyn":[{"text":"DLL","link":"https://csrc.nist.gov/glossary/term/dll"}],"definitions":null},{"term":"Dynamic Random-Access Memory","link":"https://csrc.nist.gov/glossary/term/dynamic_random_access_memory","abbrSyn":[{"text":"DRAM","link":"https://csrc.nist.gov/glossary/term/dram"}],"definitions":null},{"term":"dynamic subsystem","link":"https://csrc.nist.gov/glossary/term/dynamic_subsystem","definitions":[{"text":"A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Dynamic Subsystem "}]}]},{"term":"Dynamically Linked Library","link":"https://csrc.nist.gov/glossary/term/dynamically_linked_library","abbrSyn":[{"text":"DLL","link":"https://csrc.nist.gov/glossary/term/dll"}],"definitions":null},{"term":"E.O.","link":"https://csrc.nist.gov/glossary/term/e_o_","abbrSyn":[{"text":"Executive Order","link":"https://csrc.nist.gov/glossary/term/executive_order"}],"definitions":null},{"term":"E3","link":"https://csrc.nist.gov/glossary/term/e3","abbrSyn":[{"text":"Electromagnetic Environmental Effects","link":"https://csrc.nist.gov/glossary/term/electromagnetic_environmental_effects"}],"definitions":null},{"term":"EA","link":"https://csrc.nist.gov/glossary/term/ea","abbrSyn":[{"text":"Enterprise Architecture"}],"definitions":[{"text":"The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A strategic information asset base, which defines the mission; the information necessary to perform the mission; the technologies necessary to perform the mission; and the transitional processes for implementing new technologies in response to changing mission needs; and includes a baseline architecture; a target architecture; and a sequencing plan.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Enterprise Architecture ","refSources":[{"text":"44 U.S.C., Sec. 3601","link":"https://www.govinfo.gov/app/details/USCODE-2010-title44/USCODE-2010-title44-chap36-sec3601"}]}]}]},{"term":"EaaS","link":"https://csrc.nist.gov/glossary/term/eaas","abbrSyn":[{"text":"Entropy as a Service","link":"https://csrc.nist.gov/glossary/term/entropy_as_a_service"}],"definitions":null},{"term":"EAC","link":"https://csrc.nist.gov/glossary/term/eac","abbrSyn":[{"text":"Election Assistance Commission","link":"https://csrc.nist.gov/glossary/term/election_assistance_commission"}],"definitions":null},{"term":"EACMS","link":"https://csrc.nist.gov/glossary/term/eacms","abbrSyn":[{"text":"Electronic Access Control and Monitoring System","link":"https://csrc.nist.gov/glossary/term/electronic_access_control_and_monitoring_system"}],"definitions":null},{"term":"EAL","link":"https://csrc.nist.gov/glossary/term/eal","abbrSyn":[{"text":"Evaluation Assurance Level","link":"https://csrc.nist.gov/glossary/term/evaluation_assurance_level"}],"definitions":null},{"term":"EAN","link":"https://csrc.nist.gov/glossary/term/ean","abbrSyn":[{"text":"European Article Number","link":"https://csrc.nist.gov/glossary/term/european_article_number"}],"definitions":null},{"term":"EAP","link":"https://csrc.nist.gov/glossary/term/eap","abbrSyn":[{"text":"Emergency Action Plan"},{"text":"Extensible Authentication Protocol"}],"definitions":null},{"term":"EAP-FAST","link":"https://csrc.nist.gov/glossary/term/eap_fast","abbrSyn":[{"text":"Extensible Authentication Protocol Flexible Authentication via Secure Tunneling","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_flexible_authentication_via_secure_tunneling"}],"definitions":null},{"term":"EAP-MSCHAPv2","link":"https://csrc.nist.gov/glossary/term/eap_mschapv2","abbrSyn":[{"text":"Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_microsoft_challenge_handshake_authentication_protocol_version_2"}],"definitions":null},{"term":"EAPOL","link":"https://csrc.nist.gov/glossary/term/eapol","abbrSyn":[{"text":"Extensible Authentication Protocol over LAN","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan"},{"text":"Extensible Authentication Protocol Over LAN"},{"text":"Extensible Authentication Protocol over Local Area Network"}],"definitions":null},{"term":"EAPOL-KCK","link":"https://csrc.nist.gov/glossary/term/eapol_kck","abbrSyn":[{"text":"Extensible Authentication Protocol Over LAN Key Confirmation Key","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan_key_confirmation_key"}],"definitions":null},{"term":"EAPOL-KEK","link":"https://csrc.nist.gov/glossary/term/eapol_kek","abbrSyn":[{"text":"Extensible Authentication Protocol Over LAN Key Encryption Key","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan_key_encryption_key"}],"definitions":null},{"term":"EAP-SIM","link":"https://csrc.nist.gov/glossary/term/eap_sim","abbrSyn":[{"text":"Extensible Authentication Protocol-Subscriber Identity Module","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_subscriber_identity_module"}],"definitions":null},{"term":"EAP-TLS","link":"https://csrc.nist.gov/glossary/term/eap_tls","abbrSyn":[{"text":"Extensible Authentication Protocol-Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_transport_layer_security"}],"definitions":null},{"term":"EAP-TTLS","link":"https://csrc.nist.gov/glossary/term/eap_ttls","abbrSyn":[{"text":"Extensible Authentication Protocol-Tunneled Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_tunneled_transport_layer_security"}],"definitions":null},{"term":"EAS","link":"https://csrc.nist.gov/glossary/term/eas","abbrSyn":[{"text":"Electronic Article Surveillance","link":"https://csrc.nist.gov/glossary/term/electronic_article_surveillance"}],"definitions":null},{"term":"Ease-of-use","link":"https://csrc.nist.gov/glossary/term/ease_of_use","definitions":[{"text":"A metric of satisfaction in using a product as established by one or more individuals using the product.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"EAT","link":"https://csrc.nist.gov/glossary/term/eat","abbrSyn":[{"text":"Entity Attestation Token","link":"https://csrc.nist.gov/glossary/term/entity_attestation_token"}],"definitions":null},{"term":"e-authentication assurance level","link":"https://csrc.nist.gov/glossary/term/e_authentication_assurance_level","definitions":[{"text":"A measure of trust or confidence in an authentication mechanism defined in publications Office of Management and Budget (OMB)-04-04 and NIST SP 800-63 in terms of four levels: 1: LITTLE OR NO confidence 2: SOME confidence 3: HIGH confidence 4: VERY HIGH confidence.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Eavesdropper","link":"https://csrc.nist.gov/glossary/term/eavesdropper","definitions":[{"text":"A party that secretly receives communications intended for others.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"eBACS","link":"https://csrc.nist.gov/glossary/term/ebacs","abbrSyn":[{"text":"ECRYPT Benchmarking of Cryptographic Systems","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_cryptographic_systems"}],"definitions":null},{"term":"eBAEAD","link":"https://csrc.nist.gov/glossary/term/ebaead","abbrSyn":[{"text":"ECRYPT Benchmarking of AEAD algorithms","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_aead_algorithms"}],"definitions":null},{"term":"eBASH","link":"https://csrc.nist.gov/glossary/term/ebash","abbrSyn":[{"text":"ECRYPT Benchmarking of All Submitted Hashes","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_all_submitted_hashes"}],"definitions":null},{"term":"eBGP","link":"https://csrc.nist.gov/glossary/term/ebgp","abbrSyn":[{"text":"Exterior Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/exterior_border_gateway_protocol"},{"text":"External BGP","link":"https://csrc.nist.gov/glossary/term/external_bgp"}],"definitions":[{"text":"A BGP operation communicating routing information between two or more ASes.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54","underTerm":" under EBGP "}]}]},{"term":"EBTS","link":"https://csrc.nist.gov/glossary/term/ebts","abbrSyn":[{"text":"Electronic Biometric Transmission Specification","link":"https://csrc.nist.gov/glossary/term/electronic_biometric_transmission_specification"}],"definitions":null},{"term":"ebXML","link":"https://csrc.nist.gov/glossary/term/ebxml","abbrSyn":[{"text":"Electronic Business XML"}],"definitions":null},{"term":"EC","link":"https://csrc.nist.gov/glossary/term/ec","abbrSyn":[{"text":"Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/electrotechnical_commission"},{"text":"Elliptic Curve","link":"https://csrc.nist.gov/glossary/term/elliptic_curve"},{"text":"external coordinator","link":"https://csrc.nist.gov/glossary/term/external_coordinator"}],"definitions":[{"text":"Any vulnerability disclosure entity that receives a vulnerability report that is not within the FCB or the VDPO; the EC may be a commercial vulnerability program with no relation to the Government or a separate VDPO within the Government, or it may be the developer of commercial or open-source software.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216","underTerm":" under external coordinator "}]}]},{"term":"EC2","link":"https://csrc.nist.gov/glossary/term/ec2","abbrSyn":[{"text":"Elastic Compute Cloud","link":"https://csrc.nist.gov/glossary/term/elastic_compute_cloud"}],"definitions":null},{"term":"ECB","link":"https://csrc.nist.gov/glossary/term/ecb","abbrSyn":[{"text":"Electronic Code Book","link":"https://csrc.nist.gov/glossary/term/electronic_code_book"},{"text":"Electronic Codebook"},{"text":"Electronic Codebook mode"}],"definitions":null},{"term":"ECC","link":"https://csrc.nist.gov/glossary/term/ecc","abbrSyn":[{"text":"Elliptic Curve Cryptography","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_cryptography"}],"definitions":[{"text":"Elliptic Curve Cryptography, the public-key cryptographic methods using operations in an elliptic curve group.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Elliptic curve cryptography.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"ECC Cofactor Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/ecc_cofactor_diffie_hellman","abbrSyn":[{"text":"ECC-CDH","link":"https://csrc.nist.gov/glossary/term/ecc_cdh"}],"definitions":null},{"term":"ECC-CDH","link":"https://csrc.nist.gov/glossary/term/ecc_cdh","abbrSyn":[{"text":"ECC Cofactor Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/ecc_cofactor_diffie_hellman"}],"definitions":null},{"term":"ECCM","link":"https://csrc.nist.gov/glossary/term/eccm","abbrSyn":[{"text":"Electronic Counter-Countermeasures","link":"https://csrc.nist.gov/glossary/term/electronic_counter_countermeasures"}],"definitions":null},{"term":"ECDH","link":"https://csrc.nist.gov/glossary/term/ecdh","abbrSyn":[{"text":"Elliptic Curve Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_diffie_hellman"}],"definitions":null},{"term":"ECDHE","link":"https://csrc.nist.gov/glossary/term/ecdhe","abbrSyn":[{"text":"Ephemeral Elliptic Curve Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/ephemeral_elliptic_curve_diffie_hellman"}],"definitions":null},{"term":"ECDS","link":"https://csrc.nist.gov/glossary/term/ecds","abbrSyn":[{"text":"Enterprise Cross Domain Services"}],"definitions":null},{"term":"ECDSA","link":"https://csrc.nist.gov/glossary/term/ecdsa","abbrSyn":[{"text":"Elliptic Curve Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_digital_signature_algorithm"},{"text":"Elliptic Curve DSA","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_dsa"}],"definitions":[{"text":"a digital signature algorithm that is an analog of DSA using elliptic curve mathematics and specified in ANSI draft standard X9.62.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Elliptic Curve Digital Signature Algorithm "}]},{"text":"A digital signature algorithm that is an analog of DSA using elliptic curves.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Elliptic Curve Digital Signature Algorithm "}]},{"text":"Elliptic Curve Digital Signature Algorithm specified in [ANS X9.62] and approved in [FIPS 186].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"Elliptic Curve Digital Signature Algorithm specified in ANSI X9.62 and approved in FIPS 186.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Elliptic Curve Digital Signature Algorithm "}]}]},{"term":"ECM","link":"https://csrc.nist.gov/glossary/term/ecm","abbrSyn":[{"text":"Electronic Countermeasures","link":"https://csrc.nist.gov/glossary/term/electronic_countermeasures"},{"text":"Endpoint Configuration Manager","link":"https://csrc.nist.gov/glossary/term/endpoint_configuration_manager"}],"definitions":null},{"term":"ECMA","link":"https://csrc.nist.gov/glossary/term/ecma","abbrSyn":[{"text":"European Computer Manufacturers Association","link":"https://csrc.nist.gov/glossary/term/european_computer_manufacturers_association"}],"definitions":null},{"term":"ECMP","link":"https://csrc.nist.gov/glossary/term/ecmp","abbrSyn":[{"text":"Equal-Cost Multi-Path","link":"https://csrc.nist.gov/glossary/term/equal_cost_multi_path"}],"definitions":null},{"term":"e-commerce","link":"https://csrc.nist.gov/glossary/term/e_commerce","abbrSyn":[{"text":"Electronic Commerce","link":"https://csrc.nist.gov/glossary/term/electronic_commerce"}],"definitions":[{"text":"The use of network technology (especially the internet) to buy or sell goods and services.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under E-commerce "}]}]},{"term":"ECP","link":"https://csrc.nist.gov/glossary/term/ecp","abbrSyn":[{"text":"Elliptic Curve Groups Modulo a Prime","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_groups_modulo_a_prime"},{"text":"Encryption Control Protocol","link":"https://csrc.nist.gov/glossary/term/encryption_control_protocol"},{"text":"Enterprise Compliance Profile","link":"https://csrc.nist.gov/glossary/term/enterprise_compliance_profile"}],"definitions":null},{"term":"ECRYPT Benchmarking of AEAD algorithms","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_aead_algorithms","abbrSyn":[{"text":"eBAEAD","link":"https://csrc.nist.gov/glossary/term/ebaead"}],"definitions":null},{"term":"ECRYPT Benchmarking of All Submitted Hashes","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_all_submitted_hashes","abbrSyn":[{"text":"eBASH","link":"https://csrc.nist.gov/glossary/term/ebash"}],"definitions":null},{"term":"ECRYPT Benchmarking of Cryptographic Systems","link":"https://csrc.nist.gov/glossary/term/ecrypt_benchmarking_of_cryptographic_systems","abbrSyn":[{"text":"eBACS","link":"https://csrc.nist.gov/glossary/term/ebacs"}],"definitions":null},{"term":"ECRYPT STREAM cipher project","link":"https://csrc.nist.gov/glossary/term/ecrypt_stream_cipher_project","abbrSyn":[{"text":"eSTREAM","link":"https://csrc.nist.gov/glossary/term/estream"}],"definitions":null},{"term":"E-CSRR","link":"https://csrc.nist.gov/glossary/term/e_csrr","abbrSyn":[{"text":"Enterprise-Level CSRR","link":"https://csrc.nist.gov/glossary/term/enterprise_level_csrr"}],"definitions":null},{"term":"ECU","link":"https://csrc.nist.gov/glossary/term/ecu","abbrSyn":[{"text":"Electronic Control Unit","link":"https://csrc.nist.gov/glossary/term/electronic_control_unit"},{"text":"Embedded Control Unit","link":"https://csrc.nist.gov/glossary/term/embedded_control_unit"},{"text":"End Cryptographic Unit"}],"definitions":null},{"term":"EDDRB","link":"https://csrc.nist.gov/glossary/term/eddrb","abbrSyn":[{"text":"Department of Education Disclosure Review Board","link":"https://csrc.nist.gov/glossary/term/department_of_education_disclosure_review_board"}],"definitions":null},{"term":"EdDSA","link":"https://csrc.nist.gov/glossary/term/eddsa","abbrSyn":[{"text":"Edwards Curve Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/edwards_curve_digital_signature_algorithm"},{"text":"Edwards-curve Digital Signature Algorithm"},{"text":"Edwards-Curve Digital Signature Algorithm"}],"definitions":null},{"term":"EDGE","link":"https://csrc.nist.gov/glossary/term/edge","abbrSyn":[{"text":"Enhanced Data for GSM Evolution"},{"text":"Enhanced Data rates for GSM Evolution"}],"definitions":[{"text":"An upgrade to GPRS to provide higher data rates by joining multiple time slots.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Enhanced Data for GSM Evolution "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Enhanced Data for GSM Evolution "}]}]},{"term":"Edge Services Gateway","link":"https://csrc.nist.gov/glossary/term/edge_services_gateway","abbrSyn":[{"text":"ESG","link":"https://csrc.nist.gov/glossary/term/esg"}],"definitions":null},{"term":"EDI","link":"https://csrc.nist.gov/glossary/term/edi","abbrSyn":[{"text":"Electronic Data Interchange","link":"https://csrc.nist.gov/glossary/term/electronic_data_interchange"}],"definitions":null},{"term":"EDIV","link":"https://csrc.nist.gov/glossary/term/ediv","abbrSyn":[{"text":"Encrypted Diversifier","link":"https://csrc.nist.gov/glossary/term/encrypted_diversifier"}],"definitions":null},{"term":"EDR","link":"https://csrc.nist.gov/glossary/term/edr","abbrSyn":[{"text":"Endpoint Detection and Response","link":"https://csrc.nist.gov/glossary/term/endpoint_detection_and_response"},{"text":"Enhanced Data Rate","link":"https://csrc.nist.gov/glossary/term/enhanced_data_rate"}],"definitions":null},{"term":"Education","link":"https://csrc.nist.gov/glossary/term/education","definitions":[{"text":"The ‘Education’ level integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and pro-active response.","sources":[{"text":"NIST SP 800-50","link":"https://doi.org/10.6028/NIST.SP.800-50","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"text":"IT security education focuses on developing the ability and vision to performcomplex, multi-disciplinary activities and the skills needed to further the IT security profession. Education activities include research and development to keep pace with changing technologies and threats.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Edwards Curve Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/edwards_curve_digital_signature_algorithm","abbrSyn":[{"text":"EdDSA","link":"https://csrc.nist.gov/glossary/term/eddsa"}],"definitions":null},{"term":"EE","link":"https://csrc.nist.gov/glossary/term/ee","abbrSyn":[{"text":"End-Entity"}],"definitions":null},{"term":"E-E","link":"https://csrc.nist.gov/glossary/term/e_e","abbrSyn":[{"text":"Extraction-then-Expansion","link":"https://csrc.nist.gov/glossary/term/extraction_then_expansion"}],"definitions":null},{"term":"EEA","link":"https://csrc.nist.gov/glossary/term/eea","abbrSyn":[{"text":"Enterprise Ethereum Alliance","link":"https://csrc.nist.gov/glossary/term/enterprise_ethereum_alliance"},{"text":"EPS Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/eps_encryption_algorithm"},{"text":"European Economic Area","link":"https://csrc.nist.gov/glossary/term/european_economic_area"}],"definitions":null},{"term":"EEMA","link":"https://csrc.nist.gov/glossary/term/eema","definitions":[{"text":"www.eema.org (pka European Electronic Messaging Association)","sources":[{"text":"NISTIR 7427","link":"https://doi.org/10.6028/NIST.IR.7427"}]}]},{"term":"EEPROM","link":"https://csrc.nist.gov/glossary/term/eeprom","abbrSyn":[{"text":"Electrically Erasable Programmable Read Only Memory"},{"text":"Electrically Erasable Programmable Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/electrically_erasable_programmable_read_only_memory"},{"text":"Electronically erasable programmable read-only memory"}],"definitions":null},{"term":"EFD","link":"https://csrc.nist.gov/glossary/term/efd","abbrSyn":[{"text":"Electronic Fill Device"}],"definitions":null},{"term":"Effective Isotropic Radiated Power","link":"https://csrc.nist.gov/glossary/term/effective_isotropic_radiated_power","abbrSyn":[{"text":"EIRP","link":"https://csrc.nist.gov/glossary/term/eirp"}],"definitions":null},{"term":"effective period","link":"https://csrc.nist.gov/glossary/term/effective_period","definitions":[{"text":"Time span during which each COMSEC key edition (i.e., multiple key segments) remains in effect.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"EFI","link":"https://csrc.nist.gov/glossary/term/efi","abbrSyn":[{"text":"Extensible Firmware Interface"}],"definitions":null},{"term":"EFI System Partition Storage","link":"https://csrc.nist.gov/glossary/term/efi_system_partition_storage","abbrSyn":[{"text":"ESP","link":"https://csrc.nist.gov/glossary/term/esp"}],"definitions":null},{"term":"EFP","link":"https://csrc.nist.gov/glossary/term/efp","abbrSyn":[{"text":"Environmental Failure Protection","link":"https://csrc.nist.gov/glossary/term/environmental_failure_protection"}],"definitions":null},{"term":"EFP-uRPF","link":"https://csrc.nist.gov/glossary/term/efp_urpf","abbrSyn":[{"text":"Enhanced Feasible Path Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/enhanced_feasible_path_unicast_reverse_path_forwarding"}],"definitions":null},{"term":"EFS","link":"https://csrc.nist.gov/glossary/term/efs","abbrSyn":[{"text":"Encrypted File System","link":"https://csrc.nist.gov/glossary/term/encrypted_file_system"},{"text":"Encrypting File System","link":"https://csrc.nist.gov/glossary/term/encrypting_file_system"}],"definitions":null},{"term":"e-government (e-gov)","link":"https://csrc.nist.gov/glossary/term/e_government","note":"(C.F.D.)","definitions":[{"text":"The use by the U.S. Government of web-based Internet applications and other information technology. \nRationale: General definition of a commonly understood term","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Egress Filtering","link":"https://csrc.nist.gov/glossary/term/egress_filtering","definitions":[{"text":"Filtering of outgoing network traffic.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"EHR","link":"https://csrc.nist.gov/glossary/term/ehr","abbrSyn":[{"text":"Electronic Health Record"},{"text":"Electronic Health Records"}],"definitions":null},{"term":"EIA","link":"https://csrc.nist.gov/glossary/term/eia","abbrSyn":[{"text":"Electronic Industries Alliance","link":"https://csrc.nist.gov/glossary/term/electronic_industries_alliance"},{"text":"EPS Integrity Algorithm","link":"https://csrc.nist.gov/glossary/term/eps_integrity_algorithm"}],"definitions":null},{"term":"EICAR","link":"https://csrc.nist.gov/glossary/term/eicar","abbrSyn":[{"text":"European Institute for Computer Antivirus Research","link":"https://csrc.nist.gov/glossary/term/european_institute_for_computer_antivirus_research"}],"definitions":null},{"term":"EIEMA","link":"https://csrc.nist.gov/glossary/term/eiema","abbrSyn":[{"text":"Enterprise Information Environment Mission Area","link":"https://csrc.nist.gov/glossary/term/enterprise_information_environment_mission_area"}],"definitions":null},{"term":"EIR","link":"https://csrc.nist.gov/glossary/term/eir","abbrSyn":[{"text":"Equipment Identity Register","link":"https://csrc.nist.gov/glossary/term/equipment_identity_register"}],"definitions":null},{"term":"EIRP","link":"https://csrc.nist.gov/glossary/term/eirp","abbrSyn":[{"text":"Effective Isotropic Radiated Power","link":"https://csrc.nist.gov/glossary/term/effective_isotropic_radiated_power"}],"definitions":null},{"term":"EISA","link":"https://csrc.nist.gov/glossary/term/eisa","abbrSyn":[{"text":"Energy Independence and Security Act","link":"https://csrc.nist.gov/glossary/term/energy_independence_and_security_act"},{"text":"Enterprise Information Security Architecture","link":"https://csrc.nist.gov/glossary/term/enterprise_information_security_architecture"}],"definitions":null},{"term":"EISAC","link":"https://csrc.nist.gov/glossary/term/eisac","abbrSyn":[{"text":"Electricity Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/electricity_information_sharing_and_analysis_center"}],"definitions":null},{"term":"E-ISAC","link":"https://csrc.nist.gov/glossary/term/e_isac","abbrSyn":[{"text":"Electricity Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/electricity_information_sharing_and_analysis_center"},{"text":"Electricity ISAC","link":"https://csrc.nist.gov/glossary/term/electricity_isac"}],"definitions":null},{"term":"EIT","link":"https://csrc.nist.gov/glossary/term/eit","abbrSyn":[{"text":"Enterprise Information Technology"}],"definitions":null},{"term":"EK","link":"https://csrc.nist.gov/glossary/term/ek","abbrSyn":[{"text":"Endorsement Key","link":"https://csrc.nist.gov/glossary/term/endorsement_key"}],"definitions":null},{"term":"EKEYx(Y)","link":"https://csrc.nist.gov/glossary/term/ekeyy","definitions":[{"text":"Encrypt Y with the key KEYx","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"EKMS","link":"https://csrc.nist.gov/glossary/term/ekms","abbrSyn":[{"text":"Electronic Key Management System"}],"definitions":null},{"term":"EKU","link":"https://csrc.nist.gov/glossary/term/eku","abbrSyn":[{"text":"Extended Key Usage","link":"https://csrc.nist.gov/glossary/term/extended_key_usage"}],"definitions":null},{"term":"EL","link":"https://csrc.nist.gov/glossary/term/el","abbrSyn":[{"text":"Engineering Laboratory","link":"https://csrc.nist.gov/glossary/term/engineering_laboratory"},{"text":"Exception Level","link":"https://csrc.nist.gov/glossary/term/exception_level"}],"definitions":null},{"term":"Elastic Compute Cloud","link":"https://csrc.nist.gov/glossary/term/elastic_compute_cloud","abbrSyn":[{"text":"EC2","link":"https://csrc.nist.gov/glossary/term/ec2"}],"definitions":null},{"term":"Election Assistance Commission","link":"https://csrc.nist.gov/glossary/term/election_assistance_commission","abbrSyn":[{"text":"EAC","link":"https://csrc.nist.gov/glossary/term/eac"}],"definitions":null},{"term":"Electric Power Research Institute","link":"https://csrc.nist.gov/glossary/term/electric_power_research_institute","abbrSyn":[{"text":"EPRI","link":"https://csrc.nist.gov/glossary/term/epri"}],"definitions":null},{"term":"electric vehicle","link":"https://csrc.nist.gov/glossary/term/electric_vehicle","abbrSyn":[{"text":"EV","link":"https://csrc.nist.gov/glossary/term/ev"}],"definitions":null},{"term":"electric vehicle supply equipment","link":"https://csrc.nist.gov/glossary/term/electric_vehicle_supply_equipment","abbrSyn":[{"text":"EVSE","link":"https://csrc.nist.gov/glossary/term/evse"}],"definitions":null},{"term":"Electric Vehicle Take-Off and Landing","link":"https://csrc.nist.gov/glossary/term/electric_vehicle_take_off_and_landing","abbrSyn":[{"text":"EVTOL","link":"https://csrc.nist.gov/glossary/term/evtol"}],"definitions":null},{"term":"Electrically Erasable Programmable Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/electrically_erasable_programmable_read_only_memory","abbrSyn":[{"text":"EEPROM","link":"https://csrc.nist.gov/glossary/term/eeprom"}],"definitions":null},{"term":"Electricity Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/electricity_information_sharing_and_analysis_center","abbrSyn":[{"text":"EISAC","link":"https://csrc.nist.gov/glossary/term/eisac"},{"text":"E-ISAC","link":"https://csrc.nist.gov/glossary/term/e_isac"}],"definitions":null},{"term":"Electricity ISAC","link":"https://csrc.nist.gov/glossary/term/electricity_isac","abbrSyn":[{"text":"E-ISAC","link":"https://csrc.nist.gov/glossary/term/e_isac"}],"definitions":null},{"term":"Electromagnetic","link":"https://csrc.nist.gov/glossary/term/electromagnetic","abbrSyn":[{"text":"EM","link":"https://csrc.nist.gov/glossary/term/em"}],"definitions":null},{"term":"Electromagnetic Compatibility","link":"https://csrc.nist.gov/glossary/term/electromagnetic_compatibility","abbrSyn":[{"text":"EMC","link":"https://csrc.nist.gov/glossary/term/emc"}],"definitions":null},{"term":"Electromagnetic Environmental Effects","link":"https://csrc.nist.gov/glossary/term/electromagnetic_environmental_effects","abbrSyn":[{"text":"E3","link":"https://csrc.nist.gov/glossary/term/e3"}],"definitions":null},{"term":"Electromagnetic Interference","link":"https://csrc.nist.gov/glossary/term/electromagnetic_interference","abbrSyn":[{"text":"EMI","link":"https://csrc.nist.gov/glossary/term/emi"}],"definitions":[{"text":"An electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics/electrical equipment.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"Any electromagnetic disturbance that interrupts, obstructs, degrades, or otherwise limits the performance of user equipment.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under interference (electromagnetic) ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under interference (electromagnetic) ","refSources":[{"text":"USG FRP (2019)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under interference (electromagnetic) ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]}]}]},{"term":"Electromagnetic Pulse","link":"https://csrc.nist.gov/glossary/term/electromagnetic_pulse","abbrSyn":[{"text":"EMP","link":"https://csrc.nist.gov/glossary/term/emp"}],"definitions":null},{"term":"Electronic Access Control and Monitoring System","link":"https://csrc.nist.gov/glossary/term/electronic_access_control_and_monitoring_system","abbrSyn":[{"text":"EACMS","link":"https://csrc.nist.gov/glossary/term/eacms"}],"definitions":null},{"term":"Electronic Article Surveillance","link":"https://csrc.nist.gov/glossary/term/electronic_article_surveillance","abbrSyn":[{"text":"EAS","link":"https://csrc.nist.gov/glossary/term/eas"}],"definitions":null},{"term":"Electronic Authentication (E-Authentication)","link":"https://csrc.nist.gov/glossary/term/electronic_authentication","abbrSyn":[{"text":"Digital Authentication","link":"https://csrc.nist.gov/glossary/term/digital_authentication"}],"definitions":[{"text":"The process of establishing confidence in user identities electronically presented to an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under electronic authentication (e- authentication) ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]},{"text":"The process of establishing confidence in user identities presented digitally to a system. In previous editions of SP 800-63, this was referred to asElectronic Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Digital Authentication "}]},{"text":"See Digital Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The process of establishing confidence in user identities presented digitally to a system. In previous editions of SP 800-63, this was referred to as Electronic Authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Digital Authentication "}]}]},{"term":"Electronic Biometric Transmission Specification","link":"https://csrc.nist.gov/glossary/term/electronic_biometric_transmission_specification","abbrSyn":[{"text":"EBTS","link":"https://csrc.nist.gov/glossary/term/ebts"}],"definitions":null},{"term":"electronic business (e-business)","link":"https://csrc.nist.gov/glossary/term/electronic_business","note":"(C.F.D.)","definitions":[{"text":"Doing business online. \nRationale: Term is general and not specific to IA.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Electronic Business XML (ebXML)","link":"https://csrc.nist.gov/glossary/term/electronic_business_xml","abbrSyn":[{"text":"ebXML","link":"https://csrc.nist.gov/glossary/term/ebxml"}],"definitions":[{"text":"Sponsored by UN/CEFACT and OASIS, a modular suite of specifications that enable enterprises of any size and in any geographical location to perform business-to-business transactions using XML.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"OASIS Glossary of Terms","link":"https://www.oasis-open.org/glossary/index.php"}]}]}]},{"term":"Electronic Code Book","link":"https://csrc.nist.gov/glossary/term/electronic_code_book","abbrSyn":[{"text":"ECB","link":"https://csrc.nist.gov/glossary/term/ecb"}],"definitions":null},{"term":"Electronic Commerce","link":"https://csrc.nist.gov/glossary/term/electronic_commerce","abbrSyn":[{"text":"e-commerce","link":"https://csrc.nist.gov/glossary/term/e_commerce"}],"definitions":null},{"term":"Electronic Control Unit","link":"https://csrc.nist.gov/glossary/term/electronic_control_unit","abbrSyn":[{"text":"ECU","link":"https://csrc.nist.gov/glossary/term/ecu"}],"definitions":null},{"term":"Electronic Counter-Countermeasures","link":"https://csrc.nist.gov/glossary/term/electronic_counter_countermeasures","abbrSyn":[{"text":"ECCM","link":"https://csrc.nist.gov/glossary/term/eccm"}],"definitions":null},{"term":"Electronic Countermeasures","link":"https://csrc.nist.gov/glossary/term/electronic_countermeasures","abbrSyn":[{"text":"ECM","link":"https://csrc.nist.gov/glossary/term/ecm"}],"definitions":null},{"term":"electronic credentials","link":"https://csrc.nist.gov/glossary/term/electronic_credentials","definitions":[{"text":"Digital documents used in authentication that bind an identity or an attribute to a subscriber's authenticator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Electronic Data Interchange","link":"https://csrc.nist.gov/glossary/term/electronic_data_interchange","abbrSyn":[{"text":"EDI","link":"https://csrc.nist.gov/glossary/term/edi"}],"definitions":null},{"term":"Electronic Evidence","link":"https://csrc.nist.gov/glossary/term/electronic_evidence","definitions":[{"text":"Information and data of investigative value that is stored on or transmitted by an electronic device.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"electronic fill device (EFD)","link":"https://csrc.nist.gov/glossary/term/electronic_fill_device","abbrSyn":[{"text":"EFD","link":"https://csrc.nist.gov/glossary/term/efd"}],"definitions":[{"text":"A COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Electronic Industries Alliance","link":"https://csrc.nist.gov/glossary/term/electronic_industries_alliance","abbrSyn":[{"text":"EIA","link":"https://csrc.nist.gov/glossary/term/eia"}],"definitions":null},{"term":"electronic key management system (EKMS)","link":"https://csrc.nist.gov/glossary/term/electronic_key_management_system","abbrSyn":[{"text":"EKMS","link":"https://csrc.nist.gov/glossary/term/ekms"}],"definitions":[{"text":"An interoperable collection of systems that automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material. \nSee key management infrastructure (KMI).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"key management infrastructure (KMI)","link":"key_management_infrastructure"}]},{"term":"Electronic Mail","link":"https://csrc.nist.gov/glossary/term/electronic_mail","abbrSyn":[{"text":"e-mail","link":"https://csrc.nist.gov/glossary/term/e_mail"},{"text":"Email"},{"text":"E-mail"}],"definitions":null},{"term":"Electronic Media","link":"https://csrc.nist.gov/glossary/term/electronic_media","definitions":[{"text":"General term that refers to media on which data are recorded via an electrically based process.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"electronic messaging services","link":"https://csrc.nist.gov/glossary/term/electronic_messaging_services","definitions":[{"text":"Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business- quality electronic mail service suitable for the conduct of official government business.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Electronic Patient Care Reporting","link":"https://csrc.nist.gov/glossary/term/electronic_patient_care_reporting","abbrSyn":[{"text":"EPCR","link":"https://csrc.nist.gov/glossary/term/epcr"}],"definitions":null},{"term":"Electronic Product Code","link":"https://csrc.nist.gov/glossary/term/electronic_product_code","abbrSyn":[{"text":"EPC","link":"https://csrc.nist.gov/glossary/term/epc"}],"definitions":null},{"term":"Electronic Product Code (EPC) Identifier","link":"https://csrc.nist.gov/glossary/term/electronic_product_code_identifier","definitions":[{"text":"One of the available formats for encoding identifiers on RFID tags. The EPC is a globally unique number that identifies a specific item in the supply chain. This number may be used to identify a container, pallet, case or individual unit.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Electronic Product Code Information Services (EPCIS)","link":"https://csrc.nist.gov/glossary/term/electronic_product_code_information_services","abbrSyn":[{"text":"EPCIS","link":"https://csrc.nist.gov/glossary/term/epcis"}],"definitions":[{"text":"An inter-enterprise subsystem that facilitates information sharing using the EPCglobal network. EPCISs provide information services necessary for the storage, communication and dissemination of EPC data in a secure environment.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Electronic Protected Health Information","link":"https://csrc.nist.gov/glossary/term/electronic_protected_health_information","abbrSyn":[{"text":"electronic PHI","link":"https://csrc.nist.gov/glossary/term/electronic_phi"},{"text":"ePHI","link":"https://csrc.nist.gov/glossary/term/ephi"}],"definitions":[{"text":"Information that comes within paragraphs (1)(i) or (1)(ii) of the definition of protected health information as specified in this section (see “protected health information”).","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","underTerm":" under electronic protected health information ","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §160.103"}]}]},{"text":"Information that comes within paragraphs (1)(i) or (1)(ii) of the definition of protected health information (see “protected health information”).","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Electronic Protected Health Information (electronic PHI, or EPHI) ","refSources":[{"text":"45 C.F.R., Sec. 160.103","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&node=se45.1.160_1103&rgn=div8"}]}]}],"seeAlso":[{"text":"protected health information"}]},{"term":"Electronic Serial Number (ESN)","link":"https://csrc.nist.gov/glossary/term/electronic_serial_number","abbrSyn":[{"text":"ESN","link":"https://csrc.nist.gov/glossary/term/esn"}],"definitions":[{"text":"A unique 32-bit number programmed into CDMA phones when they are manufactured.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Electronic Serial Number "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Electronic Serial Number "}]}]},{"term":"electronic signature","link":"https://csrc.nist.gov/glossary/term/electronic_signature","note":"(C.F.D.)","definitions":[{"text":"See digital signature. \nRationale: Deprecated Term: Given that there is no current consensus on its definition, it is recommended that \"digital signature\" be used instead, if that context is what is intended.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"digital signature","link":"digital_signature"}]},{"term":"electronic/digital file transfer","link":"https://csrc.nist.gov/glossary/term/electronic_digital_file_transfer","definitions":[{"text":"Transmission of a file (information) between two systems via a file transfer (communications) protocol.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"electronically generated key","link":"https://csrc.nist.gov/glossary/term/electronically_generated_key","definitions":[{"text":"Key generated in a COMSEC device by introducing (either mechanically or electronically) a seed key into the device and then using the seed, together with a software algorithm stored in the device, to produce the desired key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/electrotechnical_commission","abbrSyn":[{"text":"EC","link":"https://csrc.nist.gov/glossary/term/ec"}],"definitions":null},{"term":"element","link":"https://csrc.nist.gov/glossary/term/element","abbrSyn":[{"text":"supply chain element","link":"https://csrc.nist.gov/glossary/term/supply_chain_element"}],"definitions":[{"text":"Organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and/or disposal of systems and system components.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under supply chain element "}]},{"text":"ICT system element is a member of a set of elements that constitutes a system.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Element "}]},{"text":"A statement about an ISCM concept that is true for a well-implemented ISCM program.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"},{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]},{"text":"Organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of systems and system components.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under supply chain element "}]},{"text":"ICT system element member of a set of elements that constitutes a system.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Element ","refSources":[{"text":"ISO/IEC 15288","note":" - Adapted"}]}]},{"text":"Organizations, departments, facilities, or personnel responsible for a particular systems security engineering activity conducted within an engineering process (e.g., operations elements, logistics elements, maintenance elements, and training elements).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Element Processes","link":"https://csrc.nist.gov/glossary/term/element_processes","definitions":[{"text":"A series of operations performed in the making or treatment of an element; performing operations on elements/data.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"}]}]},{"term":"Elliptic Curve","link":"https://csrc.nist.gov/glossary/term/elliptic_curve","abbrSyn":[{"text":"EC","link":"https://csrc.nist.gov/glossary/term/ec"}],"definitions":null},{"term":"Elliptic Curve Cryptography","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_cryptography","abbrSyn":[{"text":"ECC","link":"https://csrc.nist.gov/glossary/term/ecc"}],"definitions":[{"text":"Elliptic Curve Cryptography, the public-key cryptographic methods using operations in an elliptic curve group.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under ECC "}]},{"text":"Elliptic curve cryptography.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under ECC "}]}]},{"term":"Elliptic Curve Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_diffie_hellman","abbrSyn":[{"text":"(EC)DH","link":"https://csrc.nist.gov/glossary/term/_ec_dh"},{"text":"ECDH","link":"https://csrc.nist.gov/glossary/term/ecdh"}],"definitions":null},{"term":"Elliptic Curve Digital Signature Algorithm","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_digital_signature_algorithm","abbrSyn":[{"text":"ECDSA","link":"https://csrc.nist.gov/glossary/term/ecdsa"}],"definitions":[{"text":"a digital signature algorithm that is an analog of DSA using elliptic curve mathematics and specified in ANSI draft standard X9.62.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"A digital signature algorithm that is an analog of DSA using elliptic curves.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"Elliptic Curve Digital Signature Algorithm specified in [ANS X9.62] and approved in [FIPS 186].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under ECDSA "}]},{"text":"Elliptic Curve Digital Signature Algorithm specified in ANSI X9.62 and approved in FIPS 186.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Elliptic Curve Groups Modulo a Prime","link":"https://csrc.nist.gov/glossary/term/elliptic_curve_groups_modulo_a_prime","abbrSyn":[{"text":"ECP","link":"https://csrc.nist.gov/glossary/term/ecp"}],"definitions":null},{"term":"EM","link":"https://csrc.nist.gov/glossary/term/em","abbrSyn":[{"text":"Electromagnetic","link":"https://csrc.nist.gov/glossary/term/electromagnetic"},{"text":"Element Manager","link":"https://csrc.nist.gov/glossary/term/element_manager"},{"text":"Encoded Message","link":"https://csrc.nist.gov/glossary/term/encoded_message"}],"definitions":null},{"term":"e-mail","link":"https://csrc.nist.gov/glossary/term/e_mail","abbrSyn":[{"text":"Electronic mail"},{"text":"Electronic Mail","link":"https://csrc.nist.gov/glossary/term/electronic_mail"}],"definitions":null},{"term":"eMASS","link":"https://csrc.nist.gov/glossary/term/emass","abbrSyn":[{"text":"Enterprise Mission Assurance Support Service","link":"https://csrc.nist.gov/glossary/term/enterprise_mission_assurance_support_service"}],"definitions":null},{"term":"embedded computer","link":"https://csrc.nist.gov/glossary/term/embedded_computer","note":"(C.F.D.)","definitions":[{"text":"Computer system that is an integral part of a larger system. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Embedded Control Unit","link":"https://csrc.nist.gov/glossary/term/embedded_control_unit","abbrSyn":[{"text":"ECU","link":"https://csrc.nist.gov/glossary/term/ecu"}],"definitions":null},{"term":"Embedded Universal Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/embedded_universal_integrated_circuit_card","abbrSyn":[{"text":"eUICC","link":"https://csrc.nist.gov/glossary/term/euicc"}],"definitions":null},{"term":"EMBS","link":"https://csrc.nist.gov/glossary/term/embs","abbrSyn":[{"text":"IEEE Engineering in Medicine and Biology Society","link":"https://csrc.nist.gov/glossary/term/ieee_engineering_in_medicine_and_biology_society"}],"definitions":null},{"term":"EMC","link":"https://csrc.nist.gov/glossary/term/emc","abbrSyn":[{"text":"Electromagnetic Compatibility","link":"https://csrc.nist.gov/glossary/term/electromagnetic_compatibility"}],"definitions":null},{"term":"emergence","link":"https://csrc.nist.gov/glossary/term/emergence","definitions":[{"text":"The behaviors and outcomes that result from how individual system elements compose to form the system as a whole.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"emergency action plan (EAP)","link":"https://csrc.nist.gov/glossary/term/emergency_action_plan","abbrSyn":[{"text":"EAP","link":"https://csrc.nist.gov/glossary/term/eap"}],"definitions":[{"text":"A plan developed to prevent loss of national intelligence; protect personnel, facilities, and communications; and recover operations damaged by terrorist attack, natural disaster, or similar events.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-01"}]}]}]},{"term":"Emergency Medical Services","link":"https://csrc.nist.gov/glossary/term/emergency_medical_services","abbrSyn":[{"text":"EMS","link":"https://csrc.nist.gov/glossary/term/ems"}],"definitions":null},{"term":"Emergency Medical Technician","link":"https://csrc.nist.gov/glossary/term/emergency_medical_technician","abbrSyn":[{"text":"EMT","link":"https://csrc.nist.gov/glossary/term/emt"}],"definitions":null},{"term":"Emergency Response Team","link":"https://csrc.nist.gov/glossary/term/emergency_response_team","abbrSyn":[{"text":"ERT","link":"https://csrc.nist.gov/glossary/term/ert"}],"definitions":null},{"term":"Emergency revocation","link":"https://csrc.nist.gov/glossary/term/emergency_revocation","definitions":[{"text":"A revocation of keying material that is effected in response to an actual or suspected compromise of a key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Emergency Shutdown","link":"https://csrc.nist.gov/glossary/term/emergency_shutdown","abbrSyn":[{"text":"ESD","link":"https://csrc.nist.gov/glossary/term/esd"}],"definitions":null},{"term":"EMET","link":"https://csrc.nist.gov/glossary/term/emet","abbrSyn":[{"text":"Enhanced Mitigation Experience Toolkit","link":"https://csrc.nist.gov/glossary/term/enhanced_mitigation_experience_toolkit"}],"definitions":null},{"term":"EMI","link":"https://csrc.nist.gov/glossary/term/emi","abbrSyn":[{"text":"Electromagnetic Interference","link":"https://csrc.nist.gov/glossary/term/electromagnetic_interference"}],"definitions":[{"text":"An electromagnetic disturbance that interrupts, obstructs, or otherwise degrades or limits the effective performance of electronics/electrical equipment.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Electromagnetic Interference "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Electromagnetic Interference "}]}]},{"term":"emission security (EMSEC)","link":"https://csrc.nist.gov/glossary/term/emission_security","abbrSyn":[{"text":"EMSEC","link":"https://csrc.nist.gov/glossary/term/emsec"}],"definitions":[{"text":"The component of communications security that results from all measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from cryptoequipment and information systems. See TEMPEST.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"JP 6-0","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/6-0-Communications-Series/"}]}]}],"seeAlso":[{"text":"TEMPEST","link":"tempest"}]},{"term":"Emissions Security","link":"https://csrc.nist.gov/glossary/term/emissions_security","abbrSyn":[{"text":"EMSEC","link":"https://csrc.nist.gov/glossary/term/emsec"}],"definitions":null},{"term":"EMM","link":"https://csrc.nist.gov/glossary/term/emm","abbrSyn":[{"text":"Enterprise Mobility Management","link":"https://csrc.nist.gov/glossary/term/enterprise_mobility_management"}],"definitions":[{"text":"Enterprise Mobility Management (EMM) systems are a common way of managing mobile devices in the enterprise. Although not a security technology by itself, EMMs can help to deploy policies to an enterprise’s device pool and to monitor device state.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Enterprise Mobility Management ","refSources":[{"text":"Mobile Threat Catalogue","link":"https://pages.nist.gov/mobile-threat-catalogue/"}]}]}]},{"term":"EMP","link":"https://csrc.nist.gov/glossary/term/emp","abbrSyn":[{"text":"Electromagnetic Pulse","link":"https://csrc.nist.gov/glossary/term/electromagnetic_pulse"}],"definitions":null},{"term":"Employment and Social Development Canada","link":"https://csrc.nist.gov/glossary/term/employment_and_social_development_canada","abbrSyn":[{"text":"ESDC","link":"https://csrc.nist.gov/glossary/term/esdc"}],"definitions":null},{"term":"EMS","link":"https://csrc.nist.gov/glossary/term/ems","abbrSyn":[{"text":"Emergency Management System","link":"https://csrc.nist.gov/glossary/term/emergency_management_system"},{"text":"Emergency Medical Services","link":"https://csrc.nist.gov/glossary/term/emergency_medical_services"},{"text":"Energy Management System","link":"https://csrc.nist.gov/glossary/term/energy_management_system"},{"text":"Enhanced Messaging Service"}],"definitions":[{"text":"an improved message system for GSM mobile phones allowing picture, sound, animation and text elements to be conveyed through one or more concatenated SMS messages.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Enhanced Messaging Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Enhanced Messaging Service "}]}]},{"term":"EMSEC","link":"https://csrc.nist.gov/glossary/term/emsec","abbrSyn":[{"text":"Emission Security"},{"text":"Emissions Security","link":"https://csrc.nist.gov/glossary/term/emissions_security"}],"definitions":null},{"term":"EMSK","link":"https://csrc.nist.gov/glossary/term/emsk","abbrSyn":[{"text":"Extended Master Session Key","link":"https://csrc.nist.gov/glossary/term/extended_master_session_key"}],"definitions":null},{"term":"EMT","link":"https://csrc.nist.gov/glossary/term/emt","abbrSyn":[{"text":"Emergency Medical Technician","link":"https://csrc.nist.gov/glossary/term/emergency_medical_technician"}],"definitions":null},{"term":"enabling system","link":"https://csrc.nist.gov/glossary/term/enabling_system","definitions":[{"text":"A system that provides support to the life cycle activities associated with the system of interest. Enabling systems are not necessarily delivered with the system of interest and do not necessarily exist in the operational environment of the system of interest.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"System that supports a system of interest during its life cycle stages but does not necessarily contribute directly to its function during operation.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A system that provides support to the life cycle activities associated with the system-of-interest. Enabling systems are not necessarily delivered with the system-of-interest and do not necessarily exist in the operational environment of the system- of-interest.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"System that supports a system-of-interest during its life cycle stages but does not necessarily contribute directly to its function during operation.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"eNB","link":"https://csrc.nist.gov/glossary/term/enb","abbrSyn":[{"text":"eNodeB","link":"https://csrc.nist.gov/glossary/term/enodeb"},{"text":"Evolved Node B","link":"https://csrc.nist.gov/glossary/term/evolved_node_b"}],"definitions":null},{"term":"Encapsulating Security Payload (ESP)","link":"https://csrc.nist.gov/glossary/term/encapsulating_security_payload","abbrSyn":[{"text":"ESP","link":"https://csrc.nist.gov/glossary/term/esp"}],"definitions":[{"text":"The core IPsec security protocol; can provide integrity protection and (optionally) encryption protection for packet headers and data.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Encapsulating Security Payload without encryption","link":"https://csrc.nist.gov/glossary/term/encapsulating_security_payload_without_encryption","abbrSyn":[{"text":"ESP-NULL","link":"https://csrc.nist.gov/glossary/term/esp_null"}],"definitions":null},{"term":"encipher","link":"https://csrc.nist.gov/glossary/term/encipher","abbrSyn":[{"text":"encrypt","link":"https://csrc.nist.gov/glossary/term/encrypt"}],"definitions":[{"text":"Cryptographically transform data to produce cipher text.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under encrypt ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"See encrypt. \nRationale: Deprecated Term: Encrypt is the preferred term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"enclave","link":"https://csrc.nist.gov/glossary/term/enclave","definitions":[{"text":"A set of system resources that operate in the same security domain and that share the protection of a single, common, continuous security perimeter.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"enclave boundary","link":"https://csrc.nist.gov/glossary/term/enclave_boundary","definitions":[{"text":"Point at which an enclave’s internal network service layer connects to an external network’s service layer, i.e., to another enclave or to a wide area network (WAN).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Enclave Page Cache","link":"https://csrc.nist.gov/glossary/term/enclave_page_cache","abbrSyn":[{"text":"EPC","link":"https://csrc.nist.gov/glossary/term/epc"}],"definitions":null},{"term":"encode","link":"https://csrc.nist.gov/glossary/term/encode","definitions":[{"text":"Use a system of symbols to represent information, which might originally have some other representation. Example: Morse code.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"Encoded Message","link":"https://csrc.nist.gov/glossary/term/encoded_message","abbrSyn":[{"text":"EM","link":"https://csrc.nist.gov/glossary/term/em"}],"definitions":null},{"term":"encrypt","link":"https://csrc.nist.gov/glossary/term/encrypt","abbrSyn":[{"text":"encipher","link":"https://csrc.nist.gov/glossary/term/encipher"}],"definitions":[{"text":"Cryptographically transform data to produce cipher text.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"See encrypt. \nRationale: Deprecated Term: Encrypt is the preferred term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under encipher "}]}]},{"term":"Encrypted Diversifier","link":"https://csrc.nist.gov/glossary/term/encrypted_diversifier","abbrSyn":[{"text":"EDIV","link":"https://csrc.nist.gov/glossary/term/ediv"}],"definitions":null},{"term":"Encrypted File System","link":"https://csrc.nist.gov/glossary/term/encrypted_file_system","abbrSyn":[{"text":"EFS","link":"https://csrc.nist.gov/glossary/term/efs"}],"definitions":null},{"term":"encrypted key","link":"https://csrc.nist.gov/glossary/term/encrypted_key","definitions":[{"text":"Key that has been encrypted in a system approved by the National Security Agency (NSA) for key encryption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A cryptographic key that has been encrypted using an approved security function in order to disguise the value of the underlying plaintext key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Encrypted key "}]},{"text":"A cryptographic key that has been encrypted using an Approved security function with a key encrypting key in order to disguise the value of the underlying plaintext key.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Encrypted key "}]},{"text":"A cryptographic key that has been encrypted using an approved cryptographic algorithm in order to disguise the value of the underlying plaintext key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Encrypted key "}]},{"text":"A cryptographic key that has been encrypted using an approved security function with a key-encrypting key in order to disguise the value of the underlying plaintext key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Encrypted key "}]}],"seeAlso":[{"text":"RED key","link":"red_key"}]},{"term":"encryption","link":"https://csrc.nist.gov/glossary/term/encryption","definitions":[{"text":"The process of transforming plaintext into ciphertext for the purpose of security or privacy.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The cryptographic transformation of data to produce ciphertext.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 7498-2"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Encryption ","refSources":[{"text":"ISO 7498-2"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Encryption ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Encryption ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Encryption ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"Any procedure used in cryptography to convert plain text into cipher text to prevent anyone but the intended recipient from reading that data.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Encryption "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Encryption "}]},{"text":"The process of changing plaintext into ciphertext using a cryptographic algorithm and key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Encryption "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Encryption "},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Encryption "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Encryption "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Encryption "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Encryption "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Encryption "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Encryption "}]},{"text":"The process of transforming plaintext into ciphertext.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Encryption "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Encryption "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Encryption "}]},{"text":"The process of a confidentiality mode that transforms usable data into an unreadable form.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Encryption (Enciphering) "}]},{"text":"The translation of data into a form that is unintelligible without a deciphering mechanism.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Encryption "}]},{"text":"The process of transforming plaintext into ciphertext using a cryptographic algorithm and key.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Encryption "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Encryption "}]},{"text":"The process of changing plaintext into ciphertext using a cryptographic algorithm for the purpose of security or privacy.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Encryption "}]},{"text":"The process of changing plaintext into ciphertext.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Encryption ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"ISO/IEC 7498-2"}]}]}]},{"term":"encryption algorithm","link":"https://csrc.nist.gov/glossary/term/encryption_algorithm","definitions":[{"text":"Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"encryption certificate","link":"https://csrc.nist.gov/glossary/term/encryption_certificate","definitions":[{"text":"A certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes. Key management sometimes refers to the process of storing protecting and escrowing the private component of the key pair associated with the encryption certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for  these same purposes.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Encryption Certificate "}]}],"seeAlso":[{"text":"certificate","link":"certificate"}]},{"term":"Encryption Root","link":"https://csrc.nist.gov/glossary/term/encryption_root","abbrSyn":[{"text":"ER","link":"https://csrc.nist.gov/glossary/term/er"}],"definitions":null},{"term":"end cryptographic unit (ECU)","link":"https://csrc.nist.gov/glossary/term/end_cryptographic_unit","abbrSyn":[{"text":"ECU","link":"https://csrc.nist.gov/glossary/term/ecu"}],"definitions":[{"text":"Device that 1) performs cryptographic functions, 2) typically is part of a larger system for which the device provides security services, and 3) from the viewpoint of a supporting security infrastructure (e.g., a key management system) is the lowest level of identifiable component with which a management transaction can be conducted.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"End of File","link":"https://csrc.nist.gov/glossary/term/end_of_file","abbrSyn":[{"text":"EOF","link":"https://csrc.nist.gov/glossary/term/eof"}],"definitions":null},{"term":"End User License Agreement","link":"https://csrc.nist.gov/glossary/term/end_user_license_agreement","abbrSyn":[{"text":"EULA","link":"https://csrc.nist.gov/glossary/term/eula"}],"definitions":null},{"term":"Endorsed TEMPEST Products List","link":"https://csrc.nist.gov/glossary/term/endorsed_tempest_products_list","abbrSyn":[{"text":"ETPL","link":"https://csrc.nist.gov/glossary/term/etpl"}],"definitions":null},{"term":"Endorsement Key","link":"https://csrc.nist.gov/glossary/term/endorsement_key","abbrSyn":[{"text":"EK","link":"https://csrc.nist.gov/glossary/term/ek"}],"definitions":null},{"term":"Endpoint Configuration Manager","link":"https://csrc.nist.gov/glossary/term/endpoint_configuration_manager","note":"(Microsoft)","abbrSyn":[{"text":"ECM","link":"https://csrc.nist.gov/glossary/term/ecm"}],"definitions":null},{"term":"Endpoint Detection and Response","link":"https://csrc.nist.gov/glossary/term/endpoint_detection_and_response","abbrSyn":[{"text":"EDR","link":"https://csrc.nist.gov/glossary/term/edr"}],"definitions":null},{"term":"Endpoint Protection Platform","link":"https://csrc.nist.gov/glossary/term/endpoint_protection_platform","abbrSyn":[{"text":"EPP","link":"https://csrc.nist.gov/glossary/term/epp"}],"definitions":[{"text":"Safeguards implemented through software to protect end-user machines such as workstations and laptops against attack (e.g., antivirus, antispyware, antiadware, personal firewalls, host-based intrusion detection and prevention systems, etc.).","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under End-point Protection Platform "}]}]},{"term":"end-point protection platform","link":"https://csrc.nist.gov/glossary/term/end_point_protection_platform","definitions":[{"text":"Safeguards implemented through software to protect end-user machines such as workstations and laptops against attack (e.g., antivirus, antispyware, anti-adware, personal firewalls, host-based intrusion detection and prevention systems, etc.).","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"end-to-end encryption","link":"https://csrc.nist.gov/glossary/term/end_to_end_encryption","definitions":[{"text":"Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-12","link":"https://doi.org/10.6028/NIST.SP.800-12","note":" - Adapted"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under End-to-End Encryption "}]}]},{"term":"end-to-end security","link":"https://csrc.nist.gov/glossary/term/end_to_end_security","definitions":[{"text":"Safeguarding information in an information system from point of origin to point of destination.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Energy Independence and Security Act","link":"https://csrc.nist.gov/glossary/term/energy_independence_and_security_act","abbrSyn":[{"text":"EISA","link":"https://csrc.nist.gov/glossary/term/eisa"}],"definitions":null},{"term":"Energy Management System","link":"https://csrc.nist.gov/glossary/term/energy_management_system","abbrSyn":[{"text":"EMS","link":"https://csrc.nist.gov/glossary/term/ems"}],"definitions":null},{"term":"Energy Sector Asset Management","link":"https://csrc.nist.gov/glossary/term/energy_sector_asset_management","abbrSyn":[{"text":"ESAM","link":"https://csrc.nist.gov/glossary/term/esam"}],"definitions":null},{"term":"energy storage system","link":"https://csrc.nist.gov/glossary/term/energy_storage_system","abbrSyn":[{"text":"ESS","link":"https://csrc.nist.gov/glossary/term/ess"}],"definitions":null},{"term":"engineered system","link":"https://csrc.nist.gov/glossary/term/engineered_system","definitions":[{"text":"A system designed or adapted to interact with an anticipated operational environment to achieve one or more intended purposes while complying with applicable constraints.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"}]}]}]},{"term":"engineered team","link":"https://csrc.nist.gov/glossary/term/engineered_team","definitions":[{"text":"The individuals on the systems engineering team with security responsibilities, systems security engineers that are part of the systems engineering team, or a combination thereof.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"Engineering Laboratory","link":"https://csrc.nist.gov/glossary/term/engineering_laboratory","abbrSyn":[{"text":"EL","link":"https://csrc.nist.gov/glossary/term/el"}],"definitions":null},{"term":"Enhanced Data for GSM Evolution (EDGE)","link":"https://csrc.nist.gov/glossary/term/enhanced_data_for_gsm_evolution","abbrSyn":[{"text":"EDGE","link":"https://csrc.nist.gov/glossary/term/edge"}],"definitions":[{"text":"An upgrade to GPRS to provide higher data rates by joining multiple time slots.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Enhanced Data for GSM Evolution "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Enhanced Data for GSM Evolution "}]}]},{"term":"Enhanced Data Rate","link":"https://csrc.nist.gov/glossary/term/enhanced_data_rate","abbrSyn":[{"text":"EDR","link":"https://csrc.nist.gov/glossary/term/edr"}],"definitions":null},{"term":"Enhanced Feasible Path Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/enhanced_feasible_path_unicast_reverse_path_forwarding","abbrSyn":[{"text":"EFP-uRPF","link":"https://csrc.nist.gov/glossary/term/efp_urpf"}],"definitions":null},{"term":"Enhanced Messaging Service (EMS)","link":"https://csrc.nist.gov/glossary/term/enhanced_messaging_service","abbrSyn":[{"text":"EMS","link":"https://csrc.nist.gov/glossary/term/ems"}],"definitions":[{"text":"An improved message system for GSM mobile devices allowing picture, sound, animation and text elements to be conveyed through one or more concatenated SMS messages.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"an improved message system for GSM mobile phones allowing picture, sound, animation and text elements to be conveyed through one or more concatenated SMS messages.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Enhanced Messaging Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Enhanced Messaging Service "}]}]},{"term":"Enhanced Mitigation Experience Toolkit","link":"https://csrc.nist.gov/glossary/term/enhanced_mitigation_experience_toolkit","abbrSyn":[{"text":"EMET","link":"https://csrc.nist.gov/glossary/term/emet"}],"definitions":null},{"term":"Enhanced Overlay","link":"https://csrc.nist.gov/glossary/term/enhanced_overlay","definitions":[{"text":"An overlay that adds processes, controls, enhancements, and additional implementation guidance specific to the purpose of the overlay.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"An overlay that adds controls, enhancements, or additional guidance to security control baselines in order to highlight or address needs specific to the purpose of the overlay. (See “overlay.”)","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"}]}],"seeAlso":[{"text":"overlay","link":"overlay"}]},{"term":"enhanced security requirements","link":"https://csrc.nist.gov/glossary/term/enhanced_security_requirements","definitions":[{"text":"Security requirements that are to be implemented in addition to the basic and derived security requirements in SP 800-171. The security requirements provide the foundation for a defense-in-depth protection strategy that includes three mutually supportive and reinforcing components: (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"Security requirements that are to be implemented in addition to the basic and derived security requirements in NIST Special Publication 800-171. The additional security requirements provide the foundation for a defense-in-depth protection strategy that includes three mutually supportive and reinforcing components: (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Enhanced Shared Situational Awareness","link":"https://csrc.nist.gov/glossary/term/enhanced_shared_situational_awareness","abbrSyn":[{"text":"ESSA","link":"https://csrc.nist.gov/glossary/term/essa"}],"definitions":null},{"term":"Enhanced Small Form-Factor Pluggable","link":"https://csrc.nist.gov/glossary/term/enhanced_small_form_factor_pluggable","abbrSyn":[{"text":"SFP+","link":"https://csrc.nist.gov/glossary/term/sfp_plus"}],"definitions":null},{"term":"Enhanced Synchronous Connection Oriented","link":"https://csrc.nist.gov/glossary/term/enhanced_synchronous_connection_oriented","abbrSyn":[{"text":"eSCO","link":"https://csrc.nist.gov/glossary/term/esco"}],"definitions":null},{"term":"ENISA","link":"https://csrc.nist.gov/glossary/term/enisa","abbrSyn":[{"text":"European Union Agency for Cybersecurity","link":"https://csrc.nist.gov/glossary/term/european_union_agency_for_cybersecurity"}],"definitions":null},{"term":"eNodeB","link":"https://csrc.nist.gov/glossary/term/enodeb","abbrSyn":[{"text":"eNB","link":"https://csrc.nist.gov/glossary/term/enb"},{"text":"Evolved Node B","link":"https://csrc.nist.gov/glossary/term/evolved_node_b"}],"definitions":null},{"term":"Enrollment","link":"https://csrc.nist.gov/glossary/term/enrollment","abbrSyn":[{"text":"Identity Registration"},{"text":"Registration"}],"definitions":[{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. In some other NIST documents, such as [NIST SP 800-63A], identity registration is referred to as enrollment.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity Registration "}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and the CSP validates the applicant’s identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"See Enrollment.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Registration "}]},{"text":"Making a person’s identity known to the enrollment/Identity Management System information system by associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the information system. Registration is necessary in order to initiate other processes, such as adjudication, card/token personalization and issuance and, maintenance that are necessary to issue and to re-issue or maintain a PIV Card or a Derived PIV Credential token.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Registration "}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate.)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and an RA validates the identity of the applicant on behalf of the CSP. (NIST SP 800-63-3)","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Registration ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The process that a Certificate Authority (CA) uses to create a certificate for a web server or email user","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]},{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity Registration "}]},{"text":"See “Identity Registration”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Registration "}]},{"text":"The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Registration "}]}]},{"term":"Enrollment Data Set","link":"https://csrc.nist.gov/glossary/term/enrollment_data_set","definitions":[{"text":"A record that includes information about a biometric enrollment (i.e., name and role of the acquiring agent, office and organization, time, place, and acquisition method).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"enrollment manager","link":"https://csrc.nist.gov/glossary/term/enrollment_manager","definitions":[{"text":"The management role that is responsible for assigning user identities to management and non-management roles.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"ENS","link":"https://csrc.nist.gov/glossary/term/ens","abbrSyn":[{"text":"Ethereum Name Service","link":"https://csrc.nist.gov/glossary/term/ethereum_name_service"}],"definitions":null},{"term":"enterprise","link":"https://csrc.nist.gov/glossary/term/enterprise","abbrSyn":[{"text":"organization","link":"https://csrc.nist.gov/glossary/term/organization"},{"text":"Organization"}],"definitions":[{"text":"An entity of any size, complexity, or position within a larger organizational structure (e.g., a federal agency or company).","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under organization "}]},{"text":"An organization that coordinates the operation of one or more processing sites.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Enterprise ","refSources":[{"text":"ANSI/ISA-88.01-1995","link":"https://gmpua.com/GAMP/ISA-88.pdf"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Enterprise "}]},{"text":"An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Enterprise ","refSources":[{"text":"CNSSI 4009-2010"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Enterprise ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Enterprise ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Enterprise ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency or, as appropriate, any of its operational elements).","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements).","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Organization "}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency or, as appropriate, any of its operational elements). See Enterprise.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, private enterprises, academic institutions, state, local, or tribal governments, or as appropriate, any of its operational elements).","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency, or, as appropriate, any of its operational elements). See enterprise.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under organization ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An organization with a defined mission/goal and a defined boundary, using systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, human resources, financial management, security, and systems, information and mission management. See organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., federal agencies, private enterprises, academic institutions, state, local, or tribal governments, or as appropriate, any of their operational elements).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure (e.g., a federal agency or, as appropriate, any of its operational elements). This publication is intended to provide recommendations for organizations that manage their own networks (e.g., that have a chief information officer).","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Organization ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Organization ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Organization ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An entity of any size, complexity, or positioning within an organizational structure, including federal agencies, private enterprises, academic institutions, state, local, or tribal governments, or as appropriate, any of their operational elements.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under organization ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"A top-level organization with unique risk management responsibilities based on its position in the hierarchy and the roles and responsibilities of its officers.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise "}]},{"text":"An entity of any size, complexity, or positioning within a larger organizational structure (e.g., a federal agency or a company).","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Organization ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Group of people and facilities with an arrangement of responsibilities, authorities, and relationships.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under organization ","refSources":[{"text":"ISO 9000"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under organization ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"},{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]}],"seeAlso":[{"text":"organization","link":"organization"},{"text":"Organization"}]},{"term":"enterprise architecture (EA)","link":"https://csrc.nist.gov/glossary/term/enterprise_architecture","abbrSyn":[{"text":"EA","link":"https://csrc.nist.gov/glossary/term/ea"}],"definitions":[{"text":"The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Enterprise Architecture ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A strategic information asset base, which defines the mission; the information necessary to perform the mission; the technologies necessary to perform the mission; and the transitional processes for implementing new technologies in response to changing mission needs; and includes a baseline architecture; a target architecture; and a sequencing plan.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under enterprise architecture ","refSources":[{"text":"44 U.S.C., Sec. 3601","link":"https://www.govinfo.gov/app/details/USCODE-2010-title44/USCODE-2010-title44-chap36-sec3601"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under enterprise architecture ","refSources":[{"text":"44 U.S.C., Sec. 3601","link":"https://www.govinfo.gov/app/details/USCODE-2010-title44/USCODE-2010-title44-chap36-sec3601"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under enterprise architecture ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Enterprise Architecture ","refSources":[{"text":"44 U.S.C., Sec. 3601","link":"https://www.govinfo.gov/app/details/USCODE-2010-title44/USCODE-2010-title44-chap36-sec3601"}]}]},{"text":"A strategic information asset base that defines the mission, the information necessary to perform the mission, the technologies necessary for performing the mission, and the transitional process for implementing new technologies in response to changing mission needs. The EA includes a baseline architecture, target architecture, and sequencing plan.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 24","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Enterprise Compliance Profile","link":"https://csrc.nist.gov/glossary/term/enterprise_compliance_profile","abbrSyn":[{"text":"ECP","link":"https://csrc.nist.gov/glossary/term/ecp"}],"definitions":null},{"term":"enterprise cross domain services (ECDS)","link":"https://csrc.nist.gov/glossary/term/enterprise_cross_domain_services","abbrSyn":[{"text":"ECDS","link":"https://csrc.nist.gov/glossary/term/ecds"}],"definitions":[{"text":"A cross domain solution provided as a system across an enterprise infrastructure, fully integrated to provide the ability to access or transfer information between two or more security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CJCSI 6211.02D","link":"https://www.jcs.mil/Library/CJCS-Instructions/"}]}]}]},{"term":"enterprise cross domain services (ECDS) provider","link":"https://csrc.nist.gov/glossary/term/enterprise_cross_domain_services_provider","definitions":[{"text":"An organization that establishes, manages and maintains the overall infrastructure and security posture offering automated capabilities to users and applications within an enterprise environment for information sharing across and among security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Enterprise Ethereum Alliance","link":"https://csrc.nist.gov/glossary/term/enterprise_ethereum_alliance","abbrSyn":[{"text":"EEA","link":"https://csrc.nist.gov/glossary/term/eea"}],"definitions":null},{"term":"Enterprise Information Environment Mission Area","link":"https://csrc.nist.gov/glossary/term/enterprise_information_environment_mission_area","abbrSyn":[{"text":"EIEMA","link":"https://csrc.nist.gov/glossary/term/eiema"}],"definitions":null},{"term":"enterprise information technology","link":"https://csrc.nist.gov/glossary/term/enterprise_information_technology","abbrSyn":[{"text":"EIT","link":"https://csrc.nist.gov/glossary/term/eit"}],"definitions":[{"text":"The application of computers and telecommunications equipment to store, retrieve, transmit, and manipulate data, in the context of a business or other enterprise.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"Enterprise IT Body of Knowledge – Glossary","link":"http://eitbokwiki.org/Glossary#eit"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"Enterprise IT Body of Knowledge – Glossary","link":"http://eitbokwiki.org/Glossary#eit"}]}]}]},{"term":"Enterprise Mission Assurance Support Service","link":"https://csrc.nist.gov/glossary/term/enterprise_mission_assurance_support_service","abbrSyn":[{"text":"eMASS","link":"https://csrc.nist.gov/glossary/term/emass"}],"definitions":null},{"term":"Enterprise Mobility Management","link":"https://csrc.nist.gov/glossary/term/enterprise_mobility_management","abbrSyn":[{"text":"EMM","link":"https://csrc.nist.gov/glossary/term/emm"}],"definitions":[{"text":"Enterprise Mobility Management (EMM) systems are a common way of managing mobile devices in the enterprise. Although not a security technology by itself, EMMs can help to deploy policies to an enterprise’s device pool and to monitor device state.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"Mobile Threat Catalogue","link":"https://pages.nist.gov/mobile-threat-catalogue/"}]}]}]},{"term":"enterprise patch management","link":"https://csrc.nist.gov/glossary/term/enterprise_patch_management","definitions":[{"text":"The process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization.","sources":[{"text":"NIST SP 800-40 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-40r4"},{"text":"NIST SP 1800-31B","link":"https://doi.org/10.6028/NIST.SP.1800-31"}]}]},{"term":"Enterprise Privacy Authorization Language","link":"https://csrc.nist.gov/glossary/term/enterprise_privacy_authorization_language","abbrSyn":[{"text":"EPAL","link":"https://csrc.nist.gov/glossary/term/epal"}],"definitions":null},{"term":"Enterprise Resource Planning","link":"https://csrc.nist.gov/glossary/term/enterprise_resource_planning","abbrSyn":[{"text":"ERP","link":"https://csrc.nist.gov/glossary/term/erp"}],"definitions":null},{"term":"Enterprise Risk","link":"https://csrc.nist.gov/glossary/term/enterprise_risk","definitions":[{"text":"The effect of uncertainty on enterprise mission and objectives.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"enterprise risk management","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_management","abbrSyn":[{"text":"ERM","link":"https://csrc.nist.gov/glossary/term/erm"}],"definitions":[{"text":"The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An effective agency-wide approach to addressing the full spectrum of the organization’s significant risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"OMB Circular A-11","link":"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf"}]},{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"OMB Circular A-123","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf"}]}]},{"text":"The culture, capabilities, and practices that organizations integrate with strategy-setting and apply when they carry out that strategy, with a purpose of managing risk in creating, preserving, and realizing value.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"COSO Enterprise Risk Management","link":"https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf"}]}]}]},{"term":"Enterprise Risk Profile","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_profile","abbrSyn":[{"text":"ERP","link":"https://csrc.nist.gov/glossary/term/erp"}],"definitions":null},{"term":"Enterprise Risk Register","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_register","abbrSyn":[{"text":"ERR","link":"https://csrc.nist.gov/glossary/term/err"}],"definitions":[{"text":"A risk register at the enterprise level that contains normalized and aggregated inputs from subordinate organizations’ risk registers and profiles.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Enterprise Risk Steering Committee","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_steering_committee","abbrSyn":[{"text":"ERSC","link":"https://csrc.nist.gov/glossary/term/ersc"}],"definitions":null},{"term":"Enterprise Security Manager","link":"https://csrc.nist.gov/glossary/term/enterprise_security_manager","abbrSyn":[{"text":"ESM","link":"https://csrc.nist.gov/glossary/term/esm"}],"definitions":null},{"term":"enterprise service","link":"https://csrc.nist.gov/glossary/term/enterprise_service","definitions":[{"text":"A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Enterprise Subsystem","link":"https://csrc.nist.gov/glossary/term/enterprise_subsystem","definitions":[{"text":"The portion of the RFID system that analyzes, processes, and stores information collected by the RF subsystem. The primary role of the enterprise subsystem is to make the data collected by the RF subsystem useful for a supporting business process. An enterprise subsystem is made up of middleware, analytic systems, and network infrastructure.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"enterprise-hosted cross domain solutions","link":"https://csrc.nist.gov/glossary/term/enterprise_hosted_cross_domain_solutions","definitions":[{"text":"A point-to-point cross domain solution (CDS) that is managed by an enterprise cross domain service (ECDS) provider that may be available to additional users within the enterprise with little or no modifications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Enterprise-Level CSRR","link":"https://csrc.nist.gov/glossary/term/enterprise_level_csrr","abbrSyn":[{"text":"E-CSRR","link":"https://csrc.nist.gov/glossary/term/e_csrr"}],"definitions":null},{"term":"Entity Attestation Token","link":"https://csrc.nist.gov/glossary/term/entity_attestation_token","abbrSyn":[{"text":"EAT","link":"https://csrc.nist.gov/glossary/term/eat"}],"definitions":null},{"term":"Entity authentication","link":"https://csrc.nist.gov/glossary/term/entity_authentication","definitions":[{"text":"The process of providing assurance about the identity of an entity interacting with a system (e.g., to access a resource). Also see Source authentication.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The process of providing assurance about the identity of an entity interacting with a system (e.g., to access a resource). Sometimes called identity authentication.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A process that establishes the origin of information, or determines an entity’s identity to the extent permitted by the entity’s identifier.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}],"seeAlso":[{"text":"Source authentication","link":"source_authentication"}]},{"term":"Entity registration","link":"https://csrc.nist.gov/glossary/term/entity_registration","definitions":[{"text":"A function in the lifecycle of a cryptographic key; a process whereby an entity becomes a member of a security domain.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Entropy","link":"https://csrc.nist.gov/glossary/term/entropy","definitions":[{"text":"A measure of the randomness or uncertainty of a random variable.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]},{"text":"The entropy of a random variable X is a mathematical measure of the expected amount of information provided by an observation of X. As such, entropy is always relative to an observer and his or her knowledge prior to an observation.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"A measure of the disorder or randomness in a closed system. The entropy of uncertainty of a random variable X with probabilities pi, …, pn is defined to be H(X)=-∑_(i=1)^n 〖p_i  log〖 p〗_i 〗","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"A measure of the amount of uncertainty an attacker faces to determine the value of a secret. Entropy is usually stated in bits. A value havingnbits of entropy has the same degree of uncertainty as a uniformly distributedn-bit random value.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A measure of the disorder, randomness or variability in a closed system. Min-entropy is the measure used in this Recommendation.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"},{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]},{"text":"A measure of the disorder, randomness or variability in a closed system. See SP 800-90B.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A measure of the amount of uncertainty an attacker faces to determine the value of a secret. Entropy is usually stated in bits. A value having n bits of entropy has the same degree of uncertainty as a uniformly distributed n-bit random value.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A measure of the disorder, randomness, or variability in a closed system; see SP 800-90B.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A measure of the amount of uncertainty that an Attacker faces to determine the value of a secret. Entropy is usually stated in bits. See Appendix A.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Entropy as a Service","link":"https://csrc.nist.gov/glossary/term/entropy_as_a_service","abbrSyn":[{"text":"EaaS","link":"https://csrc.nist.gov/glossary/term/eaas"}],"definitions":null},{"term":"Entropy Input","link":"https://csrc.nist.gov/glossary/term/entropy_input","definitions":[{"text":"An input bitstring that provides an assessed minimum amount of unpredictability for a DRBG mechanism. (See min-entropy.)","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}],"seeAlso":[{"text":"min-entropy","link":"min_entropy"}]},{"term":"Entropy Source","link":"https://csrc.nist.gov/glossary/term/entropy_source","definitions":[{"text":"The combination of a noise source, health tests, and optional conditioning component that produce bitstrings containing entropy.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]},{"text":"A physical source of information whose output either appears to be random in itself or by applying some filtering/distillation process. This output is used as input to either a RNG or PRNG.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"A combination of a noise source (e.g., thermal noise or hard drive seek times), health tests, and an optional conditioning component. The entropy source produces random bitstrings to be used by an RBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"The combination of a noise source, health tests, and an optional conditioning component that produce random bitstrings to be used by an RBG.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Entropy source "}]}]},{"term":"environment","link":"https://csrc.nist.gov/glossary/term/environment","definitions":[{"text":"Context determining the setting and circumstances of all influences upon a system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]},{"text":"Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Context determining the setting and circumstances of all influences upon a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under environment (system) ","refSources":[{"text":"ISO/IEC/IEEE 42010"}]}]}]},{"term":"environment conditions","link":"https://csrc.nist.gov/glossary/term/environment_conditions","definitions":[{"text":"Dynamic factors, independent of subject and object, that may be used as attributes at decision time to influence an access decision.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]}]},{"term":"Environmental Failure Protection","link":"https://csrc.nist.gov/glossary/term/environmental_failure_protection","abbrSyn":[{"text":"EFP","link":"https://csrc.nist.gov/glossary/term/efp"},{"text":"EPT","link":"https://csrc.nist.gov/glossary/term/ept"}],"definitions":null},{"term":"Environmental Failure Testing","link":"https://csrc.nist.gov/glossary/term/environmental_failure_testing","abbrSyn":[{"text":"EFT","link":"https://csrc.nist.gov/glossary/term/eft"}],"definitions":null},{"term":"Environmental Protection Agency","link":"https://csrc.nist.gov/glossary/term/environmental_protection_agency","abbrSyn":[{"text":"EPA","link":"https://csrc.nist.gov/glossary/term/epa"}],"definitions":null},{"term":"Environmental Support","link":"https://csrc.nist.gov/glossary/term/environmental_support","definitions":[{"text":"Any environmental factor for which the organization determines that it needs to continue to provide support in a contingency situation, even if in a degraded state. This could include factors such as power, air conditioning, humidity control, fire protection, lighting, etc. For example, while developing the contingency plan, the organization may determine that it is necessary to continue to ensure the appropriate temperature and humidity during a contingency situation so they would plan for the capacity to support that via supplemental/mobile air conditioning units, backup power, etc. and the associated procedures to ensure cutover operations. Such determinations are based on an assessment of risk, system categorization (impact level), and organizational risk tolerance.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]},{"text":"Any environmental factor for which the organization determines that it needs to continue to provide support in a contingency situation, even if in a degraded state.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"}]}]},{"term":"Environmental testing","link":"https://csrc.nist.gov/glossary/term/environmental_testing","definitions":[{"text":"Evaluating the behavior of a device or system to obtain assurance that it will not be compromised by environmental conditions or fluctuations when operating outside the normal environmental operating range.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"EO","link":"https://csrc.nist.gov/glossary/term/eo","abbrSyn":[{"text":"Executive Order","link":"https://csrc.nist.gov/glossary/term/executive_order"}],"definitions":null},{"term":"EO-critical software","link":"https://csrc.nist.gov/glossary/term/eo_critical_software","abbrSyn":[{"text":"critical software","link":"https://csrc.nist.gov/glossary/term/critical_software"}],"definitions":[{"text":"Any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:\n· is designed to run with elevated privilege or manage privileges;\n· has direct or privileged access to networking or computing resources;\n· is designed to control access to data or operational technology;\n· performs a function critical to trust; or,\n· operates outside of normal trust boundaries with privileged access.","sources":[{"text":"Critical Software Definition (for EO 14028)","link":"https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/critical-software"}]}]},{"term":"EOF","link":"https://csrc.nist.gov/glossary/term/eof","abbrSyn":[{"text":"End of File","link":"https://csrc.nist.gov/glossary/term/end_of_file"}],"definitions":null},{"term":"EOP","link":"https://csrc.nist.gov/glossary/term/eop","abbrSyn":[{"text":"Executive Office of the President","link":"https://csrc.nist.gov/glossary/term/executive_office_of_the_president"}],"definitions":[{"text":"The President's immediate staff, along with entities such as the Office of Management and Budget, the National Security Staff, the Office of Science and Technology Policy, and the Office of Personnel Management.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under Executive Office of the President "}]}]},{"term":"EPA","link":"https://csrc.nist.gov/glossary/term/epa","abbrSyn":[{"text":"Environmental Protection Agency","link":"https://csrc.nist.gov/glossary/term/environmental_protection_agency"}],"definitions":null},{"term":"EPAL","link":"https://csrc.nist.gov/glossary/term/epal","abbrSyn":[{"text":"Enterprise Privacy Authorization Language","link":"https://csrc.nist.gov/glossary/term/enterprise_privacy_authorization_language"}],"definitions":null},{"term":"EPC","link":"https://csrc.nist.gov/glossary/term/epc","abbrSyn":[{"text":"Electronic Product Code","link":"https://csrc.nist.gov/glossary/term/electronic_product_code"},{"text":"Enclave Page Cache","link":"https://csrc.nist.gov/glossary/term/enclave_page_cache"},{"text":"Evolved Packet Core","link":"https://csrc.nist.gov/glossary/term/evolved_packet_core"}],"definitions":null},{"term":"EPCIS","link":"https://csrc.nist.gov/glossary/term/epcis","abbrSyn":[{"text":"Electronic Product Code Information Services"}],"definitions":null},{"term":"EPCR","link":"https://csrc.nist.gov/glossary/term/epcr","abbrSyn":[{"text":"Electronic Patient Care Reporting","link":"https://csrc.nist.gov/glossary/term/electronic_patient_care_reporting"}],"definitions":null},{"term":"Ephemeral Diffie-Hellman key exchange","link":"https://csrc.nist.gov/glossary/term/ephemeral_diffie_hellman_key_exchange","abbrSyn":[{"text":"DHE","link":"https://csrc.nist.gov/glossary/term/dhe"}],"definitions":null},{"term":"Ephemeral Elliptic Curve Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/ephemeral_elliptic_curve_diffie_hellman","abbrSyn":[{"text":"ECDHE","link":"https://csrc.nist.gov/glossary/term/ecdhe"}],"definitions":null},{"term":"Ephemeral Key","link":"https://csrc.nist.gov/glossary/term/ephemeral_key","definitions":[{"text":"A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type (e.g., unique to each message or session).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type (e.g., unique to each message or session). \nIn some cases, ephemeral keys are used more than once within a single session (e.g., for broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Ephemeral key "}]},{"text":"A cryptographic key that is generated for each execution of a cryptographic process (e.g., key establishment) and that meets other requirements of the key type (e.g., unique to each message or session).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Ephemeral key "}]},{"text":"A cryptographic key that is generated for each execution of a key- establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Ephemeral key "}]}]},{"term":"Ephemeral key pair","link":"https://csrc.nist.gov/glossary/term/ephemeral_key_pair","definitions":[{"text":"A key pair, consisting of a public key (i.e., an ephemeral public key) and a private key (i.e., an ephemeral private key) that is intended for a very short period of use. The key pair is ordinarily used in exactly one transaction of a cryptographic scheme; an exception to this is when the ephemeral key pair is used in multiple transactions for a key-transport broadcast. Contrast with a static key pair.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A short-term key pair used with a public-key (asymmetric-key) algorithm that is generated when needed; the public key of an ephemeral key pair is not provided in a public key certificate, unlike static public keys which are often included in a certificate.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"EPL","link":"https://csrc.nist.gov/glossary/term/epl","note":"(C.F.D.)","abbrSyn":[{"text":"Evaluated Products List","link":"https://csrc.nist.gov/glossary/term/evaluated_products_list"}],"definitions":null},{"term":"EPP","link":"https://csrc.nist.gov/glossary/term/epp","abbrSyn":[{"text":"Endpoint Protection Platform","link":"https://csrc.nist.gov/glossary/term/endpoint_protection_platform"},{"text":"Event Processing Point","link":"https://csrc.nist.gov/glossary/term/event_processing_point"}],"definitions":null},{"term":"EPRI","link":"https://csrc.nist.gov/glossary/term/epri","abbrSyn":[{"text":"Electric Power Research Institute","link":"https://csrc.nist.gov/glossary/term/electric_power_research_institute"}],"definitions":null},{"term":"EPROM","link":"https://csrc.nist.gov/glossary/term/eprom","abbrSyn":[{"text":"Erasable Programmable Read Only Memory","link":"https://csrc.nist.gov/glossary/term/erasable_programmable_read_only_memory"},{"text":"Erasable, Programmable, Read-Only Memory"}],"definitions":null},{"term":"EPS","link":"https://csrc.nist.gov/glossary/term/eps","abbrSyn":[{"text":"Events Per Second","link":"https://csrc.nist.gov/glossary/term/events_per_second"},{"text":"Evolved Packet System","link":"https://csrc.nist.gov/glossary/term/evolved_packet_system"}],"definitions":null},{"term":"EPS Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/eps_encryption_algorithm","abbrSyn":[{"text":"EEA","link":"https://csrc.nist.gov/glossary/term/eea"}],"definitions":null},{"term":"EPS Integrity Algorithm","link":"https://csrc.nist.gov/glossary/term/eps_integrity_algorithm","abbrSyn":[{"text":"EIA","link":"https://csrc.nist.gov/glossary/term/eia"}],"definitions":null},{"term":"EPT","link":"https://csrc.nist.gov/glossary/term/ept","abbrSyn":[{"text":"Environmental Failure Protection","link":"https://csrc.nist.gov/glossary/term/environmental_failure_protection"},{"text":"Extended Page Table","link":"https://csrc.nist.gov/glossary/term/extended_page_table"}],"definitions":null},{"term":"Equal-Cost Multi-Path","link":"https://csrc.nist.gov/glossary/term/equal_cost_multi_path","abbrSyn":[{"text":"ECMP","link":"https://csrc.nist.gov/glossary/term/ecmp"}],"definitions":null},{"term":"Equipment Identity Register","link":"https://csrc.nist.gov/glossary/term/equipment_identity_register","abbrSyn":[{"text":"EIR","link":"https://csrc.nist.gov/glossary/term/eir"}],"definitions":null},{"term":"Equipment Radiation TEMPEST Zone","link":"https://csrc.nist.gov/glossary/term/equipment_radiation_tempest_zone","abbrSyn":[{"text":"ERTZ","link":"https://csrc.nist.gov/glossary/term/ertz"}],"definitions":null},{"term":"Equivalent inverse cipher","link":"https://csrc.nist.gov/glossary/term/equivalent_inverse_cipher","definitions":[{"text":"An alternative specification of the inverse of CIPHER() with a structure similar to that of CIPHER() and with a modified key schedule as input.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"Equivalent Process","link":"https://csrc.nist.gov/glossary/term/equivalent_process","definitions":[{"text":"Two processes are equivalent if the same output is produced when the same values are input to each process (either as input parameters, as values made available during the process, or both).","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"Two processes are equivalent if, when the same values are input to each process, the same output is produced.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Equivalent security domains","link":"https://csrc.nist.gov/glossary/term/equivalent_security_domains","definitions":[{"text":"Two or more security domains that have FCKMS security policies that have been determined to provide equivalent protection for the information.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"ER","link":"https://csrc.nist.gov/glossary/term/er","abbrSyn":[{"text":"Encryption Root","link":"https://csrc.nist.gov/glossary/term/encryption_root"}],"definitions":null},{"term":"E-RAB","link":"https://csrc.nist.gov/glossary/term/e_rab","abbrSyn":[{"text":"E-UTRAN Radio Access Bearer","link":"https://csrc.nist.gov/glossary/term/e_utran_radio_access_bearer"}],"definitions":null},{"term":"erasure","link":"https://csrc.nist.gov/glossary/term/erasure","definitions":[{"text":"Process intended to render magnetically stored information irretrievable by normal means.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Erasure "}]}]},{"term":"ERC","link":"https://csrc.nist.gov/glossary/term/erc","abbrSyn":[{"text":"Enhanced Reliability Check","link":"https://csrc.nist.gov/glossary/term/enhanced_reliability_check"},{"text":"Ethereum Request for Comment","link":"https://csrc.nist.gov/glossary/term/ethereum_request_for_comment"}],"definitions":null},{"term":"Erfc","link":"https://csrc.nist.gov/glossary/term/erfc","abbrSyn":[{"text":"Complementary Error Function","link":"https://csrc.nist.gov/glossary/term/complementary_error_function"}],"definitions":[{"text":"See Erfc.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Complementary Error Function "}]},{"text":"The complementary error function erfc(z) is defined in Section 5.5.3. This function is related to the normal cdf.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"ERM","link":"https://csrc.nist.gov/glossary/term/erm","abbrSyn":[{"text":"enterprise risk management","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_management"},{"text":"Enterprise Risk Management"}],"definitions":[{"text":"The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under enterprise risk management "}]},{"text":"An effective agency-wide approach to addressing the full spectrum of the organization’s significant risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"OMB Circular A-11","link":"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf"}]},{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"OMB Circular A-123","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf"}]}]},{"text":"The culture, capabilities, and practices that organizations integrate with strategy-setting and apply when they carry out that strategy, with a purpose of managing risk in creating, preserving, and realizing value.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise Risk Management ","refSources":[{"text":"COSO Enterprise Risk Management","link":"https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf"}]}]}]},{"term":"ERP","link":"https://csrc.nist.gov/glossary/term/erp","abbrSyn":[{"text":"Enterprise Resource Planning","link":"https://csrc.nist.gov/glossary/term/enterprise_resource_planning"},{"text":"Enterprise Risk Profile","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_profile"}],"definitions":null},{"term":"ERR","link":"https://csrc.nist.gov/glossary/term/err","abbrSyn":[{"text":"Enterprise Risk Register","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_register"}],"definitions":[{"text":"A risk register at the enterprise level that contains normalized and aggregated inputs from subordinate organizations’ risk registers and profiles.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Enterprise Risk Register "}]}]},{"term":"error","link":"https://csrc.nist.gov/glossary/term/error","definitions":[{"text":"The difference between desired and actual performance or behavior of a system or system element.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"error detection code","link":"https://csrc.nist.gov/glossary/term/error_detection_code","definitions":[{"text":"A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"A code computed from data and comprised of redundant bits of information that have been designed to detect unintentional changes in the data.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Error-detection code "}]}]},{"term":"ERSC","link":"https://csrc.nist.gov/glossary/term/ersc","abbrSyn":[{"text":"Enterprise Risk Steering Committee","link":"https://csrc.nist.gov/glossary/term/enterprise_risk_steering_committee"}],"definitions":null},{"term":"ERT","link":"https://csrc.nist.gov/glossary/term/ert","abbrSyn":[{"text":"Emergency Response Team","link":"https://csrc.nist.gov/glossary/term/emergency_response_team"}],"definitions":null},{"term":"ERTZ","link":"https://csrc.nist.gov/glossary/term/ertz","abbrSyn":[{"text":"Equipment Radiation TEMPEST Zone","link":"https://csrc.nist.gov/glossary/term/equipment_radiation_tempest_zone"}],"definitions":null},{"term":"ES(nBits)","link":"https://csrc.nist.gov/glossary/term/esnbits","definitions":[{"text":"The estimated maximum security strength for an RSA modulus of length nBits (see Table 2).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"ESAM","link":"https://csrc.nist.gov/glossary/term/esam","abbrSyn":[{"text":"Energy Sector Asset Management","link":"https://csrc.nist.gov/glossary/term/energy_sector_asset_management"}],"definitions":null},{"term":"Escape","link":"https://csrc.nist.gov/glossary/term/escape","definitions":[{"text":"The act of breaking out of a guest OS to gain access to the hypervisor, other guest OSs, or the underlying host OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"eSCO","link":"https://csrc.nist.gov/glossary/term/esco","abbrSyn":[{"text":"Enhanced Synchronous Connection Oriented","link":"https://csrc.nist.gov/glossary/term/enhanced_synchronous_connection_oriented"}],"definitions":null},{"term":"ESD","link":"https://csrc.nist.gov/glossary/term/esd","abbrSyn":[{"text":"Emergency Shutdown","link":"https://csrc.nist.gov/glossary/term/emergency_shutdown"}],"definitions":null},{"term":"ESDC","link":"https://csrc.nist.gov/glossary/term/esdc","abbrSyn":[{"text":"Employment and Social Development Canada","link":"https://csrc.nist.gov/glossary/term/employment_and_social_development_canada"}],"definitions":null},{"term":"ESG","link":"https://csrc.nist.gov/glossary/term/esg","abbrSyn":[{"text":"Edge Services Gateway","link":"https://csrc.nist.gov/glossary/term/edge_services_gateway"}],"definitions":null},{"term":"ESM","link":"https://csrc.nist.gov/glossary/term/esm","abbrSyn":[{"text":"Enterprise Security Manager","link":"https://csrc.nist.gov/glossary/term/enterprise_security_manager"}],"definitions":null},{"term":"ESMTP","link":"https://csrc.nist.gov/glossary/term/esmtp","abbrSyn":[{"text":"Extended Simple Mail Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/extended_simple_mail_transfer_protocol"}],"definitions":null},{"term":"ESN","link":"https://csrc.nist.gov/glossary/term/esn","abbrSyn":[{"text":"Electronic Serial Number"},{"text":"Extended Sequence Number","link":"https://csrc.nist.gov/glossary/term/extended_sequence_number"}],"definitions":[{"text":"A unique 32-bit number programmed into CDMA phones when they are manufactured.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Electronic Serial Number "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Electronic Serial Number "}]}]},{"term":"ESP","link":"https://csrc.nist.gov/glossary/term/esp","abbrSyn":[{"text":"EFI System Partition Storage","link":"https://csrc.nist.gov/glossary/term/efi_system_partition_storage"},{"text":"Encapsulating Security Payload"}],"definitions":null},{"term":"ESP encapsulated in UDP","link":"https://csrc.nist.gov/glossary/term/esp_encapsulated_in_udp","abbrSyn":[{"text":"ESPinUDP","link":"https://csrc.nist.gov/glossary/term/espinudp"}],"definitions":null},{"term":"ESPinUDP","link":"https://csrc.nist.gov/glossary/term/espinudp","abbrSyn":[{"text":"ESP encapsulated in UDP","link":"https://csrc.nist.gov/glossary/term/esp_encapsulated_in_udp"}],"definitions":null},{"term":"ESP-NULL","link":"https://csrc.nist.gov/glossary/term/esp_null","abbrSyn":[{"text":"Encapsulating Security Payload without encryption","link":"https://csrc.nist.gov/glossary/term/encapsulating_security_payload_without_encryption"}],"definitions":null},{"term":"ESS","link":"https://csrc.nist.gov/glossary/term/ess","abbrSyn":[{"text":"energy storage system","link":"https://csrc.nist.gov/glossary/term/energy_storage_system"},{"text":"Extended Service Set","link":"https://csrc.nist.gov/glossary/term/extended_service_set"}],"definitions":null},{"term":"ESSA","link":"https://csrc.nist.gov/glossary/term/essa","abbrSyn":[{"text":"Enhanced Shared Situational Awareness","link":"https://csrc.nist.gov/glossary/term/enhanced_shared_situational_awareness"}],"definitions":null},{"term":"ESSID","link":"https://csrc.nist.gov/glossary/term/essid","abbrSyn":[{"text":"Extended Service Set Identifier","link":"https://csrc.nist.gov/glossary/term/extended_service_set_identifier"}],"definitions":null},{"term":"Estimated maximum security strength","link":"https://csrc.nist.gov/glossary/term/estimated_maximum_security_strength","definitions":[{"text":"An estimate of the largest security strength that can be attained by a cryptographic mechanism given the explicit and implicit assumptions that are made regarding its implementation and supporting infrastructure (e.g., the algorithms employed, the selection of associated primitives and/or auxiliary functions, the choices for various parameters, the methods of generation and/or protection for any required keys, etc.). The estimated maximum security strengths of various approved cryptographic mechanisms are provided in [SP 800-57].","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]}]},{"term":"eSTREAM","link":"https://csrc.nist.gov/glossary/term/estream","abbrSyn":[{"text":"ECRYPT STREAM cipher project","link":"https://csrc.nist.gov/glossary/term/ecrypt_stream_cipher_project"}],"definitions":null},{"term":"ETA","link":"https://csrc.nist.gov/glossary/term/eta","abbrSyn":[{"text":"Event Tree Analysis","link":"https://csrc.nist.gov/glossary/term/event_tree_analysis"}],"definitions":null},{"term":"ETC","link":"https://csrc.nist.gov/glossary/term/etc","abbrSyn":[{"text":"Ethereum Classic","link":"https://csrc.nist.gov/glossary/term/ethereum_classic"}],"definitions":null},{"term":"ETH","link":"https://csrc.nist.gov/glossary/term/eth","abbrSyn":[{"text":"Ethereum","link":"https://csrc.nist.gov/glossary/term/ethereum"}],"definitions":null},{"term":"Ethereum","link":"https://csrc.nist.gov/glossary/term/ethereum","abbrSyn":[{"text":"ETH","link":"https://csrc.nist.gov/glossary/term/eth"}],"definitions":null},{"term":"Ethereum Classic","link":"https://csrc.nist.gov/glossary/term/ethereum_classic","abbrSyn":[{"text":"ETC","link":"https://csrc.nist.gov/glossary/term/etc"}],"definitions":null},{"term":"Ethereum Name Service","link":"https://csrc.nist.gov/glossary/term/ethereum_name_service","abbrSyn":[{"text":"ENS","link":"https://csrc.nist.gov/glossary/term/ens"}],"definitions":null},{"term":"Ethereum Request for Comment","link":"https://csrc.nist.gov/glossary/term/ethereum_request_for_comment","abbrSyn":[{"text":"ERC","link":"https://csrc.nist.gov/glossary/term/erc"}],"definitions":null},{"term":"Ethereum Virtual Machine","link":"https://csrc.nist.gov/glossary/term/ethereum_virtual_machine","abbrSyn":[{"text":"EVM","link":"https://csrc.nist.gov/glossary/term/evm"}],"definitions":null},{"term":"Ethernet Virtual Private Network","link":"https://csrc.nist.gov/glossary/term/ethernet_virtual_private_network","abbrSyn":[{"text":"EVPN","link":"https://csrc.nist.gov/glossary/term/evpn"}],"definitions":null},{"term":"ETPL","link":"https://csrc.nist.gov/glossary/term/etpl","abbrSyn":[{"text":"Endorsed TEMPEST Products List","link":"https://csrc.nist.gov/glossary/term/endorsed_tempest_products_list"}],"definitions":null},{"term":"ETSI","link":"https://csrc.nist.gov/glossary/term/etsi","abbrSyn":[{"text":"European Telecommunication Standardisation Institute","link":"https://csrc.nist.gov/glossary/term/european_telecommunication_standardisation_institute"},{"text":"European Telecommunications Standard Institute"},{"text":"European Telecommunications Standards Institute","link":"https://csrc.nist.gov/glossary/term/european_telecommunications_standards_institute"}],"definitions":null},{"term":"ETSI NFV SEC","link":"https://csrc.nist.gov/glossary/term/etsi_nfv_sec","abbrSyn":[{"text":"European Telecommunications Standards Institute Network Functions Virtualization Security","link":"https://csrc.nist.gov/glossary/term/etsi_network_functions_virtualization_security"}],"definitions":null},{"term":"EUF-CMA","link":"https://csrc.nist.gov/glossary/term/euf_cma","abbrSyn":[{"text":"Existential unforgeability under adaptive chosen message attacks","link":"https://csrc.nist.gov/glossary/term/existential_unforgeability_under_adaptive_chosen_message_attacks"},{"text":"Existential Unforgeability under Chosen-Message Attack","link":"https://csrc.nist.gov/glossary/term/existential_unforgeability_under_chosen_message_attack"}],"definitions":null},{"term":"eUICC","link":"https://csrc.nist.gov/glossary/term/euicc","abbrSyn":[{"text":"Embedded Universal Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/embedded_universal_integrated_circuit_card"}],"definitions":null},{"term":"EULA","link":"https://csrc.nist.gov/glossary/term/eula","abbrSyn":[{"text":"End User License Agreement","link":"https://csrc.nist.gov/glossary/term/end_user_license_agreement"}],"definitions":null},{"term":"European Article Number","link":"https://csrc.nist.gov/glossary/term/european_article_number","abbrSyn":[{"text":"EAN","link":"https://csrc.nist.gov/glossary/term/ean"}],"definitions":null},{"term":"European Computer Manufacturers Association","link":"https://csrc.nist.gov/glossary/term/european_computer_manufacturers_association","abbrSyn":[{"text":"ECMA","link":"https://csrc.nist.gov/glossary/term/ecma"}],"definitions":null},{"term":"European Economic Area","link":"https://csrc.nist.gov/glossary/term/european_economic_area","abbrSyn":[{"text":"EEA","link":"https://csrc.nist.gov/glossary/term/eea"}],"definitions":null},{"term":"European Institute for Computer Antivirus Research","link":"https://csrc.nist.gov/glossary/term/european_institute_for_computer_antivirus_research","abbrSyn":[{"text":"EICAR","link":"https://csrc.nist.gov/glossary/term/eicar"}],"definitions":null},{"term":"European Telecommunication Standardisation Institute","link":"https://csrc.nist.gov/glossary/term/european_telecommunication_standardisation_institute","abbrSyn":[{"text":"ETSI","link":"https://csrc.nist.gov/glossary/term/etsi"}],"definitions":null},{"term":"European Telecommunications Standards Institute","link":"https://csrc.nist.gov/glossary/term/european_telecommunications_standards_institute","abbrSyn":[{"text":"ETSI","link":"https://csrc.nist.gov/glossary/term/etsi"}],"definitions":null},{"term":"European Telecommunications Standards Institute Network Functions Virtualization Security","link":"https://csrc.nist.gov/glossary/term/etsi_network_functions_virtualization_security","abbrSyn":[{"text":"ETSI NFV SEC","link":"https://csrc.nist.gov/glossary/term/etsi_nfv_sec"}],"definitions":null},{"term":"European Union Agency for Cybersecurity","link":"https://csrc.nist.gov/glossary/term/european_union_agency_for_cybersecurity","abbrSyn":[{"text":"ENISA","link":"https://csrc.nist.gov/glossary/term/enisa"}],"definitions":null},{"term":"E-UTRAN","link":"https://csrc.nist.gov/glossary/term/e_utran","abbrSyn":[{"text":"Evolved Universal Terrestrial Radio Access Network","link":"https://csrc.nist.gov/glossary/term/evolved_universal_terrestrial_radio_access_network"}],"definitions":null},{"term":"E-UTRAN Radio Access Bearer","link":"https://csrc.nist.gov/glossary/term/e_utran_radio_access_bearer","abbrSyn":[{"text":"E-RAB","link":"https://csrc.nist.gov/glossary/term/e_rab"}],"definitions":null},{"term":"EV","link":"https://csrc.nist.gov/glossary/term/ev","abbrSyn":[{"text":"electric vehicle","link":"https://csrc.nist.gov/glossary/term/electric_vehicle"},{"text":"Expected Value","link":"https://csrc.nist.gov/glossary/term/expected_value"},{"text":"Extended Validation","link":"https://csrc.nist.gov/glossary/term/extended_validation"}],"definitions":null},{"term":"Evaluated Products List","link":"https://csrc.nist.gov/glossary/term/evaluated_products_list","abbrSyn":[{"text":"EPL","link":"https://csrc.nist.gov/glossary/term/epl"}],"definitions":[{"text":"List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). \nRationale: EPL is no longer used. Product compliant list (PCL) is the replacement term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under evaluated products list (EPL) "}]}]},{"term":"evaluating authority","link":"https://csrc.nist.gov/glossary/term/evaluating_authority","definitions":[{"text":"The official responsible for evaluating a reported COMSEC incident for the possibility of compromise.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Evaluation Assurance Level","link":"https://csrc.nist.gov/glossary/term/evaluation_assurance_level","abbrSyn":[{"text":"EAL","link":"https://csrc.nist.gov/glossary/term/eal"}],"definitions":[{"text":"Set of assurance requirements that represent a point on the Common Criteria predefined assurance scale. \nRationale: NIAP has switched to a “protection profile” program to secure devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under evaluation assurance level (EAL) "}]}]},{"term":"evaluation criteria","link":"https://csrc.nist.gov/glossary/term/evaluation_criteria","definitions":[{"text":"The standards by which accomplishments of technical and operational effectiveness or suitability characteristics may be assessed. Evaluation criteria are a benchmark, standard, or factor against which conformance, performance, and suitability of a technical capability, activity, product, or plan is measured.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"event","link":"https://csrc.nist.gov/glossary/term/event","abbrSyn":[{"text":"cyber incident","link":"https://csrc.nist.gov/glossary/term/cyber_incident"}],"definitions":[{"text":"Any observable occurrence in an information system.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Event ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Any observable occurrence in a network or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]},{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Event "}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein. See incident. See also event, security-relevant event, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cyber incident "}]},{"text":"Something that occurs within a system or network.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Event "}]},{"text":"Any observable occurrence in a network or information system.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","note":" - adapted"}]}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under cyber incident ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under cyber incident ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Any observable occurrence in a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","note":" - Adapted"}]}]},{"text":"Any observable occurrence on a manufacturing system. Events can include cybersecurity changes that may have an impact on manufacturing operations (including mission, capabilities, or reputation).","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Event ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"},{"text":"NIST Cybersecurity Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.02122014"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Event ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Event ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Event ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Event ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"Occurrence or change of a particular set of circumstances.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}],"seeAlso":[{"text":"cyber incident","link":"cyber_incident"},{"text":"cybersecurity event","link":"cybersecurity_event"},{"text":"cyberspace incident"},{"text":"security-relevant event","link":"security_relevant_event"}]},{"term":"Event Aggregation","link":"https://csrc.nist.gov/glossary/term/event_aggregation","abbrSyn":[{"text":"Aggregation","link":"https://csrc.nist.gov/glossary/term/aggregation"}],"definitions":[{"text":"See “Event Aggregation”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Aggregation "}]},{"text":"The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"The consolidation of similar or related information.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Aggregation "}]}]},{"term":"Event Correlation","link":"https://csrc.nist.gov/glossary/term/event_correlation","abbrSyn":[{"text":"Correlation","link":"https://csrc.nist.gov/glossary/term/correlation"}],"definitions":[{"text":"See “Event Correlation”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Correlation "}]},{"text":"Finding relationships between two or more log entries.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Event Filtering","link":"https://csrc.nist.gov/glossary/term/event_filtering","definitions":[{"text":"The suppression of log entries from analysis, reporting, or long-term storage because their characteristics indicate that they are unlikely to contain information of interest.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Event Processing Point","link":"https://csrc.nist.gov/glossary/term/event_processing_point","abbrSyn":[{"text":"EPP","link":"https://csrc.nist.gov/glossary/term/epp"}],"definitions":null},{"term":"Event Reduction","link":"https://csrc.nist.gov/glossary/term/event_reduction","definitions":[{"text":"Removing unneeded data fields from all log entries to create a new log that is smaller.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Event Tree Analysis","link":"https://csrc.nist.gov/glossary/term/event_tree_analysis","abbrSyn":[{"text":"ETA","link":"https://csrc.nist.gov/glossary/term/eta"}],"definitions":null},{"term":"Events Per Second","link":"https://csrc.nist.gov/glossary/term/events_per_second","abbrSyn":[{"text":"EPS","link":"https://csrc.nist.gov/glossary/term/eps"}],"definitions":null},{"term":"EVM","link":"https://csrc.nist.gov/glossary/term/evm","abbrSyn":[{"text":"Earned Value Management"},{"text":"Ethereum Virtual Machine","link":"https://csrc.nist.gov/glossary/term/ethereum_virtual_machine"}],"definitions":null},{"term":"Evolved Node B","link":"https://csrc.nist.gov/glossary/term/evolved_node_b","abbrSyn":[{"text":"eNB","link":"https://csrc.nist.gov/glossary/term/enb"},{"text":"eNodeB","link":"https://csrc.nist.gov/glossary/term/enodeb"}],"definitions":null},{"term":"Evolved Packet Core","link":"https://csrc.nist.gov/glossary/term/evolved_packet_core","abbrSyn":[{"text":"EPC","link":"https://csrc.nist.gov/glossary/term/epc"}],"definitions":null},{"term":"Evolved Packet System","link":"https://csrc.nist.gov/glossary/term/evolved_packet_system","abbrSyn":[{"text":"EPS","link":"https://csrc.nist.gov/glossary/term/eps"}],"definitions":null},{"term":"Evolved Universal Terrestrial Radio Access Network","link":"https://csrc.nist.gov/glossary/term/evolved_universal_terrestrial_radio_access_network","abbrSyn":[{"text":"E-UTRAN","link":"https://csrc.nist.gov/glossary/term/e_utran"}],"definitions":null},{"term":"EVPN","link":"https://csrc.nist.gov/glossary/term/evpn","abbrSyn":[{"text":"Ethernet Virtual Private Network","link":"https://csrc.nist.gov/glossary/term/ethernet_virtual_private_network"}],"definitions":null},{"term":"EVSE","link":"https://csrc.nist.gov/glossary/term/evse","abbrSyn":[{"text":"electric vehicle supply equipment","link":"https://csrc.nist.gov/glossary/term/electric_vehicle_supply_equipment"}],"definitions":null},{"term":"EVTOL","link":"https://csrc.nist.gov/glossary/term/evtol","abbrSyn":[{"text":"Electric Vehicle Take-Off and Landing","link":"https://csrc.nist.gov/glossary/term/electric_vehicle_take_off_and_landing"}],"definitions":null},{"term":"Examination","link":"https://csrc.nist.gov/glossary/term/examination","definitions":[{"text":"A technical review that makes the evidence visible and suitable for analysis; as well as tests performed on the evidence to determine the presence or absence of specific data.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"The second phase of the computer and network forensics process, which involves forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"examine","link":"https://csrc.nist.gov/glossary/term/examine","definitions":[{"text":"A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Examine ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control or privacy control effectiveness over time.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Examine "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Examine "}]}]},{"term":"Exception Level","link":"https://csrc.nist.gov/glossary/term/exception_level","abbrSyn":[{"text":"EL","link":"https://csrc.nist.gov/glossary/term/el"}],"definitions":null},{"term":"exclusive-OR","link":"https://csrc.nist.gov/glossary/term/exclusive_or","abbrSyn":[{"text":"⊕"},{"text":"eXclusive OR"},{"text":"Exclusive OR"},{"text":"Exclusive-or"},{"text":"XOR"}],"definitions":[{"text":"Bitwise logical “exclusive-or”, where 0⊕ 0 = 0, 0⊕ 1 = 1, 1⊕ 0 = 1, and 1⊕ 1 = 0. For example: 01101⊕ 11010 = 10111.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under ⊕ "}]},{"text":"Bit-wise exclusive-or. A mathematical operation that is defined as: \n0⊕ 0 = 0\n0⊕ 1 = 1\n1⊕ 0 = 1 , and\n1⊕ 1 = 0","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under ⊕ "}]},{"text":"A bitwise logical operation such that 1⊕ 1 = 0, 1⊕ 0 = 1, 0⊕ 0 = 0, and 0⊕ 1 = 1. For example, given a string A = 10 and a string B = 11, then A⊕ B = (1⊕ 1) || (0⊕ 1) = 01.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under ⊕ "}]},{"text":"A XOR B is equivalent to A ⊕ B. See the definition of the bitwise logical operation ⊕ above.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under XOR "}]},{"text":"The bit-by-bit modulo 2 addition of binary vectors of equal length.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Exclusive-OR "}]},{"text":"The bitwise addition, modulo 2, of two bit strings of equal length.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Exclusive-OR "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"Exclusive-OR.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under XOR "}]},{"text":"A mathematical operation; the symbol⊕, defined as: 0⊕ 0 = 0 1⊕ 0 = 1 0⊕ 1 = 1 1⊕ 1 = 0 Equivalent to binary addition without carry.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Exclusive-or "}]},{"text":"Bit-wise exclusive-or. A mathematical operation that is defined as: 0 ⊕ 0 = 0, 0 ⊕ 1 = 1, 1 ⊕ 0 = 1, and 1 ⊕ 1 = 0","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under ⊕ "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under ⊕ "}]},{"text":"Exclusive-Or (XOR) operator, defined as bit-wise modulo 2 arithmetic with no carry.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under ⊕ "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under ⊕ "}]}]},{"term":"Exculpatory Evidence","link":"https://csrc.nist.gov/glossary/term/exculpatory_evidence","definitions":[{"text":"Evidence that tends to decrease the likelihood of fault or guilt.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"eXecute In Place","link":"https://csrc.nist.gov/glossary/term/execute_in_place","abbrSyn":[{"text":"XIP","link":"https://csrc.nist.gov/glossary/term/xip"}],"definitions":[{"text":"A facility that allows code to be executed directly from flash memory without loading the code into RAM.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under eXecute in Place "}]}]},{"term":"executive agency","link":"https://csrc.nist.gov/glossary/term/executive_agency","abbrSyn":[{"text":"agency","link":"https://csrc.nist.gov/glossary/term/agency"},{"text":"Agency"},{"text":"federal agency","link":"https://csrc.nist.gov/glossary/term/federal_agency"},{"text":"Federal Agency"}],"definitions":[{"text":"An executive department specified in 5 U.S.C., SEC. 101; a military department specified in 5 U.S.C., SEC. 102; an independent establishment as defined in 5 U.S.C., SEC. 104(1); and a wholly-owned Government corporation fully subject to the provisions of 31 U.S.C., CHAPTER 91.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under EXECUTIVE AGENCY ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"Any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include - \n(i) the General Accounting Office; \n(ii) Federal Election Commission; \n(iii) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or \n(iv) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities. \nSee also executive agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under agency ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government-controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An executive department specified in 5 U.S.C. Sec. 101; a military department specified in 5 U.S.C. Sec. 102; an independent establishment as defined in 5 U.S.C. Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government- controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An executive Department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any department, subordinate element of a department, or independent organizational entity that is statutorily or constitutionally recognized as being part of the Executive Branch of the Federal Government.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Agency "}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Agency "}]},{"text":"See executive agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under federal agency ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under federal agency "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under federal agency "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under federal agency "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Agency "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Agency "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Agency "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Agency "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Agency "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Federal Agency "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Federal Agency "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under federal agency "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under agency "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under federal agency "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under agency "}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President) or any independent regulatory agency, but does not include: 1) the General Accounting Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States and their various subdivisions; or 4) government-owned, contractor-operated facilities, including laboratories engaged in national defense research and production activities. Also referred to as Federal Agency.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Agency ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec.102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Section 101; a military department specified in 5 U.S.C., Section 102; an independent establishment as defined in 5 U.S.C., Section 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"The term 'agency' means any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include ­\n(a) the General Accounting Office;\n(b) Federal Election Commission;\n(c) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or\n(d) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Agency ","refSources":[{"text":"44 U.S.C., Sec. 3502 (1)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"Any executive agency or department, military department, Federal Government corporation, Federal Government-controlled corporation, or other establishment in the Executive Branch of the Federal Government, or any independent regulatory agency. See executive agency.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"See Executive Agency","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Agency "},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Federal Agency "}]},{"text":"An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 105; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]}],"seeAlso":[{"text":"agency","link":"agency"}]},{"term":"Executive Office of the President","link":"https://csrc.nist.gov/glossary/term/executive_office_of_the_president","abbrSyn":[{"text":"EOP","link":"https://csrc.nist.gov/glossary/term/eop"}],"definitions":[{"text":"The President's immediate staff, along with entities such as the Office of Management and Budget, the National Security Staff, the Office of Science and Technology Policy, and the Office of Personnel Management.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]}]},{"term":"Executive Order","link":"https://csrc.nist.gov/glossary/term/executive_order","abbrSyn":[{"text":"E.O.","link":"https://csrc.nist.gov/glossary/term/e_o_"},{"text":"EO","link":"https://csrc.nist.gov/glossary/term/eo"}],"definitions":[{"text":"Legally binding orders given by the President, acting as the head of the Executive Branch, to Federal Administrative Agencies. Executive Orders are generally used to direct federal agencies and officials in their execution of congressionally established laws or policies.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under Executive Orders "}]}]},{"term":"Exercise","link":"https://csrc.nist.gov/glossary/term/exercise","definitions":[{"text":"A simulation of an emergency designed to validate the viability of one or more aspects of an IT plan.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Exercise Briefing","link":"https://csrc.nist.gov/glossary/term/exercise_briefing","definitions":[{"text":"Material that is presented to participants during an exercise to outline the exercise’s agenda, objectives, scenario, and other relevant information.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Exercise Director","link":"https://csrc.nist.gov/glossary/term/exercise_director","definitions":[{"text":"A person responsible for all aspects of an exercise, including staffing, development, conduct, and logistics.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"exfiltration","link":"https://csrc.nist.gov/glossary/term/exfiltration","definitions":[{"text":"The unauthorized transfer of information from an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Exfiltration "}]},{"text":"The unauthorized transfer of information from a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Existential unforgeability under adaptive chosen message attacks","link":"https://csrc.nist.gov/glossary/term/existential_unforgeability_under_adaptive_chosen_message_attacks","abbrSyn":[{"text":"EUF-CMA","link":"https://csrc.nist.gov/glossary/term/euf_cma"}],"definitions":null},{"term":"Existential Unforgeability under Chosen-Message Attack","link":"https://csrc.nist.gov/glossary/term/existential_unforgeability_under_chosen_message_attack","abbrSyn":[{"text":"EUF-CMA","link":"https://csrc.nist.gov/glossary/term/euf_cma"}],"definitions":null},{"term":"expected output","link":"https://csrc.nist.gov/glossary/term/expected_output","definitions":[{"text":"Any data collected from monitoring and assessments as part of the information security continuous monitoring (ISCM) strategy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"Any data collected from monitoring and assessments as part of the ISCM strategy.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Expected Output "}]}]},{"term":"Expected result","link":"https://csrc.nist.gov/glossary/term/expected_result","abbrSyn":[{"text":"XRES","link":"https://csrc.nist.gov/glossary/term/xres"}],"definitions":null},{"term":"Expected Value","link":"https://csrc.nist.gov/glossary/term/expected_value","abbrSyn":[{"text":"EV","link":"https://csrc.nist.gov/glossary/term/ev"}],"definitions":null},{"term":"expert determination","link":"https://csrc.nist.gov/glossary/term/expert_determination","definitions":[{"text":"Within the context of de-identification, refers to the Expert Determination method for de-identifying protected health information in accordance with the HIPAA Privacy Rule de-identification standard.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"exploitable channel","link":"https://csrc.nist.gov/glossary/term/exploitable_channel","definitions":[{"text":"Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See covert channel.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"covert channel","link":"covert_channel"}]},{"term":"Exposure","link":"https://csrc.nist.gov/glossary/term/exposure","definitions":[{"text":"Extent to which an organization and/or stakeholder is subject to a risk.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html","note":" - adapted"}]}]},{"text":"The combination of likelihood and impact levels for a risk.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"ext2fs","link":"https://csrc.nist.gov/glossary/term/ext2fs","abbrSyn":[{"text":"Second Extended File System","link":"https://csrc.nist.gov/glossary/term/second_extended_file_system"},{"text":"Second Extended Filesystem"}],"definitions":null},{"term":"ext3fs","link":"https://csrc.nist.gov/glossary/term/ext3fs","abbrSyn":[{"text":"Third Extended Filesystem","link":"https://csrc.nist.gov/glossary/term/third_extended_filesystem"}],"definitions":null},{"term":"eXtendable-Output Function (XOF)","link":"https://csrc.nist.gov/glossary/term/extendable_output_function","abbrSyn":[{"text":"XOF","link":"https://csrc.nist.gov/glossary/term/xof"}],"definitions":[{"text":"A function on bit strings in which the output can be extended to any desired length.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Extendable-Output Functions","link":"https://csrc.nist.gov/glossary/term/extendable_output_functions","abbrSyn":[{"text":"XOF","link":"https://csrc.nist.gov/glossary/term/xof"},{"text":"XOFs","link":"https://csrc.nist.gov/glossary/term/xofs"}],"definitions":null},{"term":"Extended Authentication","link":"https://csrc.nist.gov/glossary/term/extended_authentication","abbrSyn":[{"text":"XAUTH","link":"https://csrc.nist.gov/glossary/term/xauth"}],"definitions":null},{"term":"eXtended Automation Engineering","link":"https://csrc.nist.gov/glossary/term/extended_automation_engineering","abbrSyn":[{"text":"XAE","link":"https://csrc.nist.gov/glossary/term/xae"}],"definitions":null},{"term":"Extended CPE Dictionary","link":"https://csrc.nist.gov/glossary/term/extended_cpe_dictionary","definitions":[{"text":"A dictionary that an organization may create to house identifier names not found in the Official CPE Dictionary.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Extended Detection and Response","link":"https://csrc.nist.gov/glossary/term/extended_detection_and_response","abbrSyn":[{"text":"XDR","link":"https://csrc.nist.gov/glossary/term/xdr"}],"definitions":null},{"term":"Extended Key Usage","link":"https://csrc.nist.gov/glossary/term/extended_key_usage","abbrSyn":[{"text":"EKU","link":"https://csrc.nist.gov/glossary/term/eku"}],"definitions":null},{"term":"Extended Master Session Key","link":"https://csrc.nist.gov/glossary/term/extended_master_session_key","abbrSyn":[{"text":"EMSK","link":"https://csrc.nist.gov/glossary/term/emsk"}],"definitions":null},{"term":"eXtended Merkle Signature Scheme","link":"https://csrc.nist.gov/glossary/term/extended_merkle_signature_scheme","abbrSyn":[{"text":"XMSS","link":"https://csrc.nist.gov/glossary/term/xmss"}],"definitions":null},{"term":"eXtended Packet Number","link":"https://csrc.nist.gov/glossary/term/extended_packet_number","abbrSyn":[{"text":"XPN","link":"https://csrc.nist.gov/glossary/term/xpn"}],"definitions":null},{"term":"Extended Page Table","link":"https://csrc.nist.gov/glossary/term/extended_page_table","abbrSyn":[{"text":"EPT","link":"https://csrc.nist.gov/glossary/term/ept"}],"definitions":null},{"term":"Extended Sequence Number","link":"https://csrc.nist.gov/glossary/term/extended_sequence_number","abbrSyn":[{"text":"ESN","link":"https://csrc.nist.gov/glossary/term/esn"}],"definitions":null},{"term":"Extended Service Set","link":"https://csrc.nist.gov/glossary/term/extended_service_set","abbrSyn":[{"text":"ESS","link":"https://csrc.nist.gov/glossary/term/ess"}],"definitions":null},{"term":"Extended Service Set Identifier","link":"https://csrc.nist.gov/glossary/term/extended_service_set_identifier","abbrSyn":[{"text":"ESSID","link":"https://csrc.nist.gov/glossary/term/essid"}],"definitions":null},{"term":"Extended Simple Mail Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/extended_simple_mail_transfer_protocol","abbrSyn":[{"text":"ESMTP","link":"https://csrc.nist.gov/glossary/term/esmtp"}],"definitions":null},{"term":"Extended Validation","link":"https://csrc.nist.gov/glossary/term/extended_validation","abbrSyn":[{"text":"EV","link":"https://csrc.nist.gov/glossary/term/ev"}],"definitions":null},{"term":"Extended Validation Certificate","link":"https://csrc.nist.gov/glossary/term/extended_validation_certificate","definitions":[{"text":"A certificate used for HTTPS websites and software that includes identity information that has been subjected to an identity verification process standardized by the CA Browser Forum in its Baseline Requirements that verifies that the identified owner of the website for which the certificate has been issued has exclusive rights to use the domain; exists legally, operationally, and physically; and has authorized the issuance of the certificate.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]},{"text":"A certificate used for https websites and software that includes identity information, subjected to an identity verification process standardized by the CA Browser Forum in its Baseline Requirements which verifies the identified owner of the website for which the certificate has been issued has exclusive rights to use the domain; exists legally, operationally, and physically; and has authorized issuance of the certificate.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]},{"text":"A certificate used for https websites and software that includes identity information, subjected to an identity verification process standardized by the CA Browser Forum in its Baseline Requirements which verifies the identified owner of the website for which the certificate has been issued has exclusive rights to use the domain; exists legally, operationally, and physically; and has authorized the issuance of the certificate.","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Extended Validation (EV) Certificate "}]}]},{"term":"Extensible Authentication Protocol (EAP)","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol","abbrSyn":[{"text":"EAP","link":"https://csrc.nist.gov/glossary/term/eap"}],"definitions":[{"text":"A framework for adding arbitrary authentication methods in a standardized way to any protocol.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Extensible Authentication Protocol Flexible Authentication via Secure Tunneling","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_flexible_authentication_via_secure_tunneling","abbrSyn":[{"text":"EAP-FAST","link":"https://csrc.nist.gov/glossary/term/eap_fast"}],"definitions":null},{"term":"Extensible Authentication Protocol over LAN","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan","abbrSyn":[{"text":"EAPOL","link":"https://csrc.nist.gov/glossary/term/eapol"}],"definitions":null},{"term":"Extensible Authentication Protocol Over LAN Key Confirmation Key","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan_key_confirmation_key","abbrSyn":[{"text":"EAPOL-KCK","link":"https://csrc.nist.gov/glossary/term/eapol_kck"}],"definitions":null},{"term":"Extensible Authentication Protocol Over LAN Key Encryption Key","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_over_lan_key_encryption_key","abbrSyn":[{"text":"EAPOL-KEK","link":"https://csrc.nist.gov/glossary/term/eapol_kek"}],"definitions":null},{"term":"Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_microsoft_challenge_handshake_authentication_protocol_version_2","abbrSyn":[{"text":"EAP-MSCHAPv2","link":"https://csrc.nist.gov/glossary/term/eap_mschapv2"}],"definitions":null},{"term":"Extensible Authentication Protocol-Subscriber Identity Module","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_subscriber_identity_module","abbrSyn":[{"text":"EAP-SIM","link":"https://csrc.nist.gov/glossary/term/eap_sim"}],"definitions":null},{"term":"Extensible Authentication Protocol-Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_transport_layer_security","abbrSyn":[{"text":"EAP-TLS","link":"https://csrc.nist.gov/glossary/term/eap_tls"}],"definitions":null},{"term":"Extensible Authentication Protocol-Tunneled Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/extensible_authentication_protocol_tunneled_transport_layer_security","abbrSyn":[{"text":"EAP-TTLS","link":"https://csrc.nist.gov/glossary/term/eap_ttls"}],"definitions":null},{"term":"extensible configuration checklist description format (XCCDF)","link":"https://csrc.nist.gov/glossary/term/extensible_configuration_checklist_description_format_xccdf","definitions":[{"text":"SCAP language for specifying checklists and reporting checklist results.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Extensible Firmware Interface (EFI)","link":"https://csrc.nist.gov/glossary/term/extensible_firmware_interface","abbrSyn":[{"text":"EFI","link":"https://csrc.nist.gov/glossary/term/efi"}],"definitions":[{"text":"A specification for the interface between the operating system and the platform firmware. Version 1.10 of the EFI specifications was the final version of the EFI specifications, and subsequent revisions made by the Unified EFI Forum are part of the UEFI specifications.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"eXtensible HyperText Markup Language","link":"https://csrc.nist.gov/glossary/term/extensible_hypertext_markup_language","definitions":[{"text":"a unifying standard that brings the XML benefits of easy validation and troubleshooting to HTML.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"eXtensible Rights Markup Language","link":"https://csrc.nist.gov/glossary/term/extensible_rights_markup_language","abbrSyn":[{"text":"XrML","link":"https://csrc.nist.gov/glossary/term/xrml"}],"definitions":null},{"term":"eXtensible Stylesheet Language Transformation","link":"https://csrc.nist.gov/glossary/term/extensible_stylesheet_language_transformation","abbrSyn":[{"text":"XSLT","link":"https://csrc.nist.gov/glossary/term/xslt"}],"definitions":null},{"term":"Extension","link":"https://csrc.nist.gov/glossary/term/extension","definitions":[{"text":"The set of individual products to which a WFN refers.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"Extension Identifier","link":"https://csrc.nist.gov/glossary/term/extension_identifier","definitions":[{"text":"Any piece of identifying information provided in an asset identification element that is not explicitly defined in the Asset Identification schema.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Exterior Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/exterior_border_gateway_protocol","abbrSyn":[{"text":"eBGP","link":"https://csrc.nist.gov/glossary/term/ebgp"},{"text":"EBGP"}],"definitions":[{"text":"A BGP operation communicating routing information between two or more ASes.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54","underTerm":" under EBGP "}]}]},{"term":"external assessment engagement","link":"https://csrc.nist.gov/glossary/term/external_assessment_engagement","definitions":[{"text":"Formal engagement led by a third-party assessment organization.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"Formal engagement led by a third-party assessment organization that determines element judgments.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"External BGP","link":"https://csrc.nist.gov/glossary/term/external_bgp","abbrSyn":[{"text":"eBGP","link":"https://csrc.nist.gov/glossary/term/ebgp"}],"definitions":null},{"term":"external coordinator","link":"https://csrc.nist.gov/glossary/term/external_coordinator","abbrSyn":[{"text":"EC","link":"https://csrc.nist.gov/glossary/term/ec"}],"definitions":[{"text":"Any vulnerability disclosure entity that receives a vulnerability report that is not within the FCB or the VDPO; the EC may be a commercial vulnerability program with no relation to the Government or a separate VDPO within the Government, or it may be the developer of commercial or open-source software.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"External Data Representation","link":"https://csrc.nist.gov/glossary/term/external_data_representation","abbrSyn":[{"text":"XDR","link":"https://csrc.nist.gov/glossary/term/xdr"}],"definitions":null},{"term":"external information system (or component)","link":"https://csrc.nist.gov/glossary/term/external_information_system","definitions":[{"text":"An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under External Information System (or Component) "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under External Information System (or Component) "}]},{"text":"A system or component of a system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under external system (or component) "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under external system (or component) "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under external system (or component) "},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under external system (or component) "}]},{"text":"A system or system element that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required controls or the assessment of control effectiveness.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under external system (or component) "}]},{"text":"A system or component of a system that is used by but is not a part of an organizational system and for which the organization has no direct control over the implementation of required security and privacy controls or the assessment of control effectiveness.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under external system (or component) "}]}]},{"term":"external information system service","link":"https://csrc.nist.gov/glossary/term/external_information_system_service","definitions":[{"text":"A system service that is implemented outside of the authorization boundary of the organizational system (i.e., a service that is used by but not a part of the organizational system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under external system service "}]},{"text":"An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under External Information System Service "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under External Information System Service "}]},{"text":"A system service that is implemented outside of the authorization boundary of the organizational system (i.e., a service that is used by, but not a part of, the organizational system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under external system service "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under external system service "}]},{"text":"A system service that is implemented outside of the authorization boundary of the organizational system (i.e., a service that is used by, but not a part of, the organizational system) and for which the organization typically has no direct control over the application of required controls or the assessment of control effectiveness.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under external system service "}]},{"text":"A system service that is provided by an external service provider and for which the organization has no direct control over the implementation of required security and privacy controls or the assessment of control effectiveness.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under external system service "},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under external system service ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]}]},{"term":"external information system service provider","link":"https://csrc.nist.gov/glossary/term/external_information_system_service_provider","definitions":[{"text":"A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A provider of external system services to an organization through a variety of consumer-producer relationships including, but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under external system service provider "}]},{"text":"A provider of external information system services to an organization through a variety of consumer-producer relationships including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under External Information System Service Provider "}]},{"text":"A provider of external information system services to an organization through a variety of consumer-producer relationships including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain arrangements.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under External Information System Service Provider "}]},{"text":"A provider of external system services to an organization through a variety of consumer-producer relationships including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under external system service provider "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under external system service provider "}]},{"text":"A provider of external system services to an organization through a variety of consumer-producer relationships, including joint ventures, business partnerships, outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements), licensing agreements, and/or supply chain exchanges.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under external system service provider "},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under external system service provider ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under external system service provider ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]}]},{"term":"External Key","link":"https://csrc.nist.gov/glossary/term/external_key","definitions":[{"text":"An authorized key that is used from outside the organization (or outside the  environment considered for SSH user key management purposes), or an identity key that is used for authenticating to outside the organization (or outside the environment considered for SSH user key management purposes). Key rotation can break external keys, and therefore it must be ensured that the other side of trust relationships involving external keys is also properly updated as part of rotation. Alternatively, rotation of external keys may be prevented, but that is not a sustainable solution long-term.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"external network","link":"https://csrc.nist.gov/glossary/term/external_network","definitions":[{"text":"A network not controlled by the organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under External Network "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"external operational management role","link":"https://csrc.nist.gov/glossary/term/external_operational_management_role","definitions":[{"text":"A role intended to be performed by a manager who is typically a member of a key management infrastructure (KMI) customer organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"External Security Testing","link":"https://csrc.nist.gov/glossary/term/external_security_testing","definitions":[{"text":"Security testing conducted from outside the organization’s security perimeter.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Extraction-then-Expansion","link":"https://csrc.nist.gov/glossary/term/extraction_then_expansion","abbrSyn":[{"text":"E-E","link":"https://csrc.nist.gov/glossary/term/e_e"}],"definitions":null},{"term":"extranet","link":"https://csrc.nist.gov/glossary/term/extranet","definitions":[{"text":"A computer network that an organization uses for application data traffic between the organization and its business partners.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"extreme fast charging","link":"https://csrc.nist.gov/glossary/term/extreme_fast_charging","abbrSyn":[{"text":"XFC","link":"https://csrc.nist.gov/glossary/term/xfc"}],"definitions":null},{"term":"F.I.R.E.","link":"https://csrc.nist.gov/glossary/term/f_i_r_e_","abbrSyn":[{"text":"Forensic and Incident Response Environment","link":"https://csrc.nist.gov/glossary/term/forensic_and_incident_response_environment"}],"definitions":null},{"term":"FAA","link":"https://csrc.nist.gov/glossary/term/faa","abbrSyn":[{"text":"Federal Aviation Administration","link":"https://csrc.nist.gov/glossary/term/federal_aviation_administration"}],"definitions":null},{"term":"FACCI","link":"https://csrc.nist.gov/glossary/term/facci","abbrSyn":[{"text":"Florida Association of Computer Crime Investigators","link":"https://csrc.nist.gov/glossary/term/florida_association_of_computer_crime_investigators"}],"definitions":null},{"term":"Face Recognition Vendor Test","link":"https://csrc.nist.gov/glossary/term/face_recognition_vendor_test","abbrSyn":[{"text":"FRVT","link":"https://csrc.nist.gov/glossary/term/frvt"}],"definitions":null},{"term":"facilitated self-assessment","link":"https://csrc.nist.gov/glossary/term/facilitated_self_assessment","definitions":[{"text":"Less formal than an internal assessment engagement, the element judgments determined by participant consensus on each element for a given level.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"},{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212","underTerm":" under facilitated self‑assessment "}]}]},{"term":"Facilitator","link":"https://csrc.nist.gov/glossary/term/facilitator","definitions":[{"text":"A person that leads a discussion among exercise participants.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Facilitator Guide","link":"https://csrc.nist.gov/glossary/term/facilitator_guide","definitions":[{"text":"A document for an exercise facilitator that includes the material the facilitator needs for the exercise, such as the exercise’s purpose, scope, objectives, and scenario; a list of questions regarding the scenario that address the exercise’s objectives; and a copy of the IT plan being exercised.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"facility","link":"https://csrc.nist.gov/glossary/term/facility","definitions":[{"text":"Physical means or equipment for facilitating the performance of an action (e.g., buildings, instruments, tools).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"One or more physical locations containing systems or system components that process, store, or transmit information.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"One or more CKMS devices contained within a physically protected enclosure that is portable (e.g., a mobile phone or a laptop computer). The user of the mobile facility may be required to guard and protect the contents of the facility itself.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Facility (mobile device) "}]},{"text":"One or more CKMS devices contained within a physically protected enclosure. A facility for a static device is typically a room or building (including their contents) with locks, alarms, and/or guards.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Facility (static device) "}]},{"text":"The message type for a syslog message.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Facility "}]},{"text":"Physical means or equipment for facilitating the performance of an action, e.g., buildings, instruments, tools.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"FACT","link":"https://csrc.nist.gov/glossary/term/fact","abbrSyn":[{"text":"Act Fair and Accurate Credit Transaction Act of 2003","link":"https://csrc.nist.gov/glossary/term/act_fair_and_accurate_credit_transaction_act_of_2003"}],"definitions":null},{"term":"Fact Reference","link":"https://csrc.nist.gov/glossary/term/fact_reference","definitions":[{"text":"An expression that refers to a bound CPE name.","sources":[{"text":"NISTIR 7698","link":"https://doi.org/10.6028/NIST.IR.7698"}]}]},{"term":"Factor Analysis of Information Risk","link":"https://csrc.nist.gov/glossary/term/factor_analysis_of_information_risk","abbrSyn":[{"text":"FAIR","link":"https://csrc.nist.gov/glossary/term/fair"}],"definitions":null},{"term":"fail safe","link":"https://csrc.nist.gov/glossary/term/fail_safe","definitions":[{"text":"A mode of termination of system functions that prevents damage\nSee fail secure and fail soft for comparison.  to specified system resources and system entities (i.e., specified data, property, and life) when a failure occurs or is detected in the system (but the failure still might cause a security compromise).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"fail secure","link":"fail_secure"},{"text":"fail soft","link":"fail_soft"}]},{"term":"fail secure","link":"https://csrc.nist.gov/glossary/term/fail_secure","definitions":[{"text":"A mode of termination of system functions that prevents loss of secure state when a failure occurs or is detected in the system (but the failure still might cause damage to some system resource or system entity). \nSee fail safe and fail soft for comparison.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"fail safe","link":"fail_safe"},{"text":"fail soft","link":"fail_soft"}]},{"term":"fail soft","link":"https://csrc.nist.gov/glossary/term/fail_soft","definitions":[{"text":"Selective termination of affected, non-essential system functions when a failure occurs or is detected in the system. \nSee fail safe and fail secure for comparison.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"fail safe","link":"fail_safe"},{"text":"fail secure","link":"fail_secure"}]},{"term":"Fail to Known State","link":"https://csrc.nist.gov/glossary/term/fail_to_known_state","definitions":[{"text":"Upon a disruption event that causes the system to fail, it fails to a pre-determined state. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving manufacturing system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"NVD.NIST","link":"https://nvd.nist.gov/"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"NVD.NIST","link":"https://nvd.nist.gov/"}]}]}]},{"term":"failover","link":"https://csrc.nist.gov/glossary/term/failover","definitions":[{"text":"The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Failover "}]},{"text":"The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby system upon the failure or abnormal termination of the previously active system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"failure access","link":"https://csrc.nist.gov/glossary/term/failure_access","definitions":[{"text":"Type of incident in which unauthorized access to data results from hardware or software failure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"failure control","link":"https://csrc.nist.gov/glossary/term/failure_control","definitions":[{"text":"Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Failure Mode Effects Analysis","link":"https://csrc.nist.gov/glossary/term/failure_mode_effects_analysis","abbrSyn":[{"text":"FMEA","link":"https://csrc.nist.gov/glossary/term/fmea"}],"definitions":null},{"term":"Failure Modes, Effects, and Criticality Analysis","link":"https://csrc.nist.gov/glossary/term/failure_modes_effects_and_criticality_analysis","abbrSyn":[{"text":"FMECA","link":"https://csrc.nist.gov/glossary/term/fmeca"}],"definitions":null},{"term":"Failure to Enroll Rate","link":"https://csrc.nist.gov/glossary/term/failure_to_enroll_rate","abbrSyn":[{"text":"FTE","link":"https://csrc.nist.gov/glossary/term/fte"}],"definitions":null},{"term":"FAIR","link":"https://csrc.nist.gov/glossary/term/fair","abbrSyn":[{"text":"Factor Analysis of Information Risk","link":"https://csrc.nist.gov/glossary/term/factor_analysis_of_information_risk"}],"definitions":null},{"term":"Fair Evaluation of Lightweight Cryptographic Systems","link":"https://csrc.nist.gov/glossary/term/fair_evaluation_of_lightweight_cryptographic_systems","abbrSyn":[{"text":"FELICS","link":"https://csrc.nist.gov/glossary/term/felics"}],"definitions":null},{"term":"Fair Information Practice Principles","link":"https://csrc.nist.gov/glossary/term/fair_information_practice_principles","abbrSyn":[{"text":"FIPP","link":"https://csrc.nist.gov/glossary/term/fipp"},{"text":"FIPPs","link":"https://csrc.nist.gov/glossary/term/fipps"}],"definitions":[{"text":"Principles that are widely accepted in the United States and internationally as a general framework for privacy and that are reflected in various federal and international laws and policies. In a number of organizations, the principles serve as the basis for analyzing privacy risks and determining appropriate mitigation strategies.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"}]},{"text":"a set of principles that have been developed world-wide since the 1970s that provide guidance to organizations in the handling of personal data","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"FAL","link":"https://csrc.nist.gov/glossary/term/fal","abbrSyn":[{"text":"Federation Assurance Level"}],"definitions":[{"text":"A category describing the assertion protocol used by the federation to communicate authentication and attribute information (if applicable) to a relying party.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Federation Assurance Level "}]}]},{"term":"false accept rate (FAR)","link":"https://csrc.nist.gov/glossary/term/false_accept_rate","abbrSyn":[{"text":"FAR","link":"https://csrc.nist.gov/glossary/term/far"}],"definitions":[{"text":"Proportion of verification transactions with wrongful claims of identity that are incorrectly confirmed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 19795-1:2006"}]}]},{"text":"False Accept Rate (defined over an authentication transaction)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under FAR "}]}]},{"term":"false acceptance","link":"https://csrc.nist.gov/glossary/term/false_acceptance","definitions":[{"text":"When a biometric system incorrectly identifies a biometric subject or incorrectly authenticates a biometric subject against a claimed identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD Biometrics Enterprise Architecture (Integrated) v2.0"}]}]}]},{"term":"False Match Rate (FMR)","link":"https://csrc.nist.gov/glossary/term/false_match_rate","abbrSyn":[{"text":"FMR","link":"https://csrc.nist.gov/glossary/term/fmr"}],"definitions":[{"text":"False Match Rate (defined over single comparisons)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under FMR "}]},{"text":"The proportion of zero-effort impostor attempt samples falsely declared to match the compared non-self template","sources":[{"text":"NIST SP 800-140E","link":"https://doi.org/10.6028/NIST.SP.800-140E"}]}]},{"term":"False Negative","link":"https://csrc.nist.gov/glossary/term/false_negative","definitions":[{"text":"An instance in which a security tool intended to detect a particular threat fails to do so.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]},{"text":"Incorrectly classifying malicious activity as benign.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"False Non-Match Rate","link":"https://csrc.nist.gov/glossary/term/false_non_match_rate","abbrSyn":[{"text":"FNMR","link":"https://csrc.nist.gov/glossary/term/fnmr"}],"definitions":[{"text":"False Non-Match Rate (defined over single comparisons)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under FNMR "}]}]},{"term":"False Positive","link":"https://csrc.nist.gov/glossary/term/false_positive","definitions":[{"text":"An alert that incorrectly indicates that a vulnerability is present.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]},{"text":"An alert that incorrectly indicates that malicious activity is occurring.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]},{"text":"An instance in which a security tool incorrectly classifies benign content as malicious.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]},{"text":"Incorrectly classifying benign activity as malicious.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]},{"text":"An erroneous acceptance of the hypothesis that a statistically significant event has been observed. This is also referred to as a type 1 error. When “health-testing” the components of a device, it often refers to a declaration that a component has malfunctioned – based on some statistical test(s) – despite the fact that the component was actually working correctly.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under False positive "}]}]},{"term":"false reject rate (FRR)","link":"https://csrc.nist.gov/glossary/term/false_reject_rate","abbrSyn":[{"text":"FRR","link":"https://csrc.nist.gov/glossary/term/frr"}],"definitions":[{"text":"Proportion of verification transactions with truthful claims of identity that are incorrectly denied.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 19795-1:2006"}]}]},{"text":"False Reject Rate (defined over an authentication transaction)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2","underTerm":" under FRR "}]}]},{"term":"false rejection","link":"https://csrc.nist.gov/glossary/term/false_rejection","definitions":[{"text":"The failure of a biometric system to identify a biometric subject or to verify the legitimate claimed identity of a biometric subject.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIAP 7298","link":"https://www.niap-ccevs.org/MMO/PP/pp_bvm_mr_v1.0.pdf","note":" - Adapted"}]}]}]},{"term":"FAM","link":"https://csrc.nist.gov/glossary/term/fam","abbrSyn":[{"text":"Financial Audit Manual","link":"https://csrc.nist.gov/glossary/term/financial_audit_manual"}],"definitions":null},{"term":"Family and Educational Records Privacy Act","link":"https://csrc.nist.gov/glossary/term/family_and_educational_records_privacy_act","definitions":[{"text":"the primary law in the United States that governs the privacy of student educational records","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"FAQ","link":"https://csrc.nist.gov/glossary/term/faq","abbrSyn":[{"text":"Frequently Asked Questions","link":"https://csrc.nist.gov/glossary/term/frequently_asked_questions"}],"definitions":null},{"term":"FAR","link":"https://csrc.nist.gov/glossary/term/far","abbrSyn":[{"text":"False Accept Rate"},{"text":"Federal Acquisition Regulation"},{"text":"Federal Acquisition Regulations"}],"definitions":[{"text":"False Accept Rate (defined over an authentication transaction)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]},{"text":"The Federal Acquisition Regulations System is established for the codification and publication of uniform policies and procedures for acquisition by all executive agencies.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Federal Acquisition Regulation ","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]}]},{"term":"FASC","link":"https://csrc.nist.gov/glossary/term/fasc","abbrSyn":[{"text":"Federal Acquisition Security Council","link":"https://csrc.nist.gov/glossary/term/federal_acquisition_security_council"}],"definitions":null},{"term":"FASC-N","link":"https://csrc.nist.gov/glossary/term/fasc_n","abbrSyn":[{"text":"Federal Agency Smart Credential Number","link":"https://csrc.nist.gov/glossary/term/federal_agency_smart_credential_number"}],"definitions":[{"text":"One of the primary identifiers on the PIV Card for physical access control, as required by FIPS 201. The FASC-N is a fixed length (25 byte) data object that is specified in [NIST SP 800-73-4] and included in several data objects on a PIV Card.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Federal Agency Smart Credential Number "}]}]},{"term":"Fast Healthcare Interoperability Resources","link":"https://csrc.nist.gov/glossary/term/fast_healthcare_interoperability_resources","abbrSyn":[{"text":"FHIR","link":"https://csrc.nist.gov/glossary/term/fhir"}],"definitions":null},{"term":"Fast IDentity Online","link":"https://csrc.nist.gov/glossary/term/fast_identity_online","abbrSyn":[{"text":"FIDO","link":"https://csrc.nist.gov/glossary/term/fido"}],"definitions":null},{"term":"Fast Initial Link Setup","link":"https://csrc.nist.gov/glossary/term/fast_initial_link_setup","abbrSyn":[{"text":"FILS","link":"https://csrc.nist.gov/glossary/term/fils"}],"definitions":null},{"term":"Fast Transition","link":"https://csrc.nist.gov/glossary/term/fast_transition","abbrSyn":[{"text":"FT","link":"https://csrc.nist.gov/glossary/term/ft"}],"definitions":null},{"term":"FASTER","link":"https://csrc.nist.gov/glossary/term/faster","abbrSyn":[{"text":"Faster Administration of S&T Education and Research","link":"https://csrc.nist.gov/glossary/term/faster_administration_of_sandt_education_and_research"}],"definitions":null},{"term":"Faster Administration of S&T Education and Research","link":"https://csrc.nist.gov/glossary/term/faster_administration_of_sandt_education_and_research","abbrSyn":[{"text":"FASTER","link":"https://csrc.nist.gov/glossary/term/faster"}],"definitions":null},{"term":"FAT","link":"https://csrc.nist.gov/glossary/term/fat","abbrSyn":[{"text":"File Allocation Table","link":"https://csrc.nist.gov/glossary/term/file_allocation_table"}],"definitions":null},{"term":"Fault tolerance","link":"https://csrc.nist.gov/glossary/term/fault_tolerance","abbrSyn":[{"text":"FT","link":"https://csrc.nist.gov/glossary/term/ft"}],"definitions":[{"text":"A property of a system that allows proper operation even if components fail.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"fault tree analysis","link":"https://csrc.nist.gov/glossary/term/fault_tree_analysis","definitions":[{"text":"A top-down, deductive failure analysis in which an undesired state of a system (top event) is analyzed using Boolean logic to combine a series of lower-level events. An analytical approach whereby an undesired state of a system is specified and the system is then analyzed in the context of its environment of operation to find all realistic ways in which the undesired event (top event) can occur.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A top-down, deductive failure analysis in which an undesired state of a system (top event) is analyzed using Boolean logic to combine a series of lower-level events. \nAn analytical approach whereby an undesired state of a system is specified and the system is then analyzed in the context of its environment of operation to find all realistic ways in which the undesired event (top event) can occur.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Fault Tree Analysis "}]}]},{"term":"Faulty Operation","link":"https://csrc.nist.gov/glossary/term/faulty_operation","abbrSyn":[{"text":"FOP","link":"https://csrc.nist.gov/glossary/term/fop"}],"definitions":null},{"term":"FBCA","link":"https://csrc.nist.gov/glossary/term/fbca","abbrSyn":[{"text":"Federal Bridge Certificate Authority"},{"text":"Federal Bridge Certification Authority"}],"definitions":null},{"term":"FBI","link":"https://csrc.nist.gov/glossary/term/fbi","abbrSyn":[{"text":"Federal Bureau of Investigation","link":"https://csrc.nist.gov/glossary/term/federal_bureau_of_investigation"}],"definitions":null},{"term":"FC","link":"https://csrc.nist.gov/glossary/term/fc","abbrSyn":[{"text":"Fibre-Channel","link":"https://csrc.nist.gov/glossary/term/fibre_channel"},{"text":"Forensic Challenge","link":"https://csrc.nist.gov/glossary/term/forensic_challenge"}],"definitions":null},{"term":"FCB","link":"https://csrc.nist.gov/glossary/term/fcb","abbrSyn":[{"text":"Federal Coordination Body","link":"https://csrc.nist.gov/glossary/term/federal_coordination_body"}],"definitions":[{"text":"A group of cooperating entities that collectively provide high-level vulnerability disclosure coordination among government agencies; the FCB represents the primary mechanism by which vulnerabilities should be reported to the Government and for the Government to produce advisories about government vulnerabilities.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216","underTerm":" under Federal Coordination Body "}]}]},{"term":"FCC","link":"https://csrc.nist.gov/glossary/term/fcc","abbrSyn":[{"text":"Federal Communications Commission","link":"https://csrc.nist.gov/glossary/term/federal_communications_commission"}],"definitions":null},{"term":"FCC ID","link":"https://csrc.nist.gov/glossary/term/fcc_id","abbrSyn":[{"text":"Federal Communications Commission Identification Number"}],"definitions":null},{"term":"FCF","link":"https://csrc.nist.gov/glossary/term/fcf","abbrSyn":[{"text":"FCoE Forwarder","link":"https://csrc.nist.gov/glossary/term/fcoe_forwarder"}],"definitions":null},{"term":"FCIP","link":"https://csrc.nist.gov/glossary/term/fcip","abbrSyn":[{"text":"Fibre-Channel over IP","link":"https://csrc.nist.gov/glossary/term/fibre_channel_over_ip"}],"definitions":null},{"term":"FCKMS","link":"https://csrc.nist.gov/glossary/term/fckms","abbrSyn":[{"text":"Federal Cryptographic Key Management System","link":"https://csrc.nist.gov/glossary/term/federal_cryptographic_key_management_system"}],"definitions":[{"text":"Federal Cryptographic Key Management System. A CKMS that conforms to the requirements of SP 800-152.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"An FCKMS whose data have been subjected to unauthorized access, modification, or disclosure while contained within the FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under FCKMS (compromised) "}]}]},{"term":"FCKMS architecture","link":"https://csrc.nist.gov/glossary/term/fckms_architecture","definitions":[{"text":"The structure of an operational FCKMS, including descriptions and diagrams of the types and locations of all its facilities, FCKMS modules, devices, support utilities, and communications.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS Component (Component)","link":"https://csrc.nist.gov/glossary/term/fckms_component","definitions":[{"text":"Any hardware, software, or firmware that is used to implement an FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS Device (Device)","link":"https://csrc.nist.gov/glossary/term/fckms_device","definitions":[{"text":"Any combination of FCKMS components that serve a specific purpose (e.g., firewalls, routers, transmission devices, cryptographic modules, and data storage devices).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS documentation","link":"https://csrc.nist.gov/glossary/term/fckms_documentation","definitions":[{"text":"The documentation collected or produced by the FCKMS service-providing organization (including the design documentation of the CKMS that will be the foundation of the FCKMS) that states what services and functions are to be provided to FCKMS service-using organizations.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS functions","link":"https://csrc.nist.gov/glossary/term/fckms_functions","definitions":[{"text":"Functions that perform cryptographic key and metadata management operations (see Section 6.4 for examples).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS module","link":"https://csrc.nist.gov/glossary/term/fckms_module","definitions":[{"text":"A device that performs a set of key and metadata-management functions for at least one FCKMS and is associated with a cryptographic module. The device may be implemented as hardware, software, and/or firmware.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS personnel","link":"https://csrc.nist.gov/glossary/term/fckms_personnel","definitions":[{"text":"The individuals of an FCKMS service-providing organization that are authorized to assume the supported roles of the FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS Security Domain","link":"https://csrc.nist.gov/glossary/term/fckms_security_domain","definitions":[{"text":"A collection of entities that share a common FCKMS Security Policy","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS Security Policy","link":"https://csrc.nist.gov/glossary/term/fckms_security_policy","definitions":[{"text":"A security policy specific to an FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The security policy defined by an FCKMS service provider and the FCKMS service-using organization that specifies how the FCKMS will be operated.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS service provider (FCKMS service-providing organization)","link":"https://csrc.nist.gov/glossary/term/fckms_service_provider","definitions":[{"text":"An entity that provides FCKMS key-management services to one or more FCKMS service-using organizations in accordance with their respective FCKMS Security Policies.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS services (protections)","link":"https://csrc.nist.gov/glossary/term/fckms_services","definitions":[{"text":"Protections provided to data, such as data integrity authentication, confidentiality, and source authentication.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCKMS service-using organization","link":"https://csrc.nist.gov/glossary/term/fckms_service_using_organization","definitions":[{"text":"A Federal organization or contractor that has selected an FCKMS service provider to provide key-management services.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FCL","link":"https://csrc.nist.gov/glossary/term/fcl","abbrSyn":[{"text":"Final Checklist List"}],"definitions":null},{"term":"FCoE","link":"https://csrc.nist.gov/glossary/term/fcoe","abbrSyn":[{"text":"Fibre-Channel over Ethernet","link":"https://csrc.nist.gov/glossary/term/fibre_channel_over_ethernet"}],"definitions":null},{"term":"FCoE Forwarder","link":"https://csrc.nist.gov/glossary/term/fcoe_forwarder","abbrSyn":[{"text":"FCF","link":"https://csrc.nist.gov/glossary/term/fcf"}],"definitions":null},{"term":"FCoE Initialization Protocol","link":"https://csrc.nist.gov/glossary/term/fcoe_initialization_protocol","abbrSyn":[{"text":"FIP","link":"https://csrc.nist.gov/glossary/term/fip"}],"definitions":null},{"term":"FCS","link":"https://csrc.nist.gov/glossary/term/fcs","abbrSyn":[{"text":"Frame Check Sequence","link":"https://csrc.nist.gov/glossary/term/frame_check_sequence"}],"definitions":null},{"term":"FCSM","link":"https://csrc.nist.gov/glossary/term/fcsm","abbrSyn":[{"text":"Federal Committee on Statistical Methodology","link":"https://csrc.nist.gov/glossary/term/federal_committee_on_statistical_methodology"},{"text":"Federal Computer Security Managers","link":"https://csrc.nist.gov/glossary/term/federal_computer_security_managers"},{"text":"Federal Computer Security Program Managers","link":"https://csrc.nist.gov/glossary/term/federal_computer_security_program_managers"}],"definitions":[{"text":"An interagency committee dedicated to improving the quality of Federal statistics. The FCSM was created by the Office of Management and Budget (OMB) to inform and advise OMB and the Interagency Council on Statistical Policy (ICSP) on methodological and statistical issues that affect the quality of Federal data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under Federal Committee on Statistical Methodology "}]}]},{"term":"FDA","link":"https://csrc.nist.gov/glossary/term/fda","abbrSyn":[{"text":"Food and Drug Administration","link":"https://csrc.nist.gov/glossary/term/food_and_drug_administration"},{"text":"U.S. Food and Drug Administration"}],"definitions":null},{"term":"FDCC","link":"https://csrc.nist.gov/glossary/term/fdcc","abbrSyn":[{"text":"Federal Desktop Core Configuration"}],"definitions":null},{"term":"FDCE","link":"https://csrc.nist.gov/glossary/term/fdce","abbrSyn":[{"text":"Federated Development and Certification Environment","link":"https://csrc.nist.gov/glossary/term/federated_development_and_certification_environment"}],"definitions":null},{"term":"FDE","link":"https://csrc.nist.gov/glossary/term/fde","abbrSyn":[{"text":"Full Disk Encryption","link":"https://csrc.nist.gov/glossary/term/full_disk_encryption"}],"definitions":null},{"term":"FDIS","link":"https://csrc.nist.gov/glossary/term/fdis","abbrSyn":[{"text":"Final Draft International Standard","link":"https://csrc.nist.gov/glossary/term/final_draft_international_standard"}],"definitions":null},{"term":"FDNA","link":"https://csrc.nist.gov/glossary/term/fdna","abbrSyn":[{"text":"Functional Dependency Network Analysis","link":"https://csrc.nist.gov/glossary/term/functional_dependency_network_analysis"}],"definitions":null},{"term":"FEA","link":"https://csrc.nist.gov/glossary/term/fea","abbrSyn":[{"text":"Federal Enterprise Architecture"}],"definitions":[{"text":"A business-based framework for governmentwide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal Enterprise Architecture ","refSources":[{"text":"FEA Program Management Office"}]}]},{"text":"A business-based framework for government-wide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Federal Enterprise Architecture ","refSources":[{"text":"FEA Program Management Office"}]}]}]},{"term":"Feasible Path Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/feasible_path_unicast_reverse_path_forwarding","abbrSyn":[{"text":"FP-uRPF","link":"https://csrc.nist.gov/glossary/term/fp_urpf"}],"definitions":null},{"term":"FEA-SPP","link":"https://csrc.nist.gov/glossary/term/fea_spp","abbrSyn":[{"text":"Federal Enterprise Architecture Security and Privacy Profile","link":"https://csrc.nist.gov/glossary/term/federal_enterprise_architecture_security_and_privacy_profile"}],"definitions":null},{"term":"Feature extraction function","link":"https://csrc.nist.gov/glossary/term/feature_extraction_function","definitions":[{"text":"identifies and extracts features/attributes from each digital artifact. The mechanism by which features are picked and interpreted depends on the approximate matching algorithm. The representation of this collection is the similarity digest of the object.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Feature Phone","link":"https://csrc.nist.gov/glossary/term/feature_phone","definitions":[{"text":"A mobile device that primarily provide users with simple voice and text messaging services.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Feature set","link":"https://csrc.nist.gov/glossary/term/feature_set","definitions":[{"text":"The set of all features associated with a single artifact is its feature set. Each algorithm must include a criteria by which candidate features are selected for inclusion in this set. For example, an algorithm might select all the (byte, offset) pairs produced by reading every 16th byte in the artifact.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Features","link":"https://csrc.nist.gov/glossary/term/features","definitions":[{"text":"The basic elements through which artifacts are compared. Comparison of two features always yields a binary {0, 1} outcome indicating a match or non-match; because features are defined as the most basic comparison unit that the algorithm considers, partial matches are not permitted. Generally, a feature can be any value derived from an artifact. Each approximate matching algorithm must define the structure of its features and the method by which they are derived. For example, an algorithm might define a feature as a (byte, offset) pair produced by reading the value of a byte and storing it along with the offset at which it was read.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Federal Acquisition Security Council","link":"https://csrc.nist.gov/glossary/term/federal_acquisition_security_council","abbrSyn":[{"text":"FASC","link":"https://csrc.nist.gov/glossary/term/fasc"}],"definitions":null},{"term":"federal agency","link":"https://csrc.nist.gov/glossary/term/federal_agency","abbrSyn":[{"text":"Agency"},{"text":"executive agency","link":"https://csrc.nist.gov/glossary/term/executive_agency"},{"text":"Executive Agency"}],"definitions":[{"text":"See Agency.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under FEDERAL AGENCY "}]},{"text":"An executive department specified in 5 U.S.C. Sec. 101; a military department specified in 5 U.S.C. Sec. 102; an independent establishment as defined in 5 U.S.C. Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under executive agency "}]},{"text":"An executive Department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any department, subordinate element of a department, or independent organizational entity that is statutorily or constitutionally recognized as being part of the Executive Branch of the Federal Government.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Agency "}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Agency "}]},{"text":"See executive agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Agency "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Agency "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Agency "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Agency "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Agency "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Agency "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Federal Agency "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Federal Agency "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Federal Agency "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under executive agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under executive agency ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any executive department, military department, government corporation, government-controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President) or any independent regulatory agency, but does not include: 1) the General Accounting Office; 2) the Federal Election Commission; 3) the governments of the District of Columbia and of the territories and possessions of the United States and their various subdivisions; or 4) government-owned, contractor-operated facilities, including laboratories engaged in national defense research and production activities. Also referred to as Federal Agency.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Agency ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 101; a military department specified in 5 U.S.C., Sec.102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); or a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Section 101; a military department specified in 5 U.S.C., Section 102; an independent establishment as defined in 5 U.S.C., Section 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C. Chapter 91.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"The term 'agency' means any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the government (including the Executive Office of the President), or any independent regulatory agency, but does not include ­\n(a) the General Accounting Office;\n(b) Federal Election Commission;\n(c) the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; or\n(d) Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Agency ","refSources":[{"text":"44 U.S.C., Sec. 3502 (1)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"See Executive Agency","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Agency "},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Federal Agency "}]},{"text":"An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Executive Agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]},{"text":"An executive department specified in 5 U.S.C., Sec. 105; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under executive agency ","refSources":[{"text":"41 U.S.C., Sec. 403","link":"https://www.govinfo.gov/app/details/USCODE-1994-title41/USCODE-1994-title41-chap7-sec403"}]}]}]},{"term":"Federal Agency Smart Credential Number","link":"https://csrc.nist.gov/glossary/term/federal_agency_smart_credential_number","abbrSyn":[{"text":"FASC-N","link":"https://csrc.nist.gov/glossary/term/fasc_n"}],"definitions":[{"text":"One of the primary identifiers on the PIV Card for physical access control, as required by FIPS 201. The FASC-N is a fixed length (25 byte) data object that is specified in [NIST SP 800-73-4] and included in several data objects on a PIV Card.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Federal Aviation Administration","link":"https://csrc.nist.gov/glossary/term/federal_aviation_administration","abbrSyn":[{"text":"FAA","link":"https://csrc.nist.gov/glossary/term/faa"}],"definitions":null},{"term":"federal bridge certification authority (FBCA)","link":"https://csrc.nist.gov/glossary/term/federal_bridge_certification_authority","abbrSyn":[{"text":"FBCA","link":"https://csrc.nist.gov/glossary/term/fbca"}],"definitions":[{"text":"The Federal Bridge certification authority (CA) consists of a collection of public key infrastructure (PKI) components (Certificate Authorities, Directories, Certificate Policies and Certificate Practice Statements) that are used to provide peer to peer interoperability among Agency Principal Certification Authorities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"The Federal Bridge Certification Authority consists of a collection of Public Key Infrastructure components (Certificate Authorities, Directories, Certificate Policies and Certificate Practice Statements) that are used to provide peer to peer interoperability among Agency Principal Certification Authorities.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Federal Bridge Certification Authority (FBCA) "}]},{"text":"The FBCA is the entity operated by the Federal Public Key Infrastructure (FPKI) Management Authority that is authorized by the Federal PKI Policy Authority to create, sign, and issue public key certificates to Principal CAs.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Federal Bridge Certification Authority (FBCA) "}]}]},{"term":"Federal Bureau of Investigation","link":"https://csrc.nist.gov/glossary/term/federal_bureau_of_investigation","abbrSyn":[{"text":"FBI","link":"https://csrc.nist.gov/glossary/term/fbi"}],"definitions":null},{"term":"Federal Committee on Statistical Methodology","link":"https://csrc.nist.gov/glossary/term/federal_committee_on_statistical_methodology","abbrSyn":[{"text":"FCSM","link":"https://csrc.nist.gov/glossary/term/fcsm"}],"definitions":[{"text":"An interagency committee dedicated to improving the quality of Federal statistics. The FCSM was created by the Office of Management and Budget (OMB) to inform and advise OMB and the Interagency Council on Statistical Policy (ICSP) on methodological and statistical issues that affect the quality of Federal data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Federal Communications Commission","link":"https://csrc.nist.gov/glossary/term/federal_communications_commission","abbrSyn":[{"text":"FCC","link":"https://csrc.nist.gov/glossary/term/fcc"}],"definitions":null},{"term":"Federal Communications Commission identification number","link":"https://csrc.nist.gov/glossary/term/federal_communications_commission_identification_number","abbrSyn":[{"text":"FCC ID","link":"https://csrc.nist.gov/glossary/term/fcc_id"}],"definitions":[{"text":"an identifier found on all wireless phones legally sold in the US, which is issued by the FCC.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Federal Computer Security Managers","link":"https://csrc.nist.gov/glossary/term/federal_computer_security_managers","abbrSyn":[{"text":"FCSM","link":"https://csrc.nist.gov/glossary/term/fcsm"}],"definitions":null},{"term":"Federal Computer Security Program Managers","link":"https://csrc.nist.gov/glossary/term/federal_computer_security_program_managers","abbrSyn":[{"text":"FCSM","link":"https://csrc.nist.gov/glossary/term/fcsm"}],"definitions":null},{"term":"federal coordination","link":"https://csrc.nist.gov/glossary/term/federal_coordination","definitions":[{"text":"A set of aligned activities across the Federal Government, including identifying and engaging stakeholders, mediating, communicating, and other planning to support vulnerability disclosure.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Federal Coordination Body","link":"https://csrc.nist.gov/glossary/term/federal_coordination_body","abbrSyn":[{"text":"FCB","link":"https://csrc.nist.gov/glossary/term/fcb"}],"definitions":[{"text":"A group of cooperating entities that collectively provide high-level vulnerability disclosure coordination among government agencies; the FCB represents the primary mechanism by which vulnerabilities should be reported to the Government and for the Government to produce advisories about government vulnerabilities.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Federal Cryptographic Key Management System","link":"https://csrc.nist.gov/glossary/term/federal_cryptographic_key_management_system","abbrSyn":[{"text":"FCKMS","link":"https://csrc.nist.gov/glossary/term/fckms"}],"definitions":[{"text":"Federal Cryptographic Key Management System. A CKMS that conforms to the requirements of SP 800-152.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under FCKMS "}]}]},{"term":"Federal Dashboard","link":"https://csrc.nist.gov/glossary/term/federal_dashboard","definitions":[{"text":"A dashboard instance that: \n• Collects summary data from the base-level dashboards across multiple organizations; and \n• Does not collect defects at the assessment object-level data or defects. It summarizes federal level defects and assessment object categories, but not local (base) level defects or local (base) categories.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Federal Desktop Core Configuration (FDCC)","link":"https://csrc.nist.gov/glossary/term/federal_desktop_core_configuration","abbrSyn":[{"text":"FDCC","link":"https://csrc.nist.gov/glossary/term/fdcc"}],"definitions":[{"text":"OMB-mandated set of security configurations for all federal workstation and laptop devices that run either Windows XP or Vista.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Federal Emergency Management Agency","link":"https://csrc.nist.gov/glossary/term/federal_emergency_management_agency","abbrSyn":[{"text":"FEMA","link":"https://csrc.nist.gov/glossary/term/fema"}],"definitions":null},{"term":"Federal Energy Regulatory Commission","link":"https://csrc.nist.gov/glossary/term/federal_energy_regulatory_commission","abbrSyn":[{"text":"FERC","link":"https://csrc.nist.gov/glossary/term/ferc"}],"definitions":null},{"term":"federal enterprise architecture (FEA)","link":"https://csrc.nist.gov/glossary/term/federal_enterprise_architecture","abbrSyn":[{"text":"FEA","link":"https://csrc.nist.gov/glossary/term/fea"}],"definitions":[{"text":"A business-based framework for governmentwide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under federal enterprise architecture ","refSources":[{"text":"OMB FEA v2","link":"https://obamawhitehouse.archives.gov/omb/e-gov/fea"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal Enterprise Architecture ","refSources":[{"text":"FEA Program Management Office"}]}]},{"text":"A business-based framework for government-wide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Federal Enterprise Architecture ","refSources":[{"text":"FEA Program Management Office"}]}]},{"text":"a framework that describes the relationship between business functions and the technologies and information that support them. Major IT investments will be aligned against each reference model within the FEA framework.","sources":[{"text":"NIST SP 800-65","link":"https://doi.org/10.6028/NIST.SP.800-65","note":" [Withdrawn]","underTerm":" under Federal Enterprise Architecture (FEA) "}]},{"text":"A business-based framework that the Office of Management and Budget (OMB) developed for government-wide improvement in developing enterprise architectures (EAs) by providing a common framework to identify opportunities for simplifying processes and unifying work across the Federal Government.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 24","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Federal Enterprise Architecture Security and Privacy Profile","link":"https://csrc.nist.gov/glossary/term/federal_enterprise_architecture_security_and_privacy_profile","abbrSyn":[{"text":"FEA-SPP","link":"https://csrc.nist.gov/glossary/term/fea_spp"}],"definitions":null},{"term":"Federal Financial Institutions Examination Council","link":"https://csrc.nist.gov/glossary/term/federal_financial_institutions_examination_council","abbrSyn":[{"text":"FFIEC","link":"https://csrc.nist.gov/glossary/term/ffiec"}],"definitions":null},{"term":"Federal Financial Management Improvement Act","link":"https://csrc.nist.gov/glossary/term/federal_financial_management_improvement_act","abbrSyn":[{"text":"FFMIA","link":"https://csrc.nist.gov/glossary/term/ffmia"}],"definitions":null},{"term":"Federal Highway Administration","link":"https://csrc.nist.gov/glossary/term/federal_highway_administration","abbrSyn":[{"text":"FHWA","link":"https://csrc.nist.gov/glossary/term/fhwa"}],"definitions":null},{"term":"Federal Identity Credentialing Committee","link":"https://csrc.nist.gov/glossary/term/federal_identity_credentialing_committee","abbrSyn":[{"text":"FICC","link":"https://csrc.nist.gov/glossary/term/ficc"}],"definitions":null},{"term":"Federal Identity, Credential, and Access Management","link":"https://csrc.nist.gov/glossary/term/federal_identity_credential_and_access_management","abbrSyn":[{"text":"FICAM","link":"https://csrc.nist.gov/glossary/term/ficam"}],"definitions":null},{"term":"federal information processing","link":"https://csrc.nist.gov/glossary/term/federal_information_processing","definitions":[{"text":"A standard for adoption and use by Federal agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]}]},{"term":"Federal Information Processing Standard (FIPS)","link":"https://csrc.nist.gov/glossary/term/federal_information_processing_standard","abbrSyn":[{"text":"FIPS","link":"https://csrc.nist.gov/glossary/term/fips"}],"definitions":[{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology to achieve a common level of quality or some level of interoperability.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Federal Information Processing Standards "}]},{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Federal Information Processing Standard ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Federal Information Processing Standards (FIPS) ","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Federal Information Processing Standards (FIPS) ","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Federal Information Processing Standards (FIPS) ","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Federal Information Processing Standards ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]}]},{"text":"Federal Information Processing Standard.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under FIPS "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under FIPS "}]},{"text":"Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves the standards and guidelines that the National Institute of Standards and Technology (NIST) develops for federal computer systems. NIST issues these standards and guidelines as Federal Information Processing Standards (FIPS) for governmentwide use. NIST develops FIPS when there are compelling federal government requirements, such as for security and interoperability, and there are no acceptable industry standards or solutions. See background information for more details.\nFIPS documents are available online on the FIPS home page: http://www.nist.gov/itl/fips.cfm","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST. A standard in FIPS covers a specific topic in information technology to achieve a common level of quality or some level of interoperability.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under Federal Information Processing Standards "}]},{"text":"Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves the standards and guidelines that the National Institute of Standards and Technology (NIST) develops for federal computer systems. NIST issues these standards and guidelines as Federal Information Processing Standards (FIPS) for government-wide use. NIST develops FIPS when there are compelling federal government requirements, such as for security and interoperability, and there are no acceptable industry standards or solutions. See background information for more details. \nFIPS documents are available online on the FIPS home page: http://www.nist.gov/itl/fips.cfm","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A standard for adoption and use by Federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology to achieve a common level of quality or some level of interoperability.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Federal Information Processing Standards (FIPS) "}]},{"text":"Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details. \nFIPS documents are available online through the FIPS home page: http://www.nist.gov/itl/fips.cfm","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Federal Information Security","link":"https://csrc.nist.gov/glossary/term/federal_information_security","definitions":[{"text":"Title III of the E-Government Act requiring each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]}]},{"term":"federal information system","link":"https://csrc.nist.gov/glossary/term/federal_information_system","definitions":[{"text":"An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under FEDERAL INFORMATION SYSTEM ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 101","link":"https://www.govinfo.gov/app/details/USCODE-2011-title40/USCODE-2011-title40-subtitleI-chap1-subchapI-sec101"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Federal InformationSystem ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Federal Information System ","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"40 U.S.C., Sec. 11331","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap113-subchapIII-sec11331"}]}]}]},{"term":"Federal Information System Controls Audit Manual","link":"https://csrc.nist.gov/glossary/term/federal_information_system_controls_audit_manual","abbrSyn":[{"text":"FISCAM","link":"https://csrc.nist.gov/glossary/term/fiscam"}],"definitions":null},{"term":"Federal Information Systems Security Educators’ Association","link":"https://csrc.nist.gov/glossary/term/federal_information_systems_security_educators_association","abbrSyn":[{"text":"FISSEA","link":"https://csrc.nist.gov/glossary/term/fissea"}],"definitions":[{"text":"theFederal Information Systems Security Educator’s Association, an organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under FISSEA "}]}]},{"term":"Federal Information Technology Security Assessment Framework","link":"https://csrc.nist.gov/glossary/term/federal_information_technology_security_assessment_framework","abbrSyn":[{"text":"FITSAF","link":"https://csrc.nist.gov/glossary/term/fitsaf"}],"definitions":null},{"term":"Federal Law Enforcement Training Center","link":"https://csrc.nist.gov/glossary/term/federal_law_enforcement_training_center","abbrSyn":[{"text":"FLETC","link":"https://csrc.nist.gov/glossary/term/fletc"}],"definitions":null},{"term":"Federal Managers Financial Integrity Act","link":"https://csrc.nist.gov/glossary/term/federal_managers_financial_integrity_act","abbrSyn":[{"text":"FMFIA","link":"https://csrc.nist.gov/glossary/term/fmfia"}],"definitions":null},{"term":"Federal Motor Carrier Safety Administration","link":"https://csrc.nist.gov/glossary/term/federal_motor_carrier_safety_administration","abbrSyn":[{"text":"FMCSA","link":"https://csrc.nist.gov/glossary/term/fmcsa"}],"definitions":null},{"term":"Federal Network Resiliency","link":"https://csrc.nist.gov/glossary/term/federal_network_resiliency","abbrSyn":[{"text":"FRN","link":"https://csrc.nist.gov/glossary/term/frn"}],"definitions":null},{"term":"Federal Policy for the Protection of Human Subjects","link":"https://csrc.nist.gov/glossary/term/federal_policy_for_the_protection_of_human_subjects","abbrSyn":[{"text":"The Common Rule","link":"https://csrc.nist.gov/glossary/term/the_common_rule"}],"definitions":null},{"term":"Federal Preparedness Circular","link":"https://csrc.nist.gov/glossary/term/federal_preparedness_circular","abbrSyn":[{"text":"FPC","link":"https://csrc.nist.gov/glossary/term/fpc"}],"definitions":null},{"term":"Federal Profile","link":"https://csrc.nist.gov/glossary/term/federal_profile","definitions":[{"text":"Profile of the IoT device cybersecurity capability core baseline [NISTIR 8259A] and non-technical supporting capability core baseline [NISTIR 8259B] to provide security guidance provided to federal government organizations related to IoT devices.","sources":[{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Federal Railroad Administration","link":"https://csrc.nist.gov/glossary/term/federal_railroad_administration","abbrSyn":[{"text":"FRA","link":"https://csrc.nist.gov/glossary/term/fra"}],"definitions":null},{"term":"Federal Register Notice","link":"https://csrc.nist.gov/glossary/term/federal_register_notice","abbrSyn":[{"text":"FRN","link":"https://csrc.nist.gov/glossary/term/frn"}],"definitions":null},{"term":"Federal Resource Management Regulation","link":"https://csrc.nist.gov/glossary/term/federal_resource_management_regulation","abbrSyn":[{"text":"FIRMR","link":"https://csrc.nist.gov/glossary/term/firmr"}],"definitions":null},{"term":"Federal Risk and Authorization Management Program","link":"https://csrc.nist.gov/glossary/term/federal_risk_and_authorization_management_program","abbrSyn":[{"text":"FedRAMP","link":"https://csrc.nist.gov/glossary/term/fedramp"},{"text":"FEDRAMP"}],"definitions":null},{"term":"Federal Transit Administration","link":"https://csrc.nist.gov/glossary/term/federal_transit_administration","abbrSyn":[{"text":"FTA","link":"https://csrc.nist.gov/glossary/term/fta"}],"definitions":null},{"term":"Federally Funded Research and Development Center","link":"https://csrc.nist.gov/glossary/term/federally_funded_research_and_development_center","abbrSyn":[{"text":"FFRDC","link":"https://csrc.nist.gov/glossary/term/ffrdc"}],"definitions":null},{"term":"Federated Development and Certification Environment","link":"https://csrc.nist.gov/glossary/term/federated_development_and_certification_environment","abbrSyn":[{"text":"FDCE","link":"https://csrc.nist.gov/glossary/term/fdce"}],"definitions":null},{"term":"Federated Identity Management","link":"https://csrc.nist.gov/glossary/term/federated_identity_management","definitions":[{"text":"A process that allows for the conveyance of identity and authentication information across a set of networked systems.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","refSources":[{"text":"NIST SP 800-63C","link":"https://doi.org/10.6028/NIST.SP.800-63c"}]}]}]},{"term":"Federated Identity, Credential and Access Management","link":"https://csrc.nist.gov/glossary/term/federated_identity_credential_and_access_management","abbrSyn":[{"text":"FICAM","link":"https://csrc.nist.gov/glossary/term/ficam"}],"definitions":null},{"term":"Federated Trust","link":"https://csrc.nist.gov/glossary/term/federated_trust","definitions":[{"text":"Trust established within a federation, enabling each of the mutually trusting realms to share and use trust information (e.g., credentials) obtained from any of the other mutually trusting realms.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Federation Language (WS-Federation) (Version 1.0, 8 July 2003)","link":"http://xml.coverpages.org/WS-Federation.pdf"}]}]}]},{"term":"federation","link":"https://csrc.nist.gov/glossary/term/federation","definitions":[{"text":"A collection of realms (domains) that have established trust among themselves. The level of trust may vary but typically includes authentication and may include authorization.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]}]},{"text":"A process that allows for the conveyance of identity and authentication information across a set of networked systems.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Federation "}]},{"text":"A collection of realms (domains) that have established trust among themselves. The level of trust may vary, but typically includes authentication and may include authorization.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]},{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Federation ","refSources":[{"text":"Web Services Federation Language (WS-Federation) (Version 1.0, 8 July 2003)","link":"http://xml.coverpages.org/WS-Federation.pdf"}]}]},{"text":"A process that allows the conveyance of identity and authentication information across a set of networked systems.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Federation "}]}]},{"term":"Federation Administrators","link":"https://csrc.nist.gov/glossary/term/federation_administrators","abbrSyn":[{"text":"Trust Framework Operators","link":"https://csrc.nist.gov/glossary/term/trust_framework_operators"},{"text":"Trust Framework Providers","link":"https://csrc.nist.gov/glossary/term/trust_framework_providers"}],"definitions":[{"text":"The entity responsible for the governance and administration of an identity federation.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]},{"text":"See Federation Administrators.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Trust Framework Operators "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Trust Framework Providers "}]}]},{"term":"Federation Assurance Level (FAL)","link":"https://csrc.nist.gov/glossary/term/federation_assurance_level","abbrSyn":[{"text":"FAL","link":"https://csrc.nist.gov/glossary/term/fal"}],"definitions":[{"text":"A category that describes the federation protocol used to communicate an assertion containing authentication and attribute information (if applicable) to an RP, as defined in [NIST SP 800-63-3] in terms of three levels: FAL 1 (Some confidence), FAL 2 (High confidence), FAL 3 (Very high confidence).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A category describing the assertion protocol used by the federation to communicate authentication and attribute information (if applicable) to an RP.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A category describing the assertion protocol used by the federation to communicate authentication and attribute information (if applicable) to a relying party.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Federation Assurance Level "}]}]},{"term":"Federation Credential Service Provider","link":"https://csrc.nist.gov/glossary/term/federation_credential_service_provider","abbrSyn":[{"text":"Credential Service Provider"}],"definitions":[{"text":"A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. A CSP may be an independent third party or issue credentials for its own use.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential Service Provider "}]},{"text":"See Credential Service Provider.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"Federation Proxy","link":"https://csrc.nist.gov/glossary/term/federation_proxy","definitions":[{"text":"A component that acts as a logical RP to a set of IdPs and a logical IdP to a set of RPs, bridging the two systems with a single component. These are sometimes referred to as “brokers”.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"FedRAMP","link":"https://csrc.nist.gov/glossary/term/fedramp","abbrSyn":[{"text":"Federal Risk and Authorization Management Program","link":"https://csrc.nist.gov/glossary/term/federal_risk_and_authorization_management_program"}],"definitions":null},{"term":"FELICS","link":"https://csrc.nist.gov/glossary/term/felics","abbrSyn":[{"text":"Fair Evaluation of Lightweight Cryptographic Systems","link":"https://csrc.nist.gov/glossary/term/fair_evaluation_of_lightweight_cryptographic_systems"}],"definitions":null},{"term":"FEMA","link":"https://csrc.nist.gov/glossary/term/fema","abbrSyn":[{"text":"Federal Emergency Management Agency","link":"https://csrc.nist.gov/glossary/term/federal_emergency_management_agency"}],"definitions":null},{"term":"FERC","link":"https://csrc.nist.gov/glossary/term/ferc","abbrSyn":[{"text":"Federal Energy Regulatory Commission","link":"https://csrc.nist.gov/glossary/term/federal_energy_regulatory_commission"}],"definitions":null},{"term":"FFC","link":"https://csrc.nist.gov/glossary/term/ffc","abbrSyn":[{"text":"Finite Field Cryptography","link":"https://csrc.nist.gov/glossary/term/finite_field_cryptography"}],"definitions":[{"text":"Finite Field Cryptography, the public-key cryptographic methods using operations in a multiplicative group of a finite field.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Finite field cryptography.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]}]},{"term":"FFIEC","link":"https://csrc.nist.gov/glossary/term/ffiec","abbrSyn":[{"text":"Federal Financial Institutions Examination Council","link":"https://csrc.nist.gov/glossary/term/federal_financial_institutions_examination_council"}],"definitions":null},{"term":"FFMIA","link":"https://csrc.nist.gov/glossary/term/ffmia","abbrSyn":[{"text":"Federal Financial Management Improvement Act","link":"https://csrc.nist.gov/glossary/term/federal_financial_management_improvement_act"}],"definitions":null},{"term":"FFRDC","link":"https://csrc.nist.gov/glossary/term/ffrdc","abbrSyn":[{"text":"Federally Funded Research and Development Center","link":"https://csrc.nist.gov/glossary/term/federally_funded_research_and_development_center"}],"definitions":null},{"term":"FGS","link":"https://csrc.nist.gov/glossary/term/fgs","abbrSyn":[{"text":"Fire and Gas System","link":"https://csrc.nist.gov/glossary/term/fire_and_gas_system"}],"definitions":null},{"term":"FHE","link":"https://csrc.nist.gov/glossary/term/fhe","abbrSyn":[{"text":"Fully-Homomorphic Encryption","link":"https://csrc.nist.gov/glossary/term/fully_homomorphic_encryption"}],"definitions":null},{"term":"FHIR","link":"https://csrc.nist.gov/glossary/term/fhir","abbrSyn":[{"text":"Fast Healthcare Interoperability Resources","link":"https://csrc.nist.gov/glossary/term/fast_healthcare_interoperability_resources"}],"definitions":null},{"term":"FHSS","link":"https://csrc.nist.gov/glossary/term/fhss","abbrSyn":[{"text":"Frequency Hopping Spread Spectrum","link":"https://csrc.nist.gov/glossary/term/frequency_hopping_spread_spectrum"}],"definitions":null},{"term":"FHWA","link":"https://csrc.nist.gov/glossary/term/fhwa","abbrSyn":[{"text":"Federal Highway Administration","link":"https://csrc.nist.gov/glossary/term/federal_highway_administration"}],"definitions":null},{"term":"FIB","link":"https://csrc.nist.gov/glossary/term/fib","abbrSyn":[{"text":"Forwarding Information Base","link":"https://csrc.nist.gov/glossary/term/forwarding_information_base"}],"definitions":null},{"term":"Fibre-Channel","link":"https://csrc.nist.gov/glossary/term/fibre_channel","abbrSyn":[{"text":"FC","link":"https://csrc.nist.gov/glossary/term/fc"}],"definitions":null},{"term":"Fibre-Channel over Ethernet","link":"https://csrc.nist.gov/glossary/term/fibre_channel_over_ethernet","abbrSyn":[{"text":"FCoE","link":"https://csrc.nist.gov/glossary/term/fcoe"}],"definitions":null},{"term":"Fibre-Channel over IP","link":"https://csrc.nist.gov/glossary/term/fibre_channel_over_ip","abbrSyn":[{"text":"FCIP","link":"https://csrc.nist.gov/glossary/term/fcip"}],"definitions":null},{"term":"FICAM","link":"https://csrc.nist.gov/glossary/term/ficam","abbrSyn":[{"text":"Federal Identity, Credential, and Access Management","link":"https://csrc.nist.gov/glossary/term/federal_identity_credential_and_access_management"},{"text":"Federal Indentity, Credential, and Access Management"},{"text":"Federated Identity, Credential and Access Management","link":"https://csrc.nist.gov/glossary/term/federated_identity_credential_and_access_management"}],"definitions":null},{"term":"FICC","link":"https://csrc.nist.gov/glossary/term/ficc","abbrSyn":[{"text":"Federal Identity Credentialing Committee","link":"https://csrc.nist.gov/glossary/term/federal_identity_credentialing_committee"}],"definitions":null},{"term":"FIDO","link":"https://csrc.nist.gov/glossary/term/fido","abbrSyn":[{"text":"Fast Identities Online"},{"text":"Fast Identity Online"},{"text":"Fast IDentity Online","link":"https://csrc.nist.gov/glossary/term/fast_identity_online"}],"definitions":null},{"term":"Field Device","link":"https://csrc.nist.gov/glossary/term/field_device","definitions":[{"text":"Equipment that is connected to the field side on an ICS. Types of field devices include RTUs, PLCs, actuators, sensors, HMIs, and associated communications.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"term":"Field Programmable Gate Array","link":"https://csrc.nist.gov/glossary/term/field_programmable_gate_array","abbrSyn":[{"text":"FPGA","link":"https://csrc.nist.gov/glossary/term/fpga"}],"definitions":null},{"term":"Field Replacement Unit","link":"https://csrc.nist.gov/glossary/term/field_replacement_unit","abbrSyn":[{"text":"FRU","link":"https://csrc.nist.gov/glossary/term/fru"}],"definitions":null},{"term":"Field Site","link":"https://csrc.nist.gov/glossary/term/field_site","definitions":[{"text":"A subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"term":"Field Tamper Recovery","link":"https://csrc.nist.gov/glossary/term/field_tamper_recovery","abbrSyn":[{"text":"FTR","link":"https://csrc.nist.gov/glossary/term/ftr"}],"definitions":null},{"term":"FIFO","link":"https://csrc.nist.gov/glossary/term/fifo","abbrSyn":[{"text":"First In, First Out","link":"https://csrc.nist.gov/glossary/term/first_in_first_out"}],"definitions":null},{"term":"Fifth generation technology standard for broadband cellular networks","link":"https://csrc.nist.gov/glossary/term/fifth_generation_technology_standard_for_broadband_cellular_networks","abbrSyn":[{"text":"5G","link":"https://csrc.nist.gov/glossary/term/5g"}],"definitions":null},{"term":"File","link":"https://csrc.nist.gov/glossary/term/file","definitions":[{"text":"A collection of information logically grouped into a single entity and referenced by a unique name, such as a filename.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"File Allocation Table","link":"https://csrc.nist.gov/glossary/term/file_allocation_table","abbrSyn":[{"text":"FAT","link":"https://csrc.nist.gov/glossary/term/fat"}],"definitions":null},{"term":"File Allocation Unit","link":"https://csrc.nist.gov/glossary/term/file_allocation_unit","definitions":[{"text":"A group of contiguous sectors, also known as a cluster.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"File Header","link":"https://csrc.nist.gov/glossary/term/file_header","definitions":[{"text":"Data within a file that contains identifying information about the file and possibly metadata with information about the file contents.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"File Integrity Checking","link":"https://csrc.nist.gov/glossary/term/file_integrity_checking","definitions":[{"text":"Software that generates, stores, and compares message digests for files to detect changes made to the files.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]}]},{"term":"File Integrity Monitoring","link":"https://csrc.nist.gov/glossary/term/file_integrity_monitoring","abbrSyn":[{"text":"FIM","link":"https://csrc.nist.gov/glossary/term/fim"}],"definitions":null},{"term":"File Name Anomaly","link":"https://csrc.nist.gov/glossary/term/file_name_anomaly","definitions":[{"text":"A mismatch between the internal file header and it external extension; a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphics extension).","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"file protection","link":"https://csrc.nist.gov/glossary/term/file_protection","definitions":[{"text":"Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"file sharing services","link":"https://csrc.nist.gov/glossary/term/file_sharing_services","definitions":[{"text":"Services that include but are not limited to information sharing and access to information via web-based file sharing or storage.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"File Signature Anomaly","link":"https://csrc.nist.gov/glossary/term/file_signature_anomaly","definitions":[{"text":"A mismatch between the internal file header and its external file name extension; a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphics extension).","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"File Slack","link":"https://csrc.nist.gov/glossary/term/file_slack","definitions":[{"text":"Space between the logical end of the file and the end of the last allocation unit for that file.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"File System","link":"https://csrc.nist.gov/glossary/term/file_system","definitions":[{"text":"A software mechanism that defines the way that files are named, stored, organized, and accessed on logical volumes of partitioned memory.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"File Transfer Protocol over TLS","link":"https://csrc.nist.gov/glossary/term/file_transfer_protocol_over_tls","abbrSyn":[{"text":"FTPS","link":"https://csrc.nist.gov/glossary/term/ftps"}],"definitions":null},{"term":"File Transfer Protocol Secure","link":"https://csrc.nist.gov/glossary/term/file_transfer_protocol_secure","abbrSyn":[{"text":"FTPS","link":"https://csrc.nist.gov/glossary/term/ftps"}],"definitions":null},{"term":"Filename","link":"https://csrc.nist.gov/glossary/term/filename","definitions":[{"text":"A unique name used to reference a file.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Filesystem","link":"https://csrc.nist.gov/glossary/term/filesystem","definitions":[{"text":"A software mechanism that defines the way that files are named, stored, organized, and accessed on logical volumes of partitioned memory.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"A method for naming, storing, organizing, and accessing files on logical volumes.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Filesystem virtualization","link":"https://csrc.nist.gov/glossary/term/filesystem_virtualization","definitions":[{"text":"A form of virtualization that allows multiple containers to share the same physical storage without the ability to access or alter the storage of other containers.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"fill device","link":"https://csrc.nist.gov/glossary/term/fill_device","definitions":[{"text":"A COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment. The “Common Fill Devices” are the KYK-13, and KYK-15. Electronic fill devices include, but are not limited to, the DTD, SKL, SDS, and RASKI.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"FILS","link":"https://csrc.nist.gov/glossary/term/fils","abbrSyn":[{"text":"Fast Initial Link Setup","link":"https://csrc.nist.gov/glossary/term/fast_initial_link_setup"}],"definitions":null},{"term":"FIM","link":"https://csrc.nist.gov/glossary/term/fim","abbrSyn":[{"text":"File Integrity Monitoring","link":"https://csrc.nist.gov/glossary/term/file_integrity_monitoring"}],"definitions":null},{"term":"Final Checklist","link":"https://csrc.nist.gov/glossary/term/final_checklist","definitions":[{"text":"A checklist that has completed public review, has had all issues addressed by the checklist developer and NIST, and has been approved by NIST for listing on the repository.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Checklist approved by NIST for placement on the repository.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Final Checklist List (FCL)","link":"https://csrc.nist.gov/glossary/term/final_checklist_list","abbrSyn":[{"text":"FCL","link":"https://csrc.nist.gov/glossary/term/fcl"}],"definitions":[{"text":"The listing of all final checklists on the NIST repository.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Final Draft International Standard","link":"https://csrc.nist.gov/glossary/term/final_draft_international_standard","abbrSyn":[{"text":"FDIS","link":"https://csrc.nist.gov/glossary/term/fdis"}],"definitions":null},{"term":"Financial Audit Manual","link":"https://csrc.nist.gov/glossary/term/financial_audit_manual","abbrSyn":[{"text":"FAM","link":"https://csrc.nist.gov/glossary/term/fam"}],"definitions":null},{"term":"Financial Sector","link":"https://csrc.nist.gov/glossary/term/financial_sector","abbrSyn":[{"text":"FS","link":"https://csrc.nist.gov/glossary/term/fs"}],"definitions":null},{"term":"Fingerprint","link":"https://csrc.nist.gov/glossary/term/fingerprint","definitions":[{"text":"A hash value of a (public) key encoded into a string (e.g., into hexadecimal). Several fingerprint formats are in use by different SSH implementations.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Fingerprint segmentation","link":"https://csrc.nist.gov/glossary/term/fingerprint_segmentation","definitions":[{"text":"Segmentation is the automated (and often manually reviewed) separation of an image of N fingers into N images of individual fingers. N is usually four, for the index through little finger, and two for a capture of two thumbs.","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"Finite Field Cryptography","link":"https://csrc.nist.gov/glossary/term/finite_field_cryptography","abbrSyn":[{"text":"FFC","link":"https://csrc.nist.gov/glossary/term/ffc"}],"definitions":[{"text":"Finite Field Cryptography, the public-key cryptographic methods using operations in a multiplicative group of a finite field.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under FFC "}]},{"text":"Finite field cryptography.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under FFC "}]}]},{"term":"FIP","link":"https://csrc.nist.gov/glossary/term/fip","abbrSyn":[{"text":"FCoE Initialization Protocol","link":"https://csrc.nist.gov/glossary/term/fcoe_initialization_protocol"}],"definitions":null},{"term":"FIPPs","link":"https://csrc.nist.gov/glossary/term/fipps","abbrSyn":[{"text":"Fair Information Practice Principles","link":"https://csrc.nist.gov/glossary/term/fair_information_practice_principles"}],"definitions":[{"text":"Principles that are widely accepted in the United States and internationally as a general framework for privacy and that are reflected in various federal and international laws and policies. In a number of organizations, the principles serve as the basis for analyzing privacy risks and determining appropriate mitigation strategies.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Fair Information Practice Principles "}]},{"text":"a set of principles that have been developed world-wide since the 1970s that provide guidance to organizations in the handling of personal data","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under Fair Information Practice Principles "}]}]},{"term":"FIPS","link":"https://csrc.nist.gov/glossary/term/fips","abbrSyn":[{"text":"Federal Information Processing Standard"},{"text":"Federal Information Processing Standard(s)"},{"text":"Federal Information Processing Standards"}],"definitions":[{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology to achieve a common level of quality or some level of interoperability.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Federal Information Processing Standards "}]},{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Federal Information Processing Standard ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Federal Information Processing Standards ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]}]},{"text":"Federal Information Processing Standard.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]},{"text":"A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST. A standard in FIPS covers a specific topic in information technology to achieve a common level of quality or some level of interoperability.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under Federal Information Processing Standards "}]}]},{"term":"FIPS 140 security level","link":"https://csrc.nist.gov/glossary/term/fips_140_security_level","definitions":[{"text":"A metric of the security provided by a cryptographic module that is specified as Level 1, 2, 3, or 4, as specified in [FIPS 140], where Level 1 is the lowest level, and Level 4 is the highest level.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"FIPS PUB","link":"https://csrc.nist.gov/glossary/term/fips_pub","abbrSyn":[{"text":"Federal Information Processing Standard Publication"},{"text":"FIPS Publication","link":"https://csrc.nist.gov/glossary/term/fips_publication"}],"definitions":[{"text":"Federal Information Processing Standard Publication","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"FIPS-validated cryptography","link":"https://csrc.nist.gov/glossary/term/fips_validated_cryptography","definitions":[{"text":"A cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in FIPS Publication 140-2 (as amended). As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP). See NSA-Approved Cryptography.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under FIPS-Validated Cryptography "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in FIPS Publication 140-3 (as amended). As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP). See NSA-approved cryptography.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}],"seeAlso":[{"text":"NSA-Approved Cryptography"}]},{"term":"Fire and Gas System","link":"https://csrc.nist.gov/glossary/term/fire_and_gas_system","abbrSyn":[{"text":"FGS","link":"https://csrc.nist.gov/glossary/term/fgs"}],"definitions":null},{"term":"FIREFLY","link":"https://csrc.nist.gov/glossary/term/firefly","definitions":[{"text":"Key management protocol based on public key cryptography.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"FIREFLY credential manager","link":"https://csrc.nist.gov/glossary/term/firefly_credential_manager","definitions":[{"text":"The key management entity (KME) responsible for removing outdated modern key credentials from the directory servers.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Firepower Management Center","link":"https://csrc.nist.gov/glossary/term/firepower_management_center","abbrSyn":[{"text":"FMC","link":"https://csrc.nist.gov/glossary/term/fmc"}],"definitions":null},{"term":"Firepower Threat Defense","link":"https://csrc.nist.gov/glossary/term/firepower_threat_defense","abbrSyn":[{"text":"FTD","link":"https://csrc.nist.gov/glossary/term/ftd"}],"definitions":null},{"term":"firewall","link":"https://csrc.nist.gov/glossary/term/firewall","definitions":[{"text":"An inter-network connection device that restricts data communication traffic between two connected networks. A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance), which forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are open.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Firewall ","refSources":[{"text":"ISA-62443-1-1"}]}]},{"text":"A gateway that limits access between networks in accordance with local security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Firewall ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Firewall ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"Gateway that limits access between networks in accordance with local security policy.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Firewall ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"An inter-network gateway that restricts data communication traffic to and from one of the connected networks (the one said to be “inside” the firewall) and thus protects that network’s system resources against threats from the other network (the one that is said to be “outside” the firewall).","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Firewall ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Firewall ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"A part of a computer system or network that is designed to block unauthorized access while permitting outward communication.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Firewall "},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Firewall ","refSources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Firewall ","refSources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"text":"A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1","underTerm":" under Firewall "}]},{"text":"A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Firewall "}]},{"text":"A firewall is a device that has a network protection application installed to safeguard the network from intentional or unintentional intrusion. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The term “firewall” is derived from the process in which, by segmenting a network into different physical subnetworks, the firewalls limit damage that could spread from one subnet to another, acting in the same manner as fire doors or firewalls in automobiles.","sources":[{"text":"NIST SP 800-35","link":"https://doi.org/10.6028/NIST.SP.800-35"}]},{"text":"A system designed to prevent unauthorized accesses to or from a private network. Often used to prevent Internet users from accessing private networks connected to the Internet.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Firewall "}]}]},{"term":"Firewall Control Proxy","link":"https://csrc.nist.gov/glossary/term/firewall_control_proxy","definitions":[{"text":"component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"FIRMR","link":"https://csrc.nist.gov/glossary/term/firmr","abbrSyn":[{"text":"Federal Resource Management Regulation","link":"https://csrc.nist.gov/glossary/term/federal_resource_management_regulation"}],"definitions":null},{"term":"firmware","link":"https://csrc.nist.gov/glossary/term/firmware","abbrSyn":[{"text":"hardware","link":"https://csrc.nist.gov/glossary/term/hardware"},{"text":"software","link":"https://csrc.nist.gov/glossary/term/software"}],"definitions":[{"text":"See hardware and software.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Firmware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer programs and associated data that may be dynamically written or modified during execution.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The material physical components of a system. See software and firmware.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under hardware "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under hardware "},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under hardware "}]},{"text":"The material physical components of an information system. See firmware and software.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under hardware ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under software ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Software that is included in read-only memory (ROM).","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147","underTerm":" under Firmware "},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B","underTerm":" under Firmware "}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer programs and data stored in hardware—typically in read-only memory (ROM) or programmable read-only memory (PROM)—such that programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"Software program or set of instructions programmed on the flash ROM of a hardware device. It provides the necessary instructions for how the device communicates with the other computer hardware.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Firmware ","refSources":[{"text":"TechTerms.com","link":"https://techterms.com/"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Firmware ","refSources":[{"text":"TechTerms.com","link":"https://techterms.com/"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Firmware ","refSources":[{"text":"TechTerms.com","link":"https://techterms.com/"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Firmware ","refSources":[{"text":"TechTerms.com","link":"https://techterms.com/"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Firmware ","refSources":[{"text":"TechTerms.com","link":"https://techterms.com/"}]}]},{"text":"The physical components of a system. See Software and Firmware.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under hardware "}]}],"seeAlso":[{"text":"hardware","link":"hardware"},{"text":"Hardware"}]},{"term":"FIRST","link":"https://csrc.nist.gov/glossary/term/first","abbrSyn":[{"text":"Forum for Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/forum_for_incident_response_and_security_teams"},{"text":"Forum for Incident Response Teams","link":"https://csrc.nist.gov/glossary/term/forum_for_incident_response_teams"},{"text":"Forum of Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/forum_of_incident_response_and_security_teams"}],"definitions":null},{"term":"First byte of a two-byte status word","link":"https://csrc.nist.gov/glossary/term/first_byte_of_a_two_byte_status_word","abbrSyn":[{"text":"SW1","link":"https://csrc.nist.gov/glossary/term/sw1"}],"definitions":null},{"term":"First In, First Out","link":"https://csrc.nist.gov/glossary/term/first_in_first_out","abbrSyn":[{"text":"FIFO","link":"https://csrc.nist.gov/glossary/term/fifo"}],"definitions":null},{"term":"First responder","link":"https://csrc.nist.gov/glossary/term/first_responder","definitions":[{"text":"A person who provides a rapid initial response to any IT incident or event that may require further investigation. Examples of such events include security threats, cyber-attacks and other illegal activities.","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006"}]}]},{"term":"First Responder Network Authority","link":"https://csrc.nist.gov/glossary/term/first_responder_network_authority","abbrSyn":[{"text":"FirstNet","link":"https://csrc.nist.gov/glossary/term/firstnet"}],"definitions":null},{"term":"FirstNet","link":"https://csrc.nist.gov/glossary/term/firstnet","abbrSyn":[{"text":"First Responder Network Authority","link":"https://csrc.nist.gov/glossary/term/first_responder_network_authority"}],"definitions":null},{"term":"fiscal optimization","link":"https://csrc.nist.gov/glossary/term/fiscal_optimization","definitions":[{"text":"A straightforward ranking of risks in descending order from most impactful to least. Risk managers tally the total risk response costs until funding is exhausted.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"Fiscal Year","link":"https://csrc.nist.gov/glossary/term/fiscal_year","abbrSyn":[{"text":"FY","link":"https://csrc.nist.gov/glossary/term/fy"}],"definitions":null},{"term":"FISCAM","link":"https://csrc.nist.gov/glossary/term/fiscam","abbrSyn":[{"text":"Federal Information System Controls Audit Manual","link":"https://csrc.nist.gov/glossary/term/federal_information_system_controls_audit_manual"}],"definitions":null},{"term":"FISMA","link":"https://csrc.nist.gov/glossary/term/fisma","abbrSyn":[{"text":"Federal Information Security Management Act"},{"text":"Federal Information Security Management Act of 2002"},{"text":"Federal Information Security Management/Modernization Act"},{"text":"Federal Information Security Modernization Act"},{"text":"Federal Information Systems Management Act"}],"definitions":null},{"term":"FISSEA","link":"https://csrc.nist.gov/glossary/term/fissea","abbrSyn":[{"text":"Federal Information Systems Security Educators’ Association","link":"https://csrc.nist.gov/glossary/term/federal_information_systems_security_educators_association"}],"definitions":[{"text":"theFederal Information Systems Security Educator’s Association, an organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Fit for purpose","link":"https://csrc.nist.gov/glossary/term/fit_for_purpose","definitions":[{"text":"Used informally to describe a process, configuration item, IT service, etc., that is capable of meeting its objectives or service levels. Being fit for purpose requires suitable design, implementation, control, and maintenance.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ITIL Service Strategy","note":" - adapted"}]}]},{"text":"Fit for purpose is used informally to describe a process, configuration item, IT service, etc., that is capable of meeting its objectives or service levels. Being fit for purpose requires suitable design, implementation, control, and maintenance.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"ITIL Service Strategy","note":" - Adapted"}]}]}]},{"term":"FITSAF","link":"https://csrc.nist.gov/glossary/term/fitsaf","abbrSyn":[{"text":"Federal Information Technology Security Assessment Framework","link":"https://csrc.nist.gov/glossary/term/federal_information_technology_security_assessment_framework"}],"definitions":null},{"term":"fixed COMSEC facility","link":"https://csrc.nist.gov/glossary/term/fixed_comsec_facility","definitions":[{"text":"COMSEC facility located in an immobile structure or aboard a ship.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Fixed Dialing Numbers","link":"https://csrc.nist.gov/glossary/term/fixed_dialing_numbers","definitions":[{"text":"a set of phone numbers kept on the SIM that the phone can call exclusively of any others (i.e., all other numbers are disallowed).","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Fixed Field","link":"https://csrc.nist.gov/glossary/term/fixed_field","definitions":[{"text":"In the deterministic construction of IVs, the field that identifies the device or context for the instance of the authenticated encryption function.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Fixed Virtual Platform","link":"https://csrc.nist.gov/glossary/term/fixed_virtual_platform","abbrSyn":[{"text":"FVP","link":"https://csrc.nist.gov/glossary/term/fvp"}],"definitions":null},{"term":"Flapping","link":"https://csrc.nist.gov/glossary/term/flapping","definitions":[{"text":"A situation in which BGP sessions are repeatedly dropped and restarted, normally as a result of line or router problems.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Flash ROM","link":"https://csrc.nist.gov/glossary/term/flash_rom","definitions":[{"text":"Non-volatile memory that is writable.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"flaw","link":"https://csrc.nist.gov/glossary/term/flaw","definitions":[{"text":"Imperfection or defect.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"FLETC","link":"https://csrc.nist.gov/glossary/term/fletc","abbrSyn":[{"text":"Federal Law Enforcement Training Center","link":"https://csrc.nist.gov/glossary/term/federal_law_enforcement_training_center"}],"definitions":null},{"term":"Flexible Open source workBench fOr Side-channel analysis","link":"https://csrc.nist.gov/glossary/term/flexible_open_source_workbench_for_side_channel_analysis","abbrSyn":[{"text":"FOBOS","link":"https://csrc.nist.gov/glossary/term/fobos"}],"definitions":null},{"term":"flooding","link":"https://csrc.nist.gov/glossary/term/flooding","definitions":[{"text":"An attack that attempts to cause a failure in a system by providing more input than the system can process properly.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"An attack in which an attacker sends large numbers of wireless messages at a high rate to prevent the wireless network from processing legitimate traffic.","sources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]","underTerm":" under Flooding "}]}]},{"term":"Florida Association of Computer Crime Investigators","link":"https://csrc.nist.gov/glossary/term/florida_association_of_computer_crime_investigators","abbrSyn":[{"text":"FACCI","link":"https://csrc.nist.gov/glossary/term/facci"}],"definitions":null},{"term":"Flow Specification","link":"https://csrc.nist.gov/glossary/term/flow_specification","abbrSyn":[{"text":"Flowspec","link":"https://csrc.nist.gov/glossary/term/flowspec"}],"definitions":null},{"term":"Flowspec","link":"https://csrc.nist.gov/glossary/term/flowspec","abbrSyn":[{"text":"Flow Specification","link":"https://csrc.nist.gov/glossary/term/flow_specification"}],"definitions":null},{"term":"Fluhrer-Mantin-Shamir","link":"https://csrc.nist.gov/glossary/term/fluhrer_mantin_shamir","abbrSyn":[{"text":"FMS","link":"https://csrc.nist.gov/glossary/term/fms"}],"definitions":null},{"term":"FM","link":"https://csrc.nist.gov/glossary/term/fm","abbrSyn":[{"text":"Frequency Modulation","link":"https://csrc.nist.gov/glossary/term/frequency_modulation"}],"definitions":null},{"term":"FMC","link":"https://csrc.nist.gov/glossary/term/fmc","abbrSyn":[{"text":"Firepower Management Center","link":"https://csrc.nist.gov/glossary/term/firepower_management_center"}],"definitions":null},{"term":"FMCSA","link":"https://csrc.nist.gov/glossary/term/fmcsa","abbrSyn":[{"text":"Federal Motor Carrier Safety Administration","link":"https://csrc.nist.gov/glossary/term/federal_motor_carrier_safety_administration"}],"definitions":null},{"term":"FMEA","link":"https://csrc.nist.gov/glossary/term/fmea","abbrSyn":[{"text":"Failure Mode Effects Analysis","link":"https://csrc.nist.gov/glossary/term/failure_mode_effects_analysis"}],"definitions":null},{"term":"FMECA","link":"https://csrc.nist.gov/glossary/term/fmeca","abbrSyn":[{"text":"Failure Modes, Effects, and Criticality Analysis","link":"https://csrc.nist.gov/glossary/term/failure_modes_effects_and_criticality_analysis"}],"definitions":null},{"term":"FMFIA","link":"https://csrc.nist.gov/glossary/term/fmfia","abbrSyn":[{"text":"Federal Managers Financial Integrity Act","link":"https://csrc.nist.gov/glossary/term/federal_managers_financial_integrity_act"}],"definitions":null},{"term":"FMR","link":"https://csrc.nist.gov/glossary/term/fmr","abbrSyn":[{"text":"False Match Rate"}],"definitions":[{"text":"False Match Rate (defined over single comparisons)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"FMS","link":"https://csrc.nist.gov/glossary/term/fms","abbrSyn":[{"text":"Fluhrer-Mantin-Shamir","link":"https://csrc.nist.gov/glossary/term/fluhrer_mantin_shamir"}],"definitions":null},{"term":"F-NFT","link":"https://csrc.nist.gov/glossary/term/f_nft","abbrSyn":[{"text":"Fractionalized non-Fungible Token","link":"https://csrc.nist.gov/glossary/term/fractionalized_non_fungible_token"}],"definitions":null},{"term":"FNMR","link":"https://csrc.nist.gov/glossary/term/fnmr","abbrSyn":[{"text":"False Non-Match Rate","link":"https://csrc.nist.gov/glossary/term/false_non_match_rate"}],"definitions":[{"text":"False Non-Match Rate (defined over single comparisons)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"FOBOS","link":"https://csrc.nist.gov/glossary/term/fobos","abbrSyn":[{"text":"Flexible Open source workBench fOr Side-channel analysis","link":"https://csrc.nist.gov/glossary/term/flexible_open_source_workbench_for_side_channel_analysis"}],"definitions":null},{"term":"Focal Document","link":"https://csrc.nist.gov/glossary/term/focal_document","definitions":[{"text":"A NIST document that is used as the basis for comparing its elements with elements from another document. Examples of Focal Documents include the Cybersecurity Framework version 2.0, the Privacy Framework version 1.0, and SP 800-53 Revision 5.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"A source document that is used as the basis for comparing an element with an element from another document. As of this writing, the National OLIR Program has three Focal Documents: the Cybersecurity Framework version 1.1, the Privacy Framework version 1.0, and SP 800-53 Rev. 4.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"}]},{"text":"A source document that is used as the basis for comparing an element with an element from another document. As of this writing, the OLIR Program has three Focal Documents: the Cybersecurity Framework version 1.1, the Privacy Framework version 1.0, and SP 800-53 Rev. 4.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Focal Document Element","link":"https://csrc.nist.gov/glossary/term/focal_document_element","definitions":[{"text":"A discrete section, sentence, phrase, or other identifiable piece of content from a Focal Document.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"Any number and combination of organizational concepts (e.g., Functions, Categories, Subcategories, Controls, Control Enhancements) of a Focal Document.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"FOCI","link":"https://csrc.nist.gov/glossary/term/foci","abbrSyn":[{"text":"Foreign Owned, Controlled or Influenced","link":"https://csrc.nist.gov/glossary/term/foreign_owned_controlled_or_influenced"},{"text":"Foreign Ownership, Control, or Influence","link":"https://csrc.nist.gov/glossary/term/foreign_ownership_control_or_influence"}],"definitions":null},{"term":"focused observation","link":"https://csrc.nist.gov/glossary/term/focused_observation","definitions":[{"text":"The act of directed (focused) attention to a party or parties alleged to have violated Department/Agency (D/A) acceptable use' policies and agreements for NSS. The alleged violation may be caused by the aggregation of triggers indicating anomalous activity on a National Security System (NSS). The violation thresholds are arrived at by trigger events that meet established thresholds of anomalous activity or the observed violation of 'acceptable use' policies.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"focused testing","link":"https://csrc.nist.gov/glossary/term/focused_testing","abbrSyn":[{"text":"gray box testing","link":"https://csrc.nist.gov/glossary/term/gray_box_testing"},{"text":"Gray Box Testing"}],"definitions":[{"text":"A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Focused Testing "}]},{"text":"See focused testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under gray box testing "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Gray Box Testing "}]}]},{"term":"FOIA","link":"https://csrc.nist.gov/glossary/term/foia","abbrSyn":[{"text":"Freedom of Information Act","link":"https://csrc.nist.gov/glossary/term/freedom_of_information_act"},{"text":"Freedom Of Information Act"}],"definitions":null},{"term":"Food and Drug Administration","link":"https://csrc.nist.gov/glossary/term/food_and_drug_administration","abbrSyn":[{"text":"FDA","link":"https://csrc.nist.gov/glossary/term/fda"}],"definitions":null},{"term":"FOP","link":"https://csrc.nist.gov/glossary/term/fop","abbrSyn":[{"text":"Faulty Operation","link":"https://csrc.nist.gov/glossary/term/faulty_operation"}],"definitions":null},{"term":"For Official Use Only","link":"https://csrc.nist.gov/glossary/term/for_official_use_only","abbrSyn":[{"text":"FOUO","link":"https://csrc.nist.gov/glossary/term/fouo"}],"definitions":null},{"term":"Forbidden PLMNs","link":"https://csrc.nist.gov/glossary/term/forbidden_plmns","definitions":[{"text":"A list of Public Land Mobile Networks (PLMNs) maintained on the SIM that the mobile phone cannot automatically contact, usually because service was declined by a foreign provider.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a list of Public Land Mobile Networks (PLMNs) maintained on the SIM that the phone cannot automatically contact, usually because service was declined by a foreign provider.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Forced Command","link":"https://csrc.nist.gov/glossary/term/forced_command","definitions":[{"text":"A restriction configured for an authorized key that prevents executing  commands other than the specified command when logging in using the key. In some SSH implementations, forced command can be configured by using a \"command=\" restriction in an authorized keys file.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"forced ranking optimization","link":"https://csrc.nist.gov/glossary/term/forced_ranking_optimization","definitions":[{"text":"Prioritizing risks in the way that will best use available resources to achieve the maximum benefit given specific negative and positive consequences. Various business drivers and risk consequences have differing weights for developing a score, helping to move beyond the simplistic “threat multiplied by vulnerability” approach to build business objectives into that equation. Because these factors and their weights are based on business drivers, the factors should be defined by senior stakeholders but can be applied at all levels of the enterprise, subject to adjustment and refinement. Notably, while forced ranking is often the default method of optimization, the methods above are equally valid and beneficial to the enterprise.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"Foreign Owned, Controlled or Influenced","link":"https://csrc.nist.gov/glossary/term/foreign_owned_controlled_or_influenced","abbrSyn":[{"text":"FOCI","link":"https://csrc.nist.gov/glossary/term/foci"}],"definitions":null},{"term":"Foreign Ownership, Control, or Influence","link":"https://csrc.nist.gov/glossary/term/foreign_ownership_control_or_influence","abbrSyn":[{"text":"FOCI","link":"https://csrc.nist.gov/glossary/term/foci"}],"definitions":null},{"term":"Forensic and Incident Response Environment","link":"https://csrc.nist.gov/glossary/term/forensic_and_incident_response_environment","abbrSyn":[{"text":"F.I.R.E.","link":"https://csrc.nist.gov/glossary/term/f_i_r_e_"}],"definitions":null},{"term":"Forensic Challenge","link":"https://csrc.nist.gov/glossary/term/forensic_challenge","abbrSyn":[{"text":"FC","link":"https://csrc.nist.gov/glossary/term/fc"}],"definitions":null},{"term":"forensic copy","link":"https://csrc.nist.gov/glossary/term/forensic_copy","definitions":[{"text":"An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Forensic Copy "}]},{"text":"A bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Forensic Copy "}]}]},{"term":"Forensic examiner","link":"https://csrc.nist.gov/glossary/term/forensic_examiner","definitions":[{"text":"A person who is an expert in acquiring, preserving, analyzing, and presenting digital evidence from computers and other digital media. This evidence may be related to computer-based and non-cyber crimes, including security threats, cyber-attacks, and other illegal activities.","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006"}]}]},{"term":"Forensic science","link":"https://csrc.nist.gov/glossary/term/forensic_science","definitions":[{"text":"The application of science to the law.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Forensic Science "}]},{"text":"The use or application of scientific knowledge to a point of law, especially as it applies to the investigation of crime","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"SWDGE v2.0","link":"https://drive.google.com/file/d/1OBux0n7VZQe7HSgObwAtmhz5LgwvX0oY/view"}]}]}]},{"term":"Forensic Specialist","link":"https://csrc.nist.gov/glossary/term/forensic_specialist","definitions":[{"text":"Locates, identifies, collects, analyzes, and examines data, while preserving the integrity and maintaining a strict chain of custody of information discovered.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"Locates, identifies, collects, analyzes and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Forensically Clean","link":"https://csrc.nist.gov/glossary/term/forensically_clean","definitions":[{"text":"Digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"forensics","link":"https://csrc.nist.gov/glossary/term/forensics","definitions":[{"text":"The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Fork","link":"https://csrc.nist.gov/glossary/term/fork","definitions":[{"text":"A change to blockchain network’s software (usually the consensus algorithm). The changes may be backwards compatible - see Soft Fork, or the changes may not be backwards compatible - see Hard Fork.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Form Factor","link":"https://csrc.nist.gov/glossary/term/form_factor","definitions":[{"text":"The physical characteristics of a device or object including its size, shape, packaging, handling, and weight.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"formal access approval","link":"https://csrc.nist.gov/glossary/term/formal_access_approval","definitions":[{"text":"A formalization of the security determination for authorizing access to a specific type of classified or controlled unclassified information (CUI) categories or subcategories based on specified access requirements, a determination of the individual’s security eligibility, and a determination that the individual’s official duties require the individual be provided access to the information. \nNote: Providing access to, or transferring, CUI is based on Lawful Government Purpose unless such access is further restricted by law, regulation, or government wide policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"formal method","link":"https://csrc.nist.gov/glossary/term/formal_method","definitions":[{"text":"Software engineering method used to specify, develop, and verify the software through application of a rigorous mathematically based notation and language.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"Guide to the Software Engineering Body of Knowledge","link":"https://www.computer.org/web/swebok"}]}]}]},{"term":"formal verification","link":"https://csrc.nist.gov/glossary/term/formal_verification","definitions":[{"text":"A systematic process that uses mathematical reasoning and mathematical proofs (i.e., formal methods in mathematics) to verify that the system satisfies its desired properties, behavior, or specification (i.e., the system implementation is a faithful representation of the design).","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Format","link":"https://csrc.nist.gov/glossary/term/format","definitions":[{"text":"Pre-established layout for data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Format-Preserving Encryption","link":"https://csrc.nist.gov/glossary/term/format_preserving_encryption","abbrSyn":[{"text":"FPE","link":"https://csrc.nist.gov/glossary/term/fpe"}],"definitions":null},{"term":"Formatting Function","link":"https://csrc.nist.gov/glossary/term/formatting_function","definitions":[{"text":"The function that transforms the payload, associated data, and nonce into a sequence of complete blocks.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Forum for Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/forum_for_incident_response_and_security_teams","abbrSyn":[{"text":"FIRST","link":"https://csrc.nist.gov/glossary/term/first"}],"definitions":null},{"term":"Forum for Incident Response Teams","link":"https://csrc.nist.gov/glossary/term/forum_for_incident_response_teams","abbrSyn":[{"text":"FIRST","link":"https://csrc.nist.gov/glossary/term/first"}],"definitions":null},{"term":"Forum of Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/forum_of_incident_response_and_security_teams","abbrSyn":[{"text":"FIRST","link":"https://csrc.nist.gov/glossary/term/first"}],"definitions":null},{"term":"Forward Channel","link":"https://csrc.nist.gov/glossary/term/forward_channel","definitions":[{"text":"The channel on which a reader transmits its signals.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Forward Cipher Function","link":"https://csrc.nist.gov/glossary/term/forward_cipher_function","definitions":[{"text":"One of the two functions of the block cipher algorithm that is selected by the cryptographic key.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Forward Cipher Function (Forward Cipher Operation) "}]},{"text":"A permutation on blocks that is determined by the choice of a key for a given block cipher.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"The permutation of blocks that is determined by the choice of a block cipher and a key.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under forward transformation "}]},{"text":"One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Forward Cipher Operation/Forward Transformation "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Forward Cipher Operation/Forward Transformation "}]}]},{"term":"Forwarding Information Base","link":"https://csrc.nist.gov/glossary/term/forwarding_information_base","abbrSyn":[{"text":"FIB","link":"https://csrc.nist.gov/glossary/term/fib"}],"definitions":null},{"term":"FOSS","link":"https://csrc.nist.gov/glossary/term/foss","abbrSyn":[{"text":"Free and Open-Source Software","link":"https://csrc.nist.gov/glossary/term/free_and_open_source_software"}],"definitions":null},{"term":"Foundational Defect Checks","link":"https://csrc.nist.gov/glossary/term/foundational_defect_checks","definitions":[{"text":"Defect checks that expose ineffectiveness of controls that are fundamental to the purposes of the capability (e.g., HWAM, or SWAM, or Configuration Setting Management) in which the defect check appears.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services","link":"https://csrc.nist.gov/glossary/term/foundational_pnt_profile","abbrSyn":[{"text":"PNT Profile","link":"https://csrc.nist.gov/glossary/term/pnt_profile"}],"definitions":null},{"term":"FOUO","link":"https://csrc.nist.gov/glossary/term/fouo","abbrSyn":[{"text":"For Official Use Only","link":"https://csrc.nist.gov/glossary/term/for_official_use_only"}],"definitions":null},{"term":"FPC","link":"https://csrc.nist.gov/glossary/term/fpc","abbrSyn":[{"text":"Federal Preparedness Circular","link":"https://csrc.nist.gov/glossary/term/federal_preparedness_circular"}],"definitions":null},{"term":"FPE","link":"https://csrc.nist.gov/glossary/term/fpe","abbrSyn":[{"text":"Format-Preserving Encryption","link":"https://csrc.nist.gov/glossary/term/format_preserving_encryption"}],"definitions":null},{"term":"FPF","link":"https://csrc.nist.gov/glossary/term/fpf","abbrSyn":[{"text":"Future of Privacy Forum","link":"https://csrc.nist.gov/glossary/term/future_of_privacy_forum"}],"definitions":null},{"term":"FPGA","link":"https://csrc.nist.gov/glossary/term/fpga","abbrSyn":[{"text":"Field Programmable Gate Array","link":"https://csrc.nist.gov/glossary/term/field_programmable_gate_array"},{"text":"field-programmable gate array"},{"text":"Field-Programmable Gate Array"}],"definitions":null},{"term":"FP-uRPF","link":"https://csrc.nist.gov/glossary/term/fp_urpf","abbrSyn":[{"text":"Feasible Path Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/feasible_path_unicast_reverse_path_forwarding"}],"definitions":null},{"term":"FQDN","link":"https://csrc.nist.gov/glossary/term/fqdn","abbrSyn":[{"text":"Fully Qualified Domain Name","link":"https://csrc.nist.gov/glossary/term/fully_qualified_domain_name"}],"definitions":[{"text":"An unambiguous identifier that contains every domain level, including the top-level domain.","sources":[{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Fully Qualified Domain Name "}]}]},{"term":"FRA","link":"https://csrc.nist.gov/glossary/term/fra","abbrSyn":[{"text":"Federal Railroad Administration","link":"https://csrc.nist.gov/glossary/term/federal_railroad_administration"}],"definitions":null},{"term":"Fractionalized non-Fungible Token","link":"https://csrc.nist.gov/glossary/term/fractionalized_non_fungible_token","abbrSyn":[{"text":"F-NFT","link":"https://csrc.nist.gov/glossary/term/f_nft"}],"definitions":null},{"term":"Frame Check Sequence","link":"https://csrc.nist.gov/glossary/term/frame_check_sequence","abbrSyn":[{"text":"FCS","link":"https://csrc.nist.gov/glossary/term/fcs"}],"definitions":null},{"term":"Framework Core","link":"https://csrc.nist.gov/glossary/term/framework_core","definitions":[{"text":"A set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The Framework Core comprises four types of elements: Functions, Categories, Subcategories, and Informative References.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"term":"Framework Implementation Tier","link":"https://csrc.nist.gov/glossary/term/framework_implementation_tier","definitions":[{"text":"A lens through which to view the characteristics of an organization’s approach to risk—how an organization views cybersecurity risk and the processes in place to manage that risk.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"term":"Framework Profile","link":"https://csrc.nist.gov/glossary/term/framework_profile","definitions":[{"text":"A representation of the outcomes that a particular system or organization has selected from the Framework Categories and Subcategories.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"term":"Free and Open-Source Software","link":"https://csrc.nist.gov/glossary/term/free_and_open_source_software","abbrSyn":[{"text":"FOSS","link":"https://csrc.nist.gov/glossary/term/foss"}],"definitions":null},{"term":"Free Field","link":"https://csrc.nist.gov/glossary/term/free_field","definitions":[{"text":"In the RBG-based construction of IVs, the field whose contents are not restricted.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Free Space","link":"https://csrc.nist.gov/glossary/term/free_space","definitions":[{"text":"An area on media or within memory that is not allocated.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Freedom of Information Act","link":"https://csrc.nist.gov/glossary/term/freedom_of_information_act","abbrSyn":[{"text":"FOIA","link":"https://csrc.nist.gov/glossary/term/foia"}],"definitions":null},{"term":"French Security Incident Response Team","link":"https://csrc.nist.gov/glossary/term/french_security_incident_response_team","abbrSyn":[{"text":"FrSIRT","link":"https://csrc.nist.gov/glossary/term/frsirt"}],"definitions":null},{"term":"frequency","link":"https://csrc.nist.gov/glossary/term/frequency","definitions":[{"text":"The rate of a repetitive event. If T is the period of a repetitive event, then the frequency f is its reciprocal, 1/T. Conversely, the period is the reciprocal of the frequency, T = 1 / f. Because the period is a time interval expressed in seconds (s), it is easy to see the close relationship between time interval and frequency. The standard unit for frequency is the hertz (Hz), defined as the number of events or cycles per second. The frequency of electrical signals is often measured in multiples of hertz, including kilohertz (kHz), megahertz (MHz), or gigahertz (GHz).","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"frequency accuracy","link":"https://csrc.nist.gov/glossary/term/frequency_accuracy","definitions":[{"text":"The degree of conformity of a measured or calculated frequency to its definition. Because accuracy is related to the offset from an ideal value, frequency accuracy is usually stated in terms of the frequency offset.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"frequency drift","link":"https://csrc.nist.gov/glossary/term/frequency_drift","definitions":[{"text":"An undesired progressive change in frequency with time. Frequency drift can be caused by instability in the oscillator and environmental changes, although it is often hard to distinguish between drift and oscillator aging. Frequency drift may be in either direction (resulting in a higher or lower frequency) and is not necessarily linear.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"frequency hopping","link":"https://csrc.nist.gov/glossary/term/frequency_hopping","definitions":[{"text":"Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Frequency Hopping Spread Spectrum","link":"https://csrc.nist.gov/glossary/term/frequency_hopping_spread_spectrum","abbrSyn":[{"text":"FHSS","link":"https://csrc.nist.gov/glossary/term/fhss"}],"definitions":null},{"term":"Frequency Modulation","link":"https://csrc.nist.gov/glossary/term/frequency_modulation","abbrSyn":[{"text":"FM","link":"https://csrc.nist.gov/glossary/term/fm"}],"definitions":null},{"term":"frequency offset","link":"https://csrc.nist.gov/glossary/term/frequency_offset","definitions":[{"text":"[See source document for the complete definition.]","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"frequency stability","link":"https://csrc.nist.gov/glossary/term/frequency_stability","definitions":[{"text":"The degree to which an oscillating signal produces the same frequency for a specified interval of time. It is important to note the time interval—some devices have good short-term stability while others have good long-term stability. Stability does not determine whether the frequency of a signal is right or wrong. It only indicates whether that frequency stays the same. The Allan deviation is the most common metric used to estimate frequency stability, but several similar statistics are also used.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Frequently Asked Questions","link":"https://csrc.nist.gov/glossary/term/frequently_asked_questions","abbrSyn":[{"text":"FAQ","link":"https://csrc.nist.gov/glossary/term/faq"}],"definitions":null},{"term":"Fresh","link":"https://csrc.nist.gov/glossary/term/fresh","definitions":[{"text":"For a newly generated key, the property of being unequal to any previously used key.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"Newly established keying material is considered to be fresh if the probability of being equal to any previously established keying material is acceptably small. The “acceptably small probability” may be application specific.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Newly established secret keying material that is statistically independent of any previously established keying material.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Newly established keying material is considered to be fresh if the probability of being equal to any previously established keying material is acceptably small. The acceptably small probability may be application specific.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Fresh Entropy","link":"https://csrc.nist.gov/glossary/term/fresh_entropy","definitions":[{"text":"A bitstring output from an entropy source, an NRBG or a DRBG that has access to a Live Entropy Source that is being used to provide prediction resistance.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"FRN","link":"https://csrc.nist.gov/glossary/term/frn","abbrSyn":[{"text":"Federal Network Resiliency","link":"https://csrc.nist.gov/glossary/term/federal_network_resiliency"},{"text":"Federal Register Notice","link":"https://csrc.nist.gov/glossary/term/federal_register_notice"}],"definitions":null},{"term":"Front-Channel Communication","link":"https://csrc.nist.gov/glossary/term/front_channel_communication","definitions":[{"text":"Communication between two systems that relies on redirects through an intermediary such as a browser. This is normally accomplished by appending HTTP query parameters to URLs hosted by the receiver of the message.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"FRR","link":"https://csrc.nist.gov/glossary/term/frr","abbrSyn":[{"text":"False Reject Rate"}],"definitions":[{"text":"False Reject Rate (defined over an authentication transaction)","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"FrSIRT","link":"https://csrc.nist.gov/glossary/term/frsirt","abbrSyn":[{"text":"French Security Incident Response Team","link":"https://csrc.nist.gov/glossary/term/french_security_incident_response_team"}],"definitions":null},{"term":"FRU","link":"https://csrc.nist.gov/glossary/term/fru","abbrSyn":[{"text":"Field Replacement Unit","link":"https://csrc.nist.gov/glossary/term/field_replacement_unit"}],"definitions":null},{"term":"FRVT","link":"https://csrc.nist.gov/glossary/term/frvt","abbrSyn":[{"text":"Face Recognition Vendor Test","link":"https://csrc.nist.gov/glossary/term/face_recognition_vendor_test"}],"definitions":null},{"term":"FS","link":"https://csrc.nist.gov/glossary/term/fs","abbrSyn":[{"text":"Financial Sector","link":"https://csrc.nist.gov/glossary/term/financial_sector"}],"definitions":null},{"term":"FT","link":"https://csrc.nist.gov/glossary/term/ft","abbrSyn":[{"text":"Fast Transition","link":"https://csrc.nist.gov/glossary/term/fast_transition"},{"text":"Fault Tolerance"}],"definitions":null},{"term":"FTA","link":"https://csrc.nist.gov/glossary/term/fta","abbrSyn":[{"text":"Federal Transit Administration","link":"https://csrc.nist.gov/glossary/term/federal_transit_administration"}],"definitions":null},{"term":"FTD","link":"https://csrc.nist.gov/glossary/term/ftd","abbrSyn":[{"text":"Firepower Threat Defense","link":"https://csrc.nist.gov/glossary/term/firepower_threat_defense"}],"definitions":null},{"term":"FTE","link":"https://csrc.nist.gov/glossary/term/fte","abbrSyn":[{"text":"Failure to Enroll Rate","link":"https://csrc.nist.gov/glossary/term/failure_to_enroll_rate"}],"definitions":null},{"term":"FTP","link":"https://csrc.nist.gov/glossary/term/ftp","abbrSyn":[{"text":"File Transfer Protocol"}],"definitions":[{"text":"A standard for transferring files over the internet. FTP programs and utilities are used to upload and download web pages, graphics, and other files between local media and a remote server that allows FTP access.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under File Transfer Protocol "}]}]},{"term":"FTPS","link":"https://csrc.nist.gov/glossary/term/ftps","abbrSyn":[{"text":"File Transfer Protocol over TLS","link":"https://csrc.nist.gov/glossary/term/file_transfer_protocol_over_tls"},{"text":"File Transfer Protocol Secure","link":"https://csrc.nist.gov/glossary/term/file_transfer_protocol_secure"}],"definitions":null},{"term":"FTR","link":"https://csrc.nist.gov/glossary/term/ftr","abbrSyn":[{"text":"Field Tamper Recovery","link":"https://csrc.nist.gov/glossary/term/field_tamper_recovery"}],"definitions":null},{"term":"Full Disk Encryption","link":"https://csrc.nist.gov/glossary/term/full_disk_encryption","abbrSyn":[{"text":"FDE","link":"https://csrc.nist.gov/glossary/term/fde"}],"definitions":null},{"term":"Full node","link":"https://csrc.nist.gov/glossary/term/full_node","definitions":[{"text":"A blockchain node that stores the blockchain data, passes along the data to other nodes, and ensures that newly added blocks are valid and authentic.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Full Tunneling","link":"https://csrc.nist.gov/glossary/term/full_tunneling","definitions":[{"text":"A method that causes all network traffic to go through the tunnel to the organization.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"full/depot maintenance (COMSEC)","link":"https://csrc.nist.gov/glossary/term/full_depot_maintenance","definitions":[{"text":"Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including repair of defective assemblies by piece part replacement. See limited maintenance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}],"seeAlso":[{"text":"limited maintenance","link":"limited_maintenance"}]},{"term":"full-entropy bitstring","link":"https://csrc.nist.gov/glossary/term/full_entropy_bitstring","definitions":[{"text":"A bitstring with ideal randomness (i.e., the amount of entropy per bit is equal to 1). This publication proves that a bitstring satisfying a certain definition of full entropy has an entropy rate of at least \\(1-ε\\), where \\(ε\\) is at most \\(2^{-32}\\).","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]}]},{"term":"Fully Qualified Domain Name","link":"https://csrc.nist.gov/glossary/term/fully_qualified_domain_name","abbrSyn":[{"text":"FQDN","link":"https://csrc.nist.gov/glossary/term/fqdn"}],"definitions":[{"text":"An unambiguous identifier that contains every domain level, including the top-level domain.","sources":[{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27"}]}]},{"term":"Fully-Homomorphic Encryption","link":"https://csrc.nist.gov/glossary/term/fully_homomorphic_encryption","abbrSyn":[{"text":"FHE","link":"https://csrc.nist.gov/glossary/term/fhe"}],"definitions":null},{"term":"Function","link":"https://csrc.nist.gov/glossary/term/function","definitions":[{"text":"Used interchangeably with algorithm in this document.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"Primary unit within the Cybersecurity Framework. Exhibits basic cybersecurity activities at their highest level.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"},{"text":"NIST IR 8406","link":"https://doi.org/10.6028/NIST.IR.8406-upd1","note":" [Update 1]"}]},{"text":"One of the main components of the Framework. Functions provide the highest level of structure for organizing basic cybersecurity activities into Categories and Subcategories. The five functions are Identify, Protect, Detect, Respond, and Recover.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"A component of the Core that provides the highest level of structure for organizing basic privacy activities into Categories and Subcategories.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Functional Dependency Network Analysis","link":"https://csrc.nist.gov/glossary/term/functional_dependency_network_analysis","abbrSyn":[{"text":"FDNA","link":"https://csrc.nist.gov/glossary/term/fdna"}],"definitions":null},{"term":"Functional Exercise","link":"https://csrc.nist.gov/glossary/term/functional_exercise","definitions":[{"text":"An exercise that allows personnel with operational responsibilities to validate their IT plans and their operational readiness for emergencies in a simulated operational environment.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"functional testing","link":"https://csrc.nist.gov/glossary/term/functional_testing","definitions":[{"text":"Segment of quality assurance testing in which advertised security mechanisms of an information system are tested against a specification.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Testing that verifies that an implementation of some function operates correctly.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Functional testing "}]}]},{"term":"Fungible","link":"https://csrc.nist.gov/glossary/term/fungible","definitions":[{"text":"Refers to something that is replaceable or interchangeable (i.e., not uniquely identifiable).","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"FuSE","link":"https://csrc.nist.gov/glossary/term/fuse","abbrSyn":[{"text":"Future of Systems Engineering","link":"https://csrc.nist.gov/glossary/term/future_of_systems_engineering"}],"definitions":null},{"term":"Future of Privacy Forum","link":"https://csrc.nist.gov/glossary/term/future_of_privacy_forum","abbrSyn":[{"text":"FPF","link":"https://csrc.nist.gov/glossary/term/fpf"}],"definitions":null},{"term":"Future of Systems Engineering","link":"https://csrc.nist.gov/glossary/term/future_of_systems_engineering","abbrSyn":[{"text":"FuSE","link":"https://csrc.nist.gov/glossary/term/fuse"}],"definitions":null},{"term":"Fuzz Testing","link":"https://csrc.nist.gov/glossary/term/fuzz_testing","definitions":[{"text":"Similar to fault injection in that invalid data is input into the application via the environment, or input by one process into another process. Fuzz testing is implemented by tools called fuzzers, which are programs or script that submit some combination of inputs to the test target to reveal how it responds.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"DHS Security in the Software Lifecycle","link":"https://buildsecurityin.us-cert.gov"}]}]}]},{"term":"FVP","link":"https://csrc.nist.gov/glossary/term/fvp","abbrSyn":[{"text":"Fixed Virtual Platform","link":"https://csrc.nist.gov/glossary/term/fixed_virtual_platform"}],"definitions":null},{"term":"FY","link":"https://csrc.nist.gov/glossary/term/fy","abbrSyn":[{"text":"Fiscal Year","link":"https://csrc.nist.gov/glossary/term/fiscal_year"}],"definitions":null},{"term":"G","link":"https://csrc.nist.gov/glossary/term/upper_g","abbrSyn":[{"text":"Generic","link":"https://csrc.nist.gov/glossary/term/generic"}],"definitions":null},{"term":"G2B","link":"https://csrc.nist.gov/glossary/term/g2b","abbrSyn":[{"text":"Government to Business (private industry)","link":"https://csrc.nist.gov/glossary/term/government_to_business_private_industry"}],"definitions":null},{"term":"G2G","link":"https://csrc.nist.gov/glossary/term/g2g","abbrSyn":[{"text":"Government to Government","link":"https://csrc.nist.gov/glossary/term/government_to_government"}],"definitions":null},{"term":"G8","link":"https://csrc.nist.gov/glossary/term/g8","abbrSyn":[{"text":"Group of Eight","link":"https://csrc.nist.gov/glossary/term/group_of_eight"}],"definitions":null},{"term":"GA4GH","link":"https://csrc.nist.gov/glossary/term/ga4gh","abbrSyn":[{"text":"Global Alliance for Genomic Health","link":"https://csrc.nist.gov/glossary/term/global_alliance_for_genomic_health"}],"definitions":null},{"term":"Galois Counter Mode (algorithm)","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode_algorithm","abbrSyn":[{"text":"GCM","link":"https://csrc.nist.gov/glossary/term/gcm"}],"definitions":[{"text":"Galois/Counter Mode","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under GCM "}]}]},{"term":"Galois Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/galois_message_authentication_code","abbrSyn":[{"text":"GMAC","link":"https://csrc.nist.gov/glossary/term/gmac"}],"definitions":null},{"term":"Galois/Counter Mode","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode","abbrSyn":[{"text":"GCM","link":"https://csrc.nist.gov/glossary/term/gcm"}],"definitions":[{"text":"Galois/Counter Mode","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under GCM "}]}]},{"term":"Galois/Counter Mode Protocol","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode_protocol","abbrSyn":[{"text":"GCMP","link":"https://csrc.nist.gov/glossary/term/gcmp"}],"definitions":null},{"term":"GAO","link":"https://csrc.nist.gov/glossary/term/gao","abbrSyn":[{"text":"General Accountability Office","link":"https://csrc.nist.gov/glossary/term/general_accountability_office"},{"text":"Government Accountability Office","link":"https://csrc.nist.gov/glossary/term/government_accountability_office"},{"text":"Government Accounting Office","link":"https://csrc.nist.gov/glossary/term/government_accounting_office"},{"text":"U.S. Government Accountability Office"}],"definitions":null},{"term":"Gap Shortest Vector Problem","link":"https://csrc.nist.gov/glossary/term/gap_shortest_vector_problem","abbrSyn":[{"text":"gapSVP","link":"https://csrc.nist.gov/glossary/term/gapsvp"}],"definitions":null},{"term":"gapSVP","link":"https://csrc.nist.gov/glossary/term/gapsvp","abbrSyn":[{"text":"Gap Shortest Vector Problem","link":"https://csrc.nist.gov/glossary/term/gap_shortest_vector_problem"}],"definitions":null},{"term":"Gate Equivalents","link":"https://csrc.nist.gov/glossary/term/gate_equivalents","abbrSyn":[{"text":"GE","link":"https://csrc.nist.gov/glossary/term/ge"}],"definitions":null},{"term":"gateway","link":"https://csrc.nist.gov/glossary/term/gateway","abbrSyn":[{"text":"Generic Access Profile","link":"https://csrc.nist.gov/glossary/term/generic_access_profile"},{"text":"GW","link":"https://csrc.nist.gov/glossary/term/gw"}],"definitions":[{"text":"An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Gateway ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"Gaussian Frequency-Shift Keying","link":"https://csrc.nist.gov/glossary/term/gaussian_frequency_shift_keying","abbrSyn":[{"text":"GFSK","link":"https://csrc.nist.gov/glossary/term/gfsk"}],"definitions":null},{"term":"GB","link":"https://csrc.nist.gov/glossary/term/gb_caps","abbrSyn":[{"text":"gigabyte","link":"https://csrc.nist.gov/glossary/term/gigabyte"},{"text":"Gigabyte"},{"text":"GigaByte"},{"text":"Gigabyte(s)"}],"definitions":null},{"term":"Gb","link":"https://csrc.nist.gov/glossary/term/gb","abbrSyn":[{"text":"Gigabit","link":"https://csrc.nist.gov/glossary/term/gigabit"},{"text":"Gigabyte(s)"}],"definitions":null},{"term":"GbE","link":"https://csrc.nist.gov/glossary/term/gbe","abbrSyn":[{"text":"Gigabit(s) Ethernet","link":"https://csrc.nist.gov/glossary/term/gigabits_ethernet"}],"definitions":null},{"term":"Gbps","link":"https://csrc.nist.gov/glossary/term/gbps","abbrSyn":[{"text":"Gigabit(s) per Second (Billions of Bits per Second)"},{"text":"Gigabits per second","link":"https://csrc.nist.gov/glossary/term/gigabits_per_second"}],"definitions":null},{"term":"GCA","link":"https://csrc.nist.gov/glossary/term/gca","abbrSyn":[{"text":"Global Cyber Alliance","link":"https://csrc.nist.gov/glossary/term/global_cyber_alliance"},{"text":"Government Contracting Activity","link":"https://csrc.nist.gov/glossary/term/government_contracting_activity"}],"definitions":null},{"term":"GCC","link":"https://csrc.nist.gov/glossary/term/gcc","abbrSyn":[{"text":"GlobalSign Certificate Center","link":"https://csrc.nist.gov/glossary/term/globalsign_certificate_center"},{"text":"Government Coordinating Council","link":"https://csrc.nist.gov/glossary/term/government_coordinating_council"}],"definitions":null},{"term":"GCIP","link":"https://csrc.nist.gov/glossary/term/gcip","abbrSyn":[{"text":"GIAC Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/giac_critical_infrastructure_protection"}],"definitions":null},{"term":"GCM","link":"https://csrc.nist.gov/glossary/term/gcm","abbrSyn":[{"text":"Galois Counter Mode"},{"text":"Galois Counter Mode (algorithm)","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode_algorithm"},{"text":"Galois/Counter Mode","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode"},{"text":"Google Cloud Messenger","link":"https://csrc.nist.gov/glossary/term/google_cloud_messenger"}],"definitions":[{"text":"Galois/Counter Mode","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"GCMP","link":"https://csrc.nist.gov/glossary/term/gcmp","abbrSyn":[{"text":"Galois/Counter Mode Protocol","link":"https://csrc.nist.gov/glossary/term/galois_counter_mode_protocol"}],"definitions":null},{"term":"GCSE","link":"https://csrc.nist.gov/glossary/term/gcse","abbrSyn":[{"text":"Group Communication System Enablers","link":"https://csrc.nist.gov/glossary/term/group_communication_system_enablers"}],"definitions":null},{"term":"GDGPS","link":"https://csrc.nist.gov/glossary/term/gdgps","abbrSyn":[{"text":"Global Differential GPS System","link":"https://csrc.nist.gov/glossary/term/global_differential_gps_system"}],"definitions":null},{"term":"GDI","link":"https://csrc.nist.gov/glossary/term/gdi","abbrSyn":[{"text":"Graphics Device Interface","link":"https://csrc.nist.gov/glossary/term/graphics_device_interface"}],"definitions":null},{"term":"GDOI","link":"https://csrc.nist.gov/glossary/term/gdoi","abbrSyn":[{"text":"Group Domain of Interpretation","link":"https://csrc.nist.gov/glossary/term/group_domain_of_interpretation"}],"definitions":null},{"term":"GDPR","link":"https://csrc.nist.gov/glossary/term/gdpr","abbrSyn":[{"text":"General Data Protection Regulation","link":"https://csrc.nist.gov/glossary/term/general_data_protection_regulation"}],"definitions":null},{"term":"GE","link":"https://csrc.nist.gov/glossary/term/ge","abbrSyn":[{"text":"Gate Equivalent"},{"text":"Gate Equivalents","link":"https://csrc.nist.gov/glossary/term/gate_equivalents"}],"definitions":null},{"term":"General Accountability Office","link":"https://csrc.nist.gov/glossary/term/general_accountability_office","abbrSyn":[{"text":"GAO","link":"https://csrc.nist.gov/glossary/term/gao"}],"definitions":null},{"term":"General Data Protection Regulation","link":"https://csrc.nist.gov/glossary/term/general_data_protection_regulation","abbrSyn":[{"text":"GDPR","link":"https://csrc.nist.gov/glossary/term/gdpr"}],"definitions":null},{"term":"General Exploit Level","link":"https://csrc.nist.gov/glossary/term/general_exploit_level","definitions":[{"text":"measures the prevalence of attacks against a misuse vulnerability—how often any vulnerable system is likely to come under attack.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"General Packet Radio Service (GPRS)","link":"https://csrc.nist.gov/glossary/term/general_packet_radio_service","abbrSyn":[{"text":"GPRS","link":"https://csrc.nist.gov/glossary/term/gprs"}],"definitions":[{"text":"A packet switching enhancement to GSM and TDMA wireless networks to increase data transmission speeds.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under General Packet Radio Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under General Packet Radio Service "}]}]},{"term":"General Public License","link":"https://csrc.nist.gov/glossary/term/general_public_license","abbrSyn":[{"text":"GPL","link":"https://csrc.nist.gov/glossary/term/gpl"}],"definitions":null},{"term":"General Records Schedule","link":"https://csrc.nist.gov/glossary/term/general_records_schedule","abbrSyn":[{"text":"GRS","link":"https://csrc.nist.gov/glossary/term/grs"}],"definitions":null},{"term":"general reference monitor concept","link":"https://csrc.nist.gov/glossary/term/general_reference_monitor_concept","definitions":[{"text":"An abstract model of the necessary and sufficient properties that must be achieved by any mechanism that enforces a constraint.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Engineering a Safer World – Systems Thinking Applied to Safety","link":"https://direct.mit.edu/books/book/2908/Engineering-a-Safer-WorldSystems-Thinking-Applied"},{"text":"ESD-TR-73-51","link":"https://apps.dtic.mil/sti/citations/AD0758206"}]}]}]},{"term":"General Remediation Level","link":"https://csrc.nist.gov/glossary/term/general_remediation_level","definitions":[{"text":"measures the availability of remediation measures that can mitigate the vulnerability other than rendering the misused software feature useless (e.g., disabling the affected feature, removing the software).","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"General Services Administration","link":"https://csrc.nist.gov/glossary/term/general_services_administration","abbrSyn":[{"text":"GSA","link":"https://csrc.nist.gov/glossary/term/gsa"}],"definitions":null},{"term":"general support system (GSS)","link":"https://csrc.nist.gov/glossary/term/general_support_system","abbrSyn":[{"text":"GSS","link":"https://csrc.nist.gov/glossary/term/gss"}],"definitions":[{"text":"An interconnected set of information resources under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, and people.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]}]},{"term":"Generalized TTL Security Mechanism (GTSM)","link":"https://csrc.nist.gov/glossary/term/generalized_ttl_security_mechanism","abbrSyn":[{"text":"GTSM","link":"https://csrc.nist.gov/glossary/term/gtsm"}],"definitions":[{"text":"A configuration in which BGP peers set the TTL value to 255 as a means of preventing forged packets from distant attackers.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"General-purpose operating system","link":"https://csrc.nist.gov/glossary/term/general_purpose_operating_system","definitions":[{"text":"A host operating system that can be used to run many kinds of applications, not just applications in containers.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"Generation-Encryption","link":"https://csrc.nist.gov/glossary/term/generation_encryption","definitions":[{"text":"The process of CCM in which a MAC is generated on the payload and the associated data, and encryption is applied to the payload and the MAC.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Generator ID","link":"https://csrc.nist.gov/glossary/term/generator_id","abbrSyn":[{"text":"GID","link":"https://csrc.nist.gov/glossary/term/gid"}],"definitions":null},{"term":"Generic","link":"https://csrc.nist.gov/glossary/term/generic","abbrSyn":[{"text":"G","link":"https://csrc.nist.gov/glossary/term/upper_g"}],"definitions":null},{"term":"Generic Network Virtualization Encapsulation","link":"https://csrc.nist.gov/glossary/term/generic_network_virtualization_encapsulation","abbrSyn":[{"text":"GENEVE","link":"https://csrc.nist.gov/glossary/term/geneve"}],"definitions":null},{"term":"Generic Routing Encapsulation","link":"https://csrc.nist.gov/glossary/term/generic_routing_encapsulation","abbrSyn":[{"text":"GRE","link":"https://csrc.nist.gov/glossary/term/gre"}],"definitions":null},{"term":"Generic Security Services Application Program Interface","link":"https://csrc.nist.gov/glossary/term/generic_security_services_application_program_interface","abbrSyn":[{"text":"GSSAPI","link":"https://csrc.nist.gov/glossary/term/gssapi"}],"definitions":null},{"term":"Generic Segmentation Offload","link":"https://csrc.nist.gov/glossary/term/generic_segmentation_offload","abbrSyn":[{"text":"GSO","link":"https://csrc.nist.gov/glossary/term/gso"}],"definitions":null},{"term":"Generic Token Card","link":"https://csrc.nist.gov/glossary/term/generic_token_card","abbrSyn":[{"text":"GTC","link":"https://csrc.nist.gov/glossary/term/gtc"}],"definitions":null},{"term":"Generic Top-level Domain","link":"https://csrc.nist.gov/glossary/term/generic_top_level_domain","abbrSyn":[{"text":"gTLD","link":"https://csrc.nist.gov/glossary/term/gtld"}],"definitions":null},{"term":"Genesis block","link":"https://csrc.nist.gov/glossary/term/genesis_block","definitions":[{"text":"The first block of a blockchain network; it records the initial state of the system.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Genetic Information Nondiscrimination Act","link":"https://csrc.nist.gov/glossary/term/genetic_information_nondiscrimination_act","abbrSyn":[{"text":"GINA","link":"https://csrc.nist.gov/glossary/term/gina"}],"definitions":null},{"term":"GENEVE","link":"https://csrc.nist.gov/glossary/term/geneve","abbrSyn":[{"text":"Generic Network Virtualization Encapsulation","link":"https://csrc.nist.gov/glossary/term/generic_network_virtualization_encapsulation"}],"definitions":null},{"term":"Genome-Wide Association Studies","link":"https://csrc.nist.gov/glossary/term/genome_wide_association_studies","abbrSyn":[{"text":"GWAS","link":"https://csrc.nist.gov/glossary/term/gwas"}],"definitions":null},{"term":"genomic information","link":"https://csrc.nist.gov/glossary/term/genomic_information","definitions":[{"text":"Information based on an individual's genome, such as a sequence of DNA or the results of genetic testing.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"information based on an individual’s genome, such as a sequence of DNA or the results of genetic testing","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Geolocation","link":"https://csrc.nist.gov/glossary/term/geolocation","definitions":[{"text":"Determining the approximate physical location of an object, such as a cloud computing server.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19"}]}]},{"term":"Geometric Random Variable","link":"https://csrc.nist.gov/glossary/term/geometric_random_variable","definitions":[{"text":"A random variable that takes the value k, a non-negative integer with probability pk(1-p). The random variable x is the number of successes before a failure in an infinite series of Bernoulli trials.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"George Mason University","link":"https://csrc.nist.gov/glossary/term/george_mason_university","abbrSyn":[{"text":"GMU","link":"https://csrc.nist.gov/glossary/term/gmu"}],"definitions":null},{"term":"GFCE","link":"https://csrc.nist.gov/glossary/term/gfce","abbrSyn":[{"text":"Global Forum for Cyber Expertise","link":"https://csrc.nist.gov/glossary/term/global_forum_for_cyber_expertise"}],"definitions":null},{"term":"GFIRST","link":"https://csrc.nist.gov/glossary/term/gfirst","abbrSyn":[{"text":"Government Forum of Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/government_forum_of_incident_response_and_security_teams"}],"definitions":null},{"term":"GFSK","link":"https://csrc.nist.gov/glossary/term/gfsk","abbrSyn":[{"text":"Gaussian Frequency-Shift Keying","link":"https://csrc.nist.gov/glossary/term/gaussian_frequency_shift_keying"}],"definitions":null},{"term":"GHz","link":"https://csrc.nist.gov/glossary/term/ghz","abbrSyn":[{"text":"Gigahertz","link":"https://csrc.nist.gov/glossary/term/gigahertz"}],"definitions":null},{"term":"GIAC","link":"https://csrc.nist.gov/glossary/term/giac","abbrSyn":[{"text":"Global Information Assurance Certification","link":"https://csrc.nist.gov/glossary/term/global_information_assurance_certification"}],"definitions":null},{"term":"GIAC Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/giac_critical_infrastructure_protection","abbrSyn":[{"text":"GCIP","link":"https://csrc.nist.gov/glossary/term/gcip"}],"definitions":null},{"term":"GIAC Response and Industrial Defense","link":"https://csrc.nist.gov/glossary/term/giac_response_and_industrial_defense","abbrSyn":[{"text":"GRID","link":"https://csrc.nist.gov/glossary/term/grid"}],"definitions":null},{"term":"GiB","link":"https://csrc.nist.gov/glossary/term/gibi_byte","definitions":[{"text":"Gibi Byte, Measuring Unit 230 Bytes = 1,073,741,824 Bytes","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"GICSP","link":"https://csrc.nist.gov/glossary/term/gicsp","abbrSyn":[{"text":"Global Industrial Cyber Security Professional","link":"https://csrc.nist.gov/glossary/term/global_industrial_cyber_security_professional"}],"definitions":null},{"term":"GID","link":"https://csrc.nist.gov/glossary/term/gid","abbrSyn":[{"text":"Generator ID","link":"https://csrc.nist.gov/glossary/term/generator_id"}],"definitions":null},{"term":"GIDEP","link":"https://csrc.nist.gov/glossary/term/gidep","abbrSyn":[{"text":"Government-Industry Data Exchange Program","link":"https://csrc.nist.gov/glossary/term/government_industry_data_exchange_program"}],"definitions":null},{"term":"GIG","link":"https://csrc.nist.gov/glossary/term/gig","abbrSyn":[{"text":"Global Information Grid","link":"https://csrc.nist.gov/glossary/term/global_information_grid"}],"definitions":null},{"term":"Gigabit","link":"https://csrc.nist.gov/glossary/term/gigabit","abbrSyn":[{"text":"Gb","link":"https://csrc.nist.gov/glossary/term/gb"}],"definitions":null},{"term":"Gigabit(s) Ethernet","link":"https://csrc.nist.gov/glossary/term/gigabits_ethernet","abbrSyn":[{"text":"GbE","link":"https://csrc.nist.gov/glossary/term/gbe"}],"definitions":null},{"term":"Gigabits per second","link":"https://csrc.nist.gov/glossary/term/gigabits_per_second","abbrSyn":[{"text":"Gbps","link":"https://csrc.nist.gov/glossary/term/gbps"}],"definitions":null},{"term":"gigabyte","link":"https://csrc.nist.gov/glossary/term/gigabyte","abbrSyn":[{"text":"Gb","link":"https://csrc.nist.gov/glossary/term/gb"},{"text":"GB","link":"https://csrc.nist.gov/glossary/term/gb_caps"}],"definitions":null},{"term":"Gigahertz","link":"https://csrc.nist.gov/glossary/term/gigahertz","abbrSyn":[{"text":"GHz","link":"https://csrc.nist.gov/glossary/term/ghz"}],"definitions":null},{"term":"GKH","link":"https://csrc.nist.gov/glossary/term/gkh","abbrSyn":[{"text":"Good Known Host","link":"https://csrc.nist.gov/glossary/term/good_known_host"}],"definitions":null},{"term":"GLBA","link":"https://csrc.nist.gov/glossary/term/glba","abbrSyn":[{"text":"Gramm-Leach-Bliley Act","link":"https://csrc.nist.gov/glossary/term/gramm_leach_bliley_act"}],"definitions":null},{"term":"Global Alliance for Genomic Health","link":"https://csrc.nist.gov/glossary/term/global_alliance_for_genomic_health","abbrSyn":[{"text":"GA4GH","link":"https://csrc.nist.gov/glossary/term/ga4gh"}],"definitions":null},{"term":"Global Cyber Alliance","link":"https://csrc.nist.gov/glossary/term/global_cyber_alliance","abbrSyn":[{"text":"GCA","link":"https://csrc.nist.gov/glossary/term/gca"}],"definitions":null},{"term":"Global Differential GPS System","link":"https://csrc.nist.gov/glossary/term/global_differential_gps_system","abbrSyn":[{"text":"GDGPS","link":"https://csrc.nist.gov/glossary/term/gdgps"}],"definitions":null},{"term":"Global Forum for Cyber Expertise","link":"https://csrc.nist.gov/glossary/term/global_forum_for_cyber_expertise","abbrSyn":[{"text":"GFCE","link":"https://csrc.nist.gov/glossary/term/gfce"}],"definitions":null},{"term":"Global Industrial Cyber Security Professional","link":"https://csrc.nist.gov/glossary/term/global_industrial_cyber_security_professional","abbrSyn":[{"text":"GICSP","link":"https://csrc.nist.gov/glossary/term/gicsp"}],"definitions":null},{"term":"Global Information Assurance Certification","link":"https://csrc.nist.gov/glossary/term/global_information_assurance_certification","abbrSyn":[{"text":"GIAC","link":"https://csrc.nist.gov/glossary/term/giac"}],"definitions":null},{"term":"Global Information Grid","link":"https://csrc.nist.gov/glossary/term/global_information_grid","abbrSyn":[{"text":"GIG","link":"https://csrc.nist.gov/glossary/term/gig"}],"definitions":[{"text":"The globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and National Security Systems. Non-GIG information technology (IT) includes stand-alone, self-contained, or embedded IT that is not, and will not be, connected to the enterprise network. \nRationale: Term has been replaced by the term “Department of Defense information networks (DODIN)”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under global information grid ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"Global Name Server","link":"https://csrc.nist.gov/glossary/term/global_name_server","abbrSyn":[{"text":"GNS","link":"https://csrc.nist.gov/glossary/term/gns"}],"definitions":null},{"term":"Global Navigation Satellite System","link":"https://csrc.nist.gov/glossary/term/global_navigation_satellite_system","abbrSyn":[{"text":"GNSS","link":"https://csrc.nist.gov/glossary/term/gnss"}],"definitions":[{"text":"GNSS collectively refers to the worldwide positioning, navigation, and timing (PNT) determination capability available from one or more satellite constellations. Each GNSS system employs a constellation of satellites that operate in conjunction with a network of ground stations. Receivers and system integrity monitoring are augmented as necessary to support the required position, navigation, and timing performance for the intended operation.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - adapted"},{"text":"ICAO 9849","link":"https://store.icao.int/en/global-navigation-satellite-system-gnss-manual-doc-9849","note":" - adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - adapted"},{"text":"ICAO 9849","link":"https://store.icao.int/en/global-navigation-satellite-system-gnss-manual-doc-9849","note":" - adapted"}]}]}]},{"term":"Global Positioning System","link":"https://csrc.nist.gov/glossary/term/global_positioning_system","abbrSyn":[{"text":"GPS","link":"https://csrc.nist.gov/glossary/term/gps"}],"definitions":[{"text":"The Global Positioning System (GPS) is a U.S.-owned utility that provides users with positioning, navigation, and timing (PNT) services. This system consists of three segments: the space segment, the control segment, and the user segment. The U.S. Space Force develops, maintains, and operates the space and control segments.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"GPS GNSS","link":"https://www.gps.gov/systems/gnss/"}]}]},{"text":"A system for determining position by comparing radio signals from several satellites.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Global Positioning System (GPS) "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"The Global Positioning System (GPS) is a U.S.-owned utility that provides users with positioning, navigation, and timing (PNT) services. This system consists of three segments: the space segment, the control segment, and the user segment. The U.S. Space Force develops, maintains, and operates the space and control segments.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under GPS ","refSources":[{"text":"GPS GNSS","link":"https://www.gps.gov/systems/gnss/"}]}]}]},{"term":"Global Positioning System Systems Engineering & Integration","link":"https://csrc.nist.gov/glossary/term/global_positioning_system_systems_engineering_and_integration","abbrSyn":[{"text":"GPS SE&I","link":"https://csrc.nist.gov/glossary/term/gps_se_and_i"}],"definitions":null},{"term":"Global Standards One","link":"https://csrc.nist.gov/glossary/term/global_standards_one","abbrSyn":[{"text":"GS1","link":"https://csrc.nist.gov/glossary/term/gs1"}],"definitions":null},{"term":"Global Structure/Global Value","link":"https://csrc.nist.gov/glossary/term/global_structure_global_value","definitions":[{"text":"A structure/value that is available by all routines in the test code.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Global System for Mobile Communications (GSM)","link":"https://csrc.nist.gov/glossary/term/global_system_for_mobile_communications","abbrSyn":[{"text":"GSM","link":"https://csrc.nist.gov/glossary/term/gsm"}],"definitions":[{"text":"A set of standards for second generation, cellular networks currently maintained by the 3rd Generation Partnership Project (3GPP).","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Global System for Mobile Communications "}]},{"text":"a set of standards for second generation cellular networks currently maintained by the 3rd Generation Partnership Project (3GPP).","sources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Global System for Mobile Communications "}]}]},{"term":"Globally Unique Identifier","link":"https://csrc.nist.gov/glossary/term/globally_unique_identifier","abbrSyn":[{"text":"GUID","link":"https://csrc.nist.gov/glossary/term/guid"}],"definitions":[{"text":"An identifier formatted following special conventions to support uniqueness within an organization and across all organizations creating identifiers. See Section 3.1.3 for the conventions.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3","underTerm":" under Globally unique identifier "},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2","underTerm":" under Globally unique identifier "}]}]},{"term":"Globally Unique Temporary Identity","link":"https://csrc.nist.gov/glossary/term/globally_unique_temporary_identity","abbrSyn":[{"text":"GUTI","link":"https://csrc.nist.gov/glossary/term/guti"}],"definitions":null},{"term":"GlobalSign Certificate Center","link":"https://csrc.nist.gov/glossary/term/globalsign_certificate_center","abbrSyn":[{"text":"GCC","link":"https://csrc.nist.gov/glossary/term/gcc"}],"definitions":null},{"term":"GMAC","link":"https://csrc.nist.gov/glossary/term/gmac","abbrSyn":[{"text":"Galois Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/galois_message_authentication_code"}],"definitions":null},{"term":"GMK","link":"https://csrc.nist.gov/glossary/term/gmk","abbrSyn":[{"text":"Group Main Key","link":"https://csrc.nist.gov/glossary/term/group_main_key"},{"text":"Group Master Key","link":"https://csrc.nist.gov/glossary/term/group_master_key"}],"definitions":null},{"term":"GMT","link":"https://csrc.nist.gov/glossary/term/gmt","abbrSyn":[{"text":"Greenwich Mean Time","link":"https://csrc.nist.gov/glossary/term/greenwich_mean_time"}],"definitions":null},{"term":"GMU","link":"https://csrc.nist.gov/glossary/term/gmu","abbrSyn":[{"text":"George Mason University","link":"https://csrc.nist.gov/glossary/term/george_mason_university"}],"definitions":null},{"term":"GNS","link":"https://csrc.nist.gov/glossary/term/gns","abbrSyn":[{"text":"Global Name Server","link":"https://csrc.nist.gov/glossary/term/global_name_server"}],"definitions":null},{"term":"GNSS","link":"https://csrc.nist.gov/glossary/term/gnss","abbrSyn":[{"text":"Global Navigation Satellite System","link":"https://csrc.nist.gov/glossary/term/global_navigation_satellite_system"}],"definitions":[{"text":"GNSS collectively refers to the worldwide positioning, navigation, and timing (PNT) determination capability available from one or more satellite constellations. Each GNSS system employs a constellation of satellites that operate in conjunction with a network of ground stations. Receivers and system integrity monitoring are augmented as necessary to support the required position, navigation, and timing performance for the intended operation.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Global Navigation Satellite System ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - adapted"},{"text":"ICAO 9849","link":"https://store.icao.int/en/global-navigation-satellite-system-gnss-manual-doc-9849","note":" - adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under Global Navigation Satellite System ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - adapted"},{"text":"ICAO 9849","link":"https://store.icao.int/en/global-navigation-satellite-system-gnss-manual-doc-9849","note":" - adapted"}]}]}]},{"term":"Goal","link":"https://csrc.nist.gov/glossary/term/goal","definitions":[{"text":"Intended outcome.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","refSources":[{"text":"ISO 9241-11:1998"}]}]}]},{"term":"Goal Structuring Notation","link":"https://csrc.nist.gov/glossary/term/goal_structuring_notation","abbrSyn":[{"text":"GSN","link":"https://csrc.nist.gov/glossary/term/gsn"}],"definitions":null},{"term":"Good Known Host","link":"https://csrc.nist.gov/glossary/term/good_known_host","abbrSyn":[{"text":"GKH","link":"https://csrc.nist.gov/glossary/term/gkh"}],"definitions":null},{"term":"Google Cloud Messenger","link":"https://csrc.nist.gov/glossary/term/google_cloud_messenger","abbrSyn":[{"text":"GCM","link":"https://csrc.nist.gov/glossary/term/gcm"}],"definitions":[{"text":"Galois/Counter Mode","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under GCM "}]}]},{"term":"GOTS","link":"https://csrc.nist.gov/glossary/term/gots","abbrSyn":[{"text":"Government Off-the-Shelf"},{"text":"Government Off-The-Shelf","link":"https://csrc.nist.gov/glossary/term/government_off_the_shelf"},{"text":"Government-off-the-Shelf"}],"definitions":null},{"term":"governance, risk, and compliance","link":"https://csrc.nist.gov/glossary/term/governance_risk_and_compliance","abbrSyn":[{"text":"GRC","link":"https://csrc.nist.gov/glossary/term/grc"}],"definitions":null},{"term":"Government","link":"https://csrc.nist.gov/glossary/term/government","abbrSyn":[{"text":"GOVT","link":"https://csrc.nist.gov/glossary/term/govt"}],"definitions":null},{"term":"Government Accountability Office","link":"https://csrc.nist.gov/glossary/term/government_accountability_office","abbrSyn":[{"text":"GAO","link":"https://csrc.nist.gov/glossary/term/gao"}],"definitions":null},{"term":"Government Accounting Office","link":"https://csrc.nist.gov/glossary/term/government_accounting_office","abbrSyn":[{"text":"GAO","link":"https://csrc.nist.gov/glossary/term/gao"}],"definitions":null},{"term":"Government Contracting Activity","link":"https://csrc.nist.gov/glossary/term/government_contracting_activity","abbrSyn":[{"text":"GCA","link":"https://csrc.nist.gov/glossary/term/gca"}],"definitions":null},{"term":"Government Coordinating Council","link":"https://csrc.nist.gov/glossary/term/government_coordinating_council","abbrSyn":[{"text":"GCC","link":"https://csrc.nist.gov/glossary/term/gcc"}],"definitions":null},{"term":"Government Forum of Incident Response and Security Teams","link":"https://csrc.nist.gov/glossary/term/government_forum_of_incident_response_and_security_teams","abbrSyn":[{"text":"GFIRST","link":"https://csrc.nist.gov/glossary/term/gfirst"}],"definitions":null},{"term":"Government Off-The-Shelf","link":"https://csrc.nist.gov/glossary/term/government_off_the_shelf","abbrSyn":[{"text":"GOTS","link":"https://csrc.nist.gov/glossary/term/gots"}],"definitions":[{"text":"A software and/or hardware product that is developed by the technical staff of a Government organization for use by the U.S. Government. GOTS software and hardware may be developed by an external entity, with specification from the Government organization to meet a specific Government purpose, and can normally be shared among Federal agencies without additional cost. GOTS products and systems are not commercially available to the general public. Sales and distribution of GOTS products and systems are controlled by the Government.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under government off the shelf (GOTS) ","refSources":[{"text":"NSA/CSS Policy 3-14"}]}]}]},{"term":"Government Performance and Results Act","link":"https://csrc.nist.gov/glossary/term/government_performance_and_results_act","abbrSyn":[{"text":"GPRA","link":"https://csrc.nist.gov/glossary/term/gpra"}],"definitions":null},{"term":"Government Smart Card Interoperability Specification","link":"https://csrc.nist.gov/glossary/term/government_smart_card_interoperability_specification","abbrSyn":[{"text":"GSC-IS","link":"https://csrc.nist.gov/glossary/term/gsc_is"}],"definitions":null},{"term":"Government to Business (private industry)","link":"https://csrc.nist.gov/glossary/term/government_to_business_private_industry","abbrSyn":[{"text":"G2B","link":"https://csrc.nist.gov/glossary/term/g2b"}],"definitions":null},{"term":"Government to Government","link":"https://csrc.nist.gov/glossary/term/government_to_government","abbrSyn":[{"text":"G2G","link":"https://csrc.nist.gov/glossary/term/g2g"}],"definitions":null},{"term":"Government-Industry Data Exchange Program","link":"https://csrc.nist.gov/glossary/term/government_industry_data_exchange_program","abbrSyn":[{"text":"GIDEP","link":"https://csrc.nist.gov/glossary/term/gidep"}],"definitions":null},{"term":"Govern-P (Function)","link":"https://csrc.nist.gov/glossary/term/govern_pf","definitions":[{"text":"Develop and implement the organizational governance structure to enable an ongoing understanding of the organization’s risk management priorities that are informed by privacy risk.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"GOVT","link":"https://csrc.nist.gov/glossary/term/govt","abbrSyn":[{"text":"Government","link":"https://csrc.nist.gov/glossary/term/government"}],"definitions":null},{"term":"GPEA","link":"https://csrc.nist.gov/glossary/term/gpea","abbrSyn":[{"text":"Government Paperwork Elimination Act"},{"text":"Government Paperwork Elimination Act of 1998"}],"definitions":null},{"term":"GPL","link":"https://csrc.nist.gov/glossary/term/gpl","abbrSyn":[{"text":"General Public License","link":"https://csrc.nist.gov/glossary/term/general_public_license"}],"definitions":null},{"term":"GPMC","link":"https://csrc.nist.gov/glossary/term/gpmc","abbrSyn":[{"text":"Group Policy Management Console","link":"https://csrc.nist.gov/glossary/term/group_policy_management_console"}],"definitions":null},{"term":"GPO","link":"https://csrc.nist.gov/glossary/term/gpo","abbrSyn":[{"text":"Group Policies Objects","link":"https://csrc.nist.gov/glossary/term/group_policies_objects"},{"text":"Group Policy Object","link":"https://csrc.nist.gov/glossary/term/group_policy_object"}],"definitions":null},{"term":"GPRA","link":"https://csrc.nist.gov/glossary/term/gpra","abbrSyn":[{"text":"Government Performance and Results Act","link":"https://csrc.nist.gov/glossary/term/government_performance_and_results_act"}],"definitions":null},{"term":"GPRS","link":"https://csrc.nist.gov/glossary/term/gprs","abbrSyn":[{"text":"General Packet Radio Service"}],"definitions":[{"text":"A packet switching enhancement to GSM and TDMA wireless networks to increase data transmission speeds.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under General Packet Radio Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under General Packet Radio Service "}]}]},{"term":"GPRS Location Information","link":"https://csrc.nist.gov/glossary/term/gprs_location_information","definitions":[{"text":"the Routing Area Information (RAI), Routing Area update status, and other location information maintained on the SIM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"GPS","link":"https://csrc.nist.gov/glossary/term/gps","abbrSyn":[{"text":"Global Positioning System","link":"https://csrc.nist.gov/glossary/term/global_positioning_system"}],"definitions":[{"text":"The Global Positioning System (GPS) is a U.S.-owned utility that provides users with positioning, navigation, and timing (PNT) services. This system consists of three segments: the space segment, the control segment, and the user segment. The U.S. Space Force develops, maintains, and operates the space and control segments.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under Global Positioning System ","refSources":[{"text":"GPS GNSS","link":"https://www.gps.gov/systems/gnss/"}]}]},{"text":"A system for determining position by comparing radio signals from several satellites.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Global Positioning System "}]},{"text":"The Global Positioning System (GPS) is a U.S.-owned utility that provides users with positioning, navigation, and timing (PNT) services. This system consists of three segments: the space segment, the control segment, and the user segment. The U.S. Space Force develops, maintains, and operates the space and control segments.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"GPS GNSS","link":"https://www.gps.gov/systems/gnss/"}]}]}]},{"term":"GPS SE&I","link":"https://csrc.nist.gov/glossary/term/gps_se_and_i","abbrSyn":[{"text":"Global Positioning System Systems Engineering & Integration","link":"https://csrc.nist.gov/glossary/term/global_positioning_system_systems_engineering_and_integration"}],"definitions":null},{"term":"GPT","link":"https://csrc.nist.gov/glossary/term/gpt","abbrSyn":[{"text":"GUID Partition Table","link":"https://csrc.nist.gov/glossary/term/guid_partition_table"}],"definitions":null},{"term":"GPU","link":"https://csrc.nist.gov/glossary/term/gpu","abbrSyn":[{"text":"Graphics Processing Unit","link":"https://csrc.nist.gov/glossary/term/graphics_processing_unit"}],"definitions":null},{"term":"GR","link":"https://csrc.nist.gov/glossary/term/gr","abbrSyn":[{"text":"Graceful Restart","link":"https://csrc.nist.gov/glossary/term/graceful_restart"}],"definitions":null},{"term":"Graceful Restart","link":"https://csrc.nist.gov/glossary/term/graceful_restart","abbrSyn":[{"text":"GR","link":"https://csrc.nist.gov/glossary/term/gr"}],"definitions":null},{"term":"graded label","link":"https://csrc.nist.gov/glossary/term/graded_label","abbrSyn":[{"text":"tiered label","link":"https://csrc.nist.gov/glossary/term/tiered_label"}],"definitions":[{"text":"Indicates the degree to which a product has satisfied a specific standard, sometimes based on attaining increasing levels of performance against specified criteria. Tiers or grades are often represented by colors (e.g., red-yellow-green), numbers of icons (e.g., stars or security shields), or other appropriate metaphors (e.g., precious metals: gold-silver-bronze).","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1","underTerm":" under tiered label "}]}]},{"term":"Gramm-Leach-Bliley Act","link":"https://csrc.nist.gov/glossary/term/gramm_leach_bliley_act","abbrSyn":[{"text":"GLBA","link":"https://csrc.nist.gov/glossary/term/glba"}],"definitions":null},{"term":"Graphical User Interface","link":"https://csrc.nist.gov/glossary/term/graphical_user_interface","abbrSyn":[{"text":"GUI","link":"https://csrc.nist.gov/glossary/term/gui"}],"definitions":null},{"term":"Graphics Device Interface","link":"https://csrc.nist.gov/glossary/term/graphics_device_interface","abbrSyn":[{"text":"GDI","link":"https://csrc.nist.gov/glossary/term/gdi"}],"definitions":null},{"term":"Graphics Processing Unit","link":"https://csrc.nist.gov/glossary/term/graphics_processing_unit","abbrSyn":[{"text":"GPU","link":"https://csrc.nist.gov/glossary/term/gpu"}],"definitions":null},{"term":"Graphics, Windowing, and Events Subsystem","link":"https://csrc.nist.gov/glossary/term/graphics_windowing_and_events_subsystem","abbrSyn":[{"text":"GWES","link":"https://csrc.nist.gov/glossary/term/gwes"}],"definitions":null},{"term":"gray box testing","link":"https://csrc.nist.gov/glossary/term/gray_box_testing","abbrSyn":[{"text":"focused testing","link":"https://csrc.nist.gov/glossary/term/focused_testing"},{"text":"Focused Testing"}],"definitions":[{"text":"A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under focused testing "}]},{"text":"A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under focused testing ","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Focused Testing "}]},{"text":"See focused testing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Gray Box Testing "}]}]},{"term":"gray market","link":"https://csrc.nist.gov/glossary/term/gray_market","definitions":[{"text":"Distribution channels which, while legal, are unofficial, unauthorized, or unintended by the original manufacturer.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"USDC DIB Assessment: Counterfeit Electronics","link":"https://www.bis.doc.gov/index.php/forms-documents/doc_view/37-defense-industrial-base-assessment-of-counterfeit-electronics-2010","note":" - Adapted"}]}]}]},{"term":"graylist","link":"https://csrc.nist.gov/glossary/term/graylist","definitions":[{"text":"A list of discrete entities that have not yet been established as benign or malicious; more information is needed to move graylist items onto a whitelist or a blacklist.","sources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167"}]}]},{"term":"GRC","link":"https://csrc.nist.gov/glossary/term/grc","abbrSyn":[{"text":"Governance Risk Compliance"},{"text":"governance, risk, and compliance","link":"https://csrc.nist.gov/glossary/term/governance_risk_and_compliance"},{"text":"Governance, Risk, and Compliance"},{"text":"Governance/Risk/Compliance"}],"definitions":null},{"term":"GRE","link":"https://csrc.nist.gov/glossary/term/gre","abbrSyn":[{"text":"Generic Routing Encapsulation","link":"https://csrc.nist.gov/glossary/term/generic_routing_encapsulation"}],"definitions":null},{"term":"Greatest common divisor","link":"https://csrc.nist.gov/glossary/term/greatest_common_divisor","definitions":[{"text":"The largest positive integer that divides each of two or more positive integers without a remainder.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The largest positive integer that divides each of two positive integers without a remainder.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Greenwich Mean Time","link":"https://csrc.nist.gov/glossary/term/greenwich_mean_time","abbrSyn":[{"text":"GMT","link":"https://csrc.nist.gov/glossary/term/gmt"}],"definitions":null},{"term":"GRID","link":"https://csrc.nist.gov/glossary/term/grid","abbrSyn":[{"text":"GIAC Response and Industrial Defense","link":"https://csrc.nist.gov/glossary/term/giac_response_and_industrial_defense"}],"definitions":null},{"term":"Group","link":"https://csrc.nist.gov/glossary/term/group","definitions":[{"text":"A named collection of userIDs.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"An item that can hold other items; allows an author to collect related items into a common structure and provide descriptive text and references about them.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"group authenticator","link":"https://csrc.nist.gov/glossary/term/group_authenticator","definitions":[{"text":"Used, sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Group Communication System Enablers","link":"https://csrc.nist.gov/glossary/term/group_communication_system_enablers","abbrSyn":[{"text":"GCSE","link":"https://csrc.nist.gov/glossary/term/gcse"}],"definitions":null},{"term":"Group Domain of Interpretation","link":"https://csrc.nist.gov/glossary/term/group_domain_of_interpretation","abbrSyn":[{"text":"GDOI","link":"https://csrc.nist.gov/glossary/term/gdoi"}],"definitions":null},{"term":"Group Identifier Level 1","link":"https://csrc.nist.gov/glossary/term/group_identifier_level_1","definitions":[{"text":"an identifier for a particular SIM and handset association, which can be used to identify a group of SIMs involved in a particular application.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Group Identifier Level 2","link":"https://csrc.nist.gov/glossary/term/group_identifier_level_2","definitions":[{"text":"a GID1-like identifier.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Group Main Key","link":"https://csrc.nist.gov/glossary/term/group_main_key","abbrSyn":[{"text":"GMK","link":"https://csrc.nist.gov/glossary/term/gmk"}],"definitions":null},{"term":"Group Master Key","link":"https://csrc.nist.gov/glossary/term/group_master_key","abbrSyn":[{"text":"GMK","link":"https://csrc.nist.gov/glossary/term/gmk"}],"definitions":null},{"term":"Group of Eight","link":"https://csrc.nist.gov/glossary/term/group_of_eight","abbrSyn":[{"text":"G8","link":"https://csrc.nist.gov/glossary/term/g8"}],"definitions":null},{"term":"group order","link":"https://csrc.nist.gov/glossary/term/group_order","definitions":[{"text":"Cardinality of the group.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Group Policies Objects","link":"https://csrc.nist.gov/glossary/term/group_policies_objects","abbrSyn":[{"text":"GPO","link":"https://csrc.nist.gov/glossary/term/gpo"}],"definitions":null},{"term":"Group Policy Management Console","link":"https://csrc.nist.gov/glossary/term/group_policy_management_console","abbrSyn":[{"text":"GPMC","link":"https://csrc.nist.gov/glossary/term/gpmc"}],"definitions":null},{"term":"Group Policy Object","link":"https://csrc.nist.gov/glossary/term/group_policy_object","abbrSyn":[{"text":"GPO","link":"https://csrc.nist.gov/glossary/term/gpo"}],"definitions":null},{"term":"Group Security Association","link":"https://csrc.nist.gov/glossary/term/group_security_association","abbrSyn":[{"text":"GSA","link":"https://csrc.nist.gov/glossary/term/gsa"}],"definitions":null},{"term":"Group Temporal Key","link":"https://csrc.nist.gov/glossary/term/group_temporal_key","abbrSyn":[{"text":"GTK","link":"https://csrc.nist.gov/glossary/term/gtk"}],"definitions":null},{"term":"Groupe Speciale Mobile Association","link":"https://csrc.nist.gov/glossary/term/groupe_speciale_mobile_association","abbrSyn":[{"text":"GSMA","link":"https://csrc.nist.gov/glossary/term/gsma"}],"definitions":null},{"term":"GRS","link":"https://csrc.nist.gov/glossary/term/grs","abbrSyn":[{"text":"General Record Schedule"},{"text":"General Records Schedule","link":"https://csrc.nist.gov/glossary/term/general_records_schedule"}],"definitions":null},{"term":"GS1","link":"https://csrc.nist.gov/glossary/term/gs1","abbrSyn":[{"text":"Global Standards One","link":"https://csrc.nist.gov/glossary/term/global_standards_one"}],"definitions":null},{"term":"GSA","link":"https://csrc.nist.gov/glossary/term/gsa","abbrSyn":[{"text":"General Services Administration","link":"https://csrc.nist.gov/glossary/term/general_services_administration"},{"text":"Group Security Association","link":"https://csrc.nist.gov/glossary/term/group_security_association"}],"definitions":null},{"term":"GSC-IS","link":"https://csrc.nist.gov/glossary/term/gsc_is","abbrSyn":[{"text":"Government Smart Card Interoperability Specification","link":"https://csrc.nist.gov/glossary/term/government_smart_card_interoperability_specification"}],"definitions":null},{"term":"GSM","link":"https://csrc.nist.gov/glossary/term/gsm","abbrSyn":[{"text":"Global System for Mobile Communications"}],"definitions":[{"text":"a set of standards for second generation cellular networks currently maintained by the 3rd Generation Partnership Project (3GPP).","sources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Global System for Mobile Communications "}]},{"text":"A set of standards for second generation, cellular networks currently maintained by the 3rd Generation Partnership Project (3GPP).","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Global System for Mobile Communications "}]}]},{"term":"GSM Association","link":"https://csrc.nist.gov/glossary/term/gsm_association","abbrSyn":[{"text":"GSMA","link":"https://csrc.nist.gov/glossary/term/gsma"}],"definitions":null},{"term":"GSMA","link":"https://csrc.nist.gov/glossary/term/gsma","abbrSyn":[{"text":"Groupe Speciale Mobile Association","link":"https://csrc.nist.gov/glossary/term/groupe_speciale_mobile_association"},{"text":"GSM Association","link":"https://csrc.nist.gov/glossary/term/gsm_association"}],"definitions":null},{"term":"GSN","link":"https://csrc.nist.gov/glossary/term/gsn","abbrSyn":[{"text":"Goal Structuring Notation","link":"https://csrc.nist.gov/glossary/term/goal_structuring_notation"}],"definitions":null},{"term":"GSO","link":"https://csrc.nist.gov/glossary/term/gso","abbrSyn":[{"text":"Generic Segmentation Offload","link":"https://csrc.nist.gov/glossary/term/generic_segmentation_offload"}],"definitions":null},{"term":"GSS","link":"https://csrc.nist.gov/glossary/term/gss","abbrSyn":[{"text":"General Support System"}],"definitions":[{"text":"An interconnected set of information resources under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, and people.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under General Support System ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]}]},{"term":"GSSAPI","link":"https://csrc.nist.gov/glossary/term/gssapi","abbrSyn":[{"text":"Generic Security Services Application Program Interface","link":"https://csrc.nist.gov/glossary/term/generic_security_services_application_program_interface"}],"definitions":null},{"term":"GTC","link":"https://csrc.nist.gov/glossary/term/gtc","abbrSyn":[{"text":"Generic Token Card","link":"https://csrc.nist.gov/glossary/term/generic_token_card"}],"definitions":null},{"term":"GTK","link":"https://csrc.nist.gov/glossary/term/gtk","abbrSyn":[{"text":"Group Temporal Key","link":"https://csrc.nist.gov/glossary/term/group_temporal_key"}],"definitions":null},{"term":"gTLD","link":"https://csrc.nist.gov/glossary/term/gtld","abbrSyn":[{"text":"Generic Top-level Domain","link":"https://csrc.nist.gov/glossary/term/generic_top_level_domain"}],"definitions":null},{"term":"GTSM","link":"https://csrc.nist.gov/glossary/term/gtsm","abbrSyn":[{"text":"Generalized TTL Security Mechanism"}],"definitions":null},{"term":"guard (system)","link":"https://csrc.nist.gov/glossary/term/guard","definitions":[{"text":"A mechanism limiting the exchange of information between information systems or subsystems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Guard (System) ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"A computer system that (a) acts as gateway between two information systems operating under different security policies and (b) is trusted to mediate information data transfers between the two. \nSee transfer cross domain solution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"transfer cross domain solution","link":"transfer_cross_domain_solution"}]},{"term":"Guest operating system","link":"https://csrc.nist.gov/glossary/term/guest_operating_system","definitions":[{"text":"A virtual machine that runs an instance of an OS and its applications.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]},{"text":"The operating system component of the execution stack of a Virtual Machine (see below), others being Virtual Hardware, Middleware and Applications.","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A","underTerm":" under Guest Operating System (OS) "}]}],"seeAlso":[{"text":"Virtual Machine"}]},{"term":"Guest tools","link":"https://csrc.nist.gov/glossary/term/guest_tools","definitions":[{"text":"Mechanisms within hosted virtualization solutions that allow a guest OS to access files, directories, the copy/paste buffer, and other resources on the host OS or another guest OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"GUI","link":"https://csrc.nist.gov/glossary/term/gui","abbrSyn":[{"text":"Graphical User Interface","link":"https://csrc.nist.gov/glossary/term/graphical_user_interface"}],"definitions":null},{"term":"GUID","link":"https://csrc.nist.gov/glossary/term/guid","abbrSyn":[{"text":"Global Unique Identification number"},{"text":"Global Unique Identification Number"},{"text":"Globally Unique Identifier","link":"https://csrc.nist.gov/glossary/term/globally_unique_identifier"}],"definitions":null},{"term":"GUID Partition Table","link":"https://csrc.nist.gov/glossary/term/guid_partition_table","abbrSyn":[{"text":"GPT","link":"https://csrc.nist.gov/glossary/term/gpt"}],"definitions":null},{"term":"GUTI","link":"https://csrc.nist.gov/glossary/term/guti","abbrSyn":[{"text":"Globally Unique Temporary Identity","link":"https://csrc.nist.gov/glossary/term/globally_unique_temporary_identity"}],"definitions":null},{"term":"GW","link":"https://csrc.nist.gov/glossary/term/gw","abbrSyn":[{"text":"Gateway"}],"definitions":[{"text":"An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Gateway ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"GWAS","link":"https://csrc.nist.gov/glossary/term/gwas","abbrSyn":[{"text":"Genome-Wide Association Studies","link":"https://csrc.nist.gov/glossary/term/genome_wide_association_studies"}],"definitions":null},{"term":"GWES","link":"https://csrc.nist.gov/glossary/term/gwes","abbrSyn":[{"text":"Graphics, Windowing, and Events Subsystem","link":"https://csrc.nist.gov/glossary/term/graphics_windowing_and_events_subsystem"}],"definitions":null},{"term":"H.323","link":"https://csrc.nist.gov/glossary/term/h_323","definitions":[{"text":"The International Telecommunications Union (ITU) standard for packet-switched network voice and video calling and signaling.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"HA","link":"https://csrc.nist.gov/glossary/term/ha","abbrSyn":[{"text":"High Availability","link":"https://csrc.nist.gov/glossary/term/high_availability"}],"definitions":[{"text":"A failover feature to ensure availability during device or component interruptions.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under High Availability "}]}]},{"term":"hacker","link":"https://csrc.nist.gov/glossary/term/hacker","definitions":[{"text":"Unauthorized user who attempts to or gains access to an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Hacker ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"HACS","link":"https://csrc.nist.gov/glossary/term/hacs","abbrSyn":[{"text":"Highly Adaptive Cybersecurity Services","link":"https://csrc.nist.gov/glossary/term/highly_adaptive_cybersecurity_services"}],"definitions":null},{"term":"HAIPE","link":"https://csrc.nist.gov/glossary/term/haipe","abbrSyn":[{"text":"High Assurance Internet Protocol Encryptor"}],"definitions":null},{"term":"Hampton Roads Cybersecurity Education, Workforce and Economic Development Alliance","link":"https://csrc.nist.gov/glossary/term/hampton_roads_cybersecurity_education_workforce_and_economic_development_alliance","abbrSyn":[{"text":"HRCyber","link":"https://csrc.nist.gov/glossary/term/hrcyber"}],"definitions":null},{"term":"hand receipt","link":"https://csrc.nist.gov/glossary/term/hand_receipt","definitions":[{"text":"A document used to record temporary transfer of COMSEC material from a COMSEC Account Manager to a user or maintenance facility and acceptance by the recipient of the responsibility for the proper storage, control, and accountability of the COMSEC material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - NSA/CSS Manual Number 3-16 (COMSEC) "}]}]}]},{"term":"hand receipt holder","link":"https://csrc.nist.gov/glossary/term/hand_receipt_holder","abbrSyn":[{"text":"local element","link":"https://csrc.nist.gov/glossary/term/local_element"}],"definitions":[{"text":"A user to whom COMSEC material has been issued a hand receipt. Known in EKMS and KMI as a Local Element.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See hand receipt holder.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under local element ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"handshake","link":"https://csrc.nist.gov/glossary/term/handshake","definitions":[{"text":"Protocol dialogue between two systems for identifying and authenticating themselves to each other, or for synchronizing their operations with each other.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"hard copy key","link":"https://csrc.nist.gov/glossary/term/hard_copy_key","definitions":[{"text":"Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROMs).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Hard Disk","link":"https://csrc.nist.gov/glossary/term/hard_disk","definitions":[{"text":"A rigid magnetic disk fixed permanently within a drive unit and used for storing data. It could also be a removable cartridge containing one or more magnetic disks.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Hard Disk Drive","link":"https://csrc.nist.gov/glossary/term/hard_disk_drive","abbrSyn":[{"text":"HD","link":"https://csrc.nist.gov/glossary/term/hd"},{"text":"HDD","link":"https://csrc.nist.gov/glossary/term/hdd"}],"definitions":null},{"term":"Hard fork","link":"https://csrc.nist.gov/glossary/term/hard_fork","definitions":[{"text":"A change to a blockchain implementation that is not backwards compatible. Non-updated nodes cannot continue to transact with updated nodes.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Hardening","link":"https://csrc.nist.gov/glossary/term/hardening","definitions":[{"text":"A process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"hardware","link":"https://csrc.nist.gov/glossary/term/hardware","abbrSyn":[{"text":"firmware","link":"https://csrc.nist.gov/glossary/term/firmware"},{"text":"software","link":"https://csrc.nist.gov/glossary/term/software"}],"definitions":[{"text":"See hardware and software.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under firmware "}]},{"text":"Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under firmware "}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under firmware ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under firmware "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The physical components of an information system. See Software and Firmware.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Hardware ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Computer programs and associated data that may be dynamically written or modified during execution.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under software ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The material physical components of a system. See software and firmware.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The material physical components of an information system. See firmware and software.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under software ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer programs and data stored in hardware—typically in read-only memory (ROM) or programmable read-only memory (PROM)—such that programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under firmware "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under firmware "}]},{"text":"The physical components of a system. See Software and Firmware.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}],"seeAlso":[{"text":"firmware","link":"firmware"},{"text":"Firmware"},{"text":"software","link":"software"},{"text":"Software"}]},{"term":"Hardware Asset Management","link":"https://csrc.nist.gov/glossary/term/hardware_asset_management","abbrSyn":[{"text":"Capability, Hardware Asset Management","link":"https://csrc.nist.gov/glossary/term/capability_hardware_asset_management"},{"text":"HWAM","link":"https://csrc.nist.gov/glossary/term/hwam"}],"definitions":[{"text":"An ISCM capability that identifies unmanaged devices that are likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Hardware Asset Management "}]},{"text":"See Capability, Hardware Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Hardware Description Language","link":"https://csrc.nist.gov/glossary/term/hardware_description_language","abbrSyn":[{"text":"HDL","link":"https://csrc.nist.gov/glossary/term/hdl"}],"definitions":null},{"term":"Hardware Device","link":"https://csrc.nist.gov/glossary/term/hardware_device","definitions":[{"text":"A discrete physical component of an information technology system or infrastructure. A hardware device may or may not be a computing device (e.g., a network hub, a webcam, a keyboard, a mouse).","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695"}]}]},{"term":"Hardware Driver","link":"https://csrc.nist.gov/glossary/term/hardware_driver","definitions":[{"text":"Applications responsible for establishing communication between hardware and software programs.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Hardware Enforced Security","link":"https://csrc.nist.gov/glossary/term/hardware_enforced_security","abbrSyn":[{"text":"HES","link":"https://csrc.nist.gov/glossary/term/hes"}],"definitions":null},{"term":"Hardware Mediated Execution Enclave","link":"https://csrc.nist.gov/glossary/term/hardware_mediated_execution_enclave","abbrSyn":[{"text":"HMEE","link":"https://csrc.nist.gov/glossary/term/hmee"}],"definitions":null},{"term":"Hardware root of trust","link":"https://csrc.nist.gov/glossary/term/hardware_root_of_trust","definitions":[{"text":"An inherently trusted combination of hardware and firmware that maintains the integrity of information.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19"}]}]},{"term":"Hardware Security Module (HSM)","link":"https://csrc.nist.gov/glossary/term/hardware_security_module_hsm","abbrSyn":[{"text":"HSM","link":"https://csrc.nist.gov/glossary/term/hsm"}],"definitions":[{"text":"A physical computing device that safeguards and manages cryptographic keys and provides cryptographic processing. An HSM is or contains a cryptographic module.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing. FIPS 140-2 specifies requirements for HSMs.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]},{"text":"A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing. (FIPS 140-2) specifies requirements for HSMs.","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Hardware-Enabled Security","link":"https://csrc.nist.gov/glossary/term/hardware_enabled_security","definitions":[{"text":"Security with its basis in the hardware platform.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"hardwired key","link":"https://csrc.nist.gov/glossary/term/hardwired_key","definitions":[{"text":"Key that is permanently installed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"harm","link":"https://csrc.nist.gov/glossary/term/harm","definitions":[{"text":"Any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality of PII were breached.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"Any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality of PII were breached.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Harm "}]},{"text":"any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality of PII were breached","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"HART","link":"https://csrc.nist.gov/glossary/term/hart","abbrSyn":[{"text":"Highway Addressable Remote Transducer","link":"https://csrc.nist.gov/glossary/term/highway_addressable_remote_transducer"}],"definitions":null},{"term":"Hash algorithm","link":"https://csrc.nist.gov/glossary/term/hash_algorithm","definitions":[{"text":"See hash function. “Hash algorithm” and “hash function” are used interchangeably in this Recommendation.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"Algorithm that creates a hash based on a message.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Hash Algorithm "}]}],"seeAlso":[{"text":"hash function","link":"hash_function"}]},{"term":"Hash chain","link":"https://csrc.nist.gov/glossary/term/hash_chain","definitions":[{"text":"An append-only data structure where data is bundled into data blocks that include a hash of the previous data block’s data within the newest data block. This data structure provides evidence of tampering because any modification to a data block will change the hash digest recorded by the following data block.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"hash digest","link":"https://csrc.nist.gov/glossary/term/hash_digest","abbrSyn":[{"text":"Digest","link":"https://csrc.nist.gov/glossary/term/digest"},{"text":"Hash value"}],"definitions":[{"text":"The result of applying a hash function to data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Hash value "}]},{"text":"The result of applying a cryptographic hash function to data (e.g., a message). Also known as a “message digest”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Hash value "}]},{"text":"See “message digest”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash value "}]},{"text":"The fixed-length bit string produced by a hash function.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Hash value "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"The result of applying a hash function to information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"The result of applying a hash function to information; also called a message digest.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Hash value "}]},{"text":"See hash digest","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Digest "}]},{"text":"The output of a hash function (e.g., hash(data) = digest). Also known as a message digest, digest or harsh value. The number of cryptographic has functions a processor can calculate in a given time, usually denominated as hashes per second.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hash digest "}]},{"text":"See Hash digest.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hash value "}]}]},{"term":"hash function","link":"https://csrc.nist.gov/glossary/term/hash_function","abbrSyn":[{"text":"Cryptographic hash function","link":"https://csrc.nist.gov/glossary/term/cryptographic_hash_function"}],"definitions":[{"text":"

A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties:

i. (Collision resistance) It is computationally infeasible to find any two distinct inputs that map to the same output.

ii. (Preimage resistance) Given a randomly chosen target output, it is computationally infeasible to find any input that maps to that output. (This property is called the one-way property.)

iii. (Second preimage resistance) Given one input value, it is computationally infeasible to find a second (distinct) input value that maps to the same output as the first value.

This Recommendation uses the strength of the preimage resistance of a hash function as a contributing factor when determining the security strength provided by a key-derivation function.

","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"

A function that maps a bit string of arbitrary length to a fixed-length bit string. Depending upon the relying application, the security strength that can be supported by a hash function is typically measured by the extent to which it possesses one or more of the following properties

1. (Collision resistance) It is computationally infeasible to find any two distinct inputs that map to the same output.

2. (Preimage resistance) Given a randomly chosen target output, it is computationally infeasible to find any input that maps to that output. (This property is called the one-way property.)

3. (Second preimage resistance) Given one input value, it is computationally infeasible to find a second (distinct) input value that maps to the same output as the first value.

This Recommendation uses the strength of the preimage resistance of a hash function as a contributing factor when determining the security strength provided by a key-derivation method.

Approved hash functions are specified in [FIPS 180] and [FIPS 202].

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Hash function "}]},{"text":"

A function on bit strings in which the length of the output is fixed. Approved hash functions (such as those specified in FIPS 180 and FIPS 202) are designed to satisfy the following properties:

1. (One-way) It is computationally infeasible to find any input that maps to any new pre-specified output

2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.

","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string and is expected to have the following three properties: \n1) Collision resistance (see Collision resistance), \n2) Preimage resistance (see Preimage resistance) and \n3) Second preimage resistance (see Second preimage resistance). \nApproved cryptographic hash functions are specified in [FIPS 180-3].","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Cryptographic hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. The function is expected to have the following three properties:\n1. Collision resistance (see Collision resistance),\n2. Preimage resistance (see Preimage resistance) and\n3. Second preimage resistance (see Second preimage resistance).\nApproved hash functions are specified in [FIPS 180-4].","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions are designed to satisfy the following properties:\n1.  (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and\n2.  (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.\nApproved hash functions are specified in FIPS 180-3.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Hash function "}]},{"text":"A function on bit strings in which the length of the output is fixed. The output often serves as a condensed representation of the input.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under Hash Function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are expected to satisfy the following properties: \n1. One-way: It is computationally infeasible to find any input that maps to any pre-specified output, and \n2. Collision resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Hash function "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"See Hash function.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptographic hash function "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Cryptographic hash function "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptographic hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties:\nOne-way - It is computationally infeasible to find any input that maps to any pre-specified output; and\nCollision resistant - It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Hash Function "}]},{"text":"A (mathematical) function that maps values from a large (possibly very large) domain into a smaller range. The function satisfies the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output; 2. (Collision free) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Hash Function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are expected to satisfy the following properties: 1. One-way: it is computationally infeasible to find any input that maps to any pre-specified output, and 2. Collision resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions are designed to satisfy the following properties:\n1.     (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and\n2.     (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.\nApproved hash functions are specified in FIPS 180.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary (although bounded) length to a fixed-length bit string. Approved hash functions satisfy the following properties: \n1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and \n2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: \nOne-way - It is computationally infeasible to find any input that maps to any pre-specified output; and \nCollision resistant - It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Hash Function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. One-way – It is computationally infeasible to find any input that maps to any pre-specified output. 2. Collision resistant – It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Cryptographic hash function "}]},{"text":"See cryptographic hash function.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary (although bounded) length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output. 2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary lenth to a fixed-length bit string.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Cryptographic hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Hash function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties:\n1.      One-Way. It is computationally infeasible to find any input that maps to any pre-specified output.\n2.      Collision Resistant. It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Hash Function "}]},{"text":"A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: \n1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and \n2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Hash Function "}]}],"seeAlso":[{"text":"Collision"},{"text":"Collision resistance","link":"collision_resistance"},{"text":"Hash algorithm","link":"hash_algorithm"},{"text":"Preimage resistance","link":"preimage_resistance"},{"text":"Second preimage resistance","link":"second_preimage_resistance"}]},{"term":"Hash Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/hash_message_authentication_code","abbrSyn":[{"text":"HMAC","link":"https://csrc.nist.gov/glossary/term/hmac"}],"definitions":[{"text":"Keyed-hash Message Authentication Code (as specified in FIPS 198-1).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under HMAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under HMAC "}]},{"text":"Keyed-Hash Message Authentication Code specified in [FIPS198].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under HMAC "}]}]},{"term":"hash output","link":"https://csrc.nist.gov/glossary/term/hash_output","abbrSyn":[{"text":"hash value"},{"text":"message digest","link":"https://csrc.nist.gov/glossary/term/message_digest"}],"definitions":[{"text":"The result of applying a hash function to a message. Also known as a “hash value” or “hash output”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under message digest ","refSources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"text":"See “message digest”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash output "}]},{"text":"the fixed size result of hashing a message.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under message digest "}]},{"text":"The result of applying a hash function to a message","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under hash value ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-107","link":"https://doi.org/10.6028/NIST.SP.800-107"}]},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-107","link":"https://doi.org/10.6028/NIST.SP.800-107"}]}]}]},{"term":"Hash rate","link":"https://csrc.nist.gov/glossary/term/hash_rate","definitions":[{"text":"The number of cryptographic hash functions a processor can calculate in a given time, usually denominated as hashes per second.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"hash value/result","link":"https://csrc.nist.gov/glossary/term/hash_value","abbrSyn":[{"text":"Hash digest"},{"text":"hash output","link":"https://csrc.nist.gov/glossary/term/hash_output"},{"text":"message digest","link":"https://csrc.nist.gov/glossary/term/message_digest"},{"text":"Message digest"}],"definitions":[{"text":"The result of applying a hash function to a message. Also known as a “hash value.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Message digest "}]},{"text":"The result of applying a hash function to a message. Also known as a “hash value” or “hash output”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under message digest ","refSources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Message digest "}]},{"text":"The result of applying a hash function to data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Hash value "}]},{"text":"The result of applying a cryptographic hash function to data (e.g., a message). Also known as a “message digest”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Hash value "}]},{"text":"See “Hash value”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Message digest "}]},{"text":"See “message digest”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash value "}]},{"text":"the fixed size result of hashing a message.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under message digest "}]},{"text":"The fixed-length bit string produced by a hash function.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Hash value "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"The result of applying a hash function to information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"See message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The result of applying a hash function to information; also called a message digest.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Hash value "}]},{"text":"See hash value.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Message digest "}]},{"text":"The result of applying a hash function to a message","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under hash value ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-107","link":"https://doi.org/10.6028/NIST.SP.800-107"}]},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under hash output ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-107","link":"https://doi.org/10.6028/NIST.SP.800-107"}]}]},{"text":"The output of a hash function (e.g., hash(data) = digest). Also known as a message digest, digest or harsh value. The number of cryptographic has functions a processor can calculate in a given time, usually denominated as hashes per second.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hash digest "}]},{"text":"See Hash digest.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hash value "}]}],"seeAlso":[{"text":"Hashed","link":"hashed"}]},{"term":"Hash_DRBG","link":"https://csrc.nist.gov/glossary/term/hash_drbg","definitions":[{"text":"A DRBG specified in SP 800-90A based on a hash function.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Hash-based Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hash_based_key_derivation_function","abbrSyn":[{"text":"HKDF","link":"https://csrc.nist.gov/glossary/term/hkdf"}],"definitions":null},{"term":"Hash-based signature","link":"https://csrc.nist.gov/glossary/term/hash_based_signature","abbrSyn":[{"text":"HBS","link":"https://csrc.nist.gov/glossary/term/hbs"}],"definitions":null},{"term":"Hashed","link":"https://csrc.nist.gov/glossary/term/hashed","definitions":[{"text":"The process whereby data (e.g., a message) was input to a cryptographic hash function (see Cryptographic hash function) to produce a hash value (see Hash value).","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}],"seeAlso":[{"text":"Hash value"}]},{"term":"Hashed Next Secure","link":"https://csrc.nist.gov/glossary/term/hashed_next_secure","abbrSyn":[{"text":"NSEC3","link":"https://csrc.nist.gov/glossary/term/nsec3"}],"definitions":null},{"term":"Hashed Timelock Contract","link":"https://csrc.nist.gov/glossary/term/hashed_timelock_contract","abbrSyn":[{"text":"HTLC","link":"https://csrc.nist.gov/glossary/term/htlc"}],"definitions":null},{"term":"hashing","link":"https://csrc.nist.gov/glossary/term/hashing","definitions":[{"text":"The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Hashing "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Hashing "}]},{"text":"A method of calculating a relatively unique output (called a hash digest) for an input of nearly any size (a file, text, image, etc.) by applying a cryptographic hash function to the input data.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hashing "}]}]},{"term":"Hashing algorithm","link":"https://csrc.nist.gov/glossary/term/hashing_algorithm","definitions":[{"text":"A sequence of steps to execute a cryptographic hash function (see Cryptographic hash function).","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}],"seeAlso":[{"text":"Cryptographic hash function","link":"cryptographic_hash_function"}]},{"term":"hashword","link":"https://csrc.nist.gov/glossary/term/hashword","note":"(C.F.D.)","definitions":[{"text":"Memory address containing hash total. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"HAVA","link":"https://csrc.nist.gov/glossary/term/hava","abbrSyn":[{"text":"Help America Vote Act","link":"https://csrc.nist.gov/glossary/term/help_america_vote_act"}],"definitions":null},{"term":"Hazards of Electromagnetic Radiation to Fuel","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_fuel","abbrSyn":[{"text":"HERF","link":"https://csrc.nist.gov/glossary/term/herf"}],"definitions":null},{"term":"Hazards of Electromagnetic Radiation to Ordnance","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_ordnance","abbrSyn":[{"text":"HERO","link":"https://csrc.nist.gov/glossary/term/hero"}],"definitions":null},{"term":"Hazards of Electromagnetic Radiation to People","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_people","abbrSyn":[{"text":"HERP","link":"https://csrc.nist.gov/glossary/term/herp"}],"definitions":null},{"term":"HBA","link":"https://csrc.nist.gov/glossary/term/hba","abbrSyn":[{"text":"Host Bus Adapter","link":"https://csrc.nist.gov/glossary/term/host_bus_adapter"}],"definitions":null},{"term":"HBS","link":"https://csrc.nist.gov/glossary/term/hbs","abbrSyn":[{"text":"Hash-based signature","link":"https://csrc.nist.gov/glossary/term/hash_based_signature"}],"definitions":null},{"term":"HC3","link":"https://csrc.nist.gov/glossary/term/hc3","abbrSyn":[{"text":"Health Sector Cybersecurity Coordination Center","link":"https://csrc.nist.gov/glossary/term/health_sector_cybersecurity_coordination_center"}],"definitions":null},{"term":"HCI","link":"https://csrc.nist.gov/glossary/term/hci","abbrSyn":[{"text":"Host Controller Interface","link":"https://csrc.nist.gov/glossary/term/host_controller_interface"},{"text":"Hyper-Converged Infrastructure","link":"https://csrc.nist.gov/glossary/term/hyper_converged_infrastructure"}],"definitions":null},{"term":"HD","link":"https://csrc.nist.gov/glossary/term/hd","abbrSyn":[{"text":"Hard Drive"},{"text":"Hierarchical Deterministic","link":"https://csrc.nist.gov/glossary/term/hierarchical_deterministic"}],"definitions":null},{"term":"HDD","link":"https://csrc.nist.gov/glossary/term/hdd","abbrSyn":[{"text":"Hard Disk Drive","link":"https://csrc.nist.gov/glossary/term/hard_disk_drive"},{"text":"Hard Disk Drives"}],"definitions":null},{"term":"HDL","link":"https://csrc.nist.gov/glossary/term/hdl","abbrSyn":[{"text":"Hardware Description Language","link":"https://csrc.nist.gov/glossary/term/hardware_description_language"}],"definitions":null},{"term":"HDO","link":"https://csrc.nist.gov/glossary/term/hdo","abbrSyn":[{"text":"Healthcare Delivery Organization","link":"https://csrc.nist.gov/glossary/term/healthcare_delivery_organization"}],"definitions":null},{"term":"Header","link":"https://csrc.nist.gov/glossary/term/header","definitions":[{"text":"A portion of a packet that contains layer-specific information such as addresses.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]},{"text":"The section of an email message that contains vital information about the message, including origination date, sender, recipient(s), delivery path, subject, and format information. The header is generally left in clear text even when the body of the email message is encrypted.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Health and Human Services","link":"https://csrc.nist.gov/glossary/term/health_and_human_services","abbrSyn":[{"text":"HHS","link":"https://csrc.nist.gov/glossary/term/hhs"},{"text":"HIPAA","link":"https://csrc.nist.gov/glossary/term/hipaa"}],"definitions":null},{"term":"Health Industry Cybersecurity – Securing Telehealth and Telemedicine","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity__securing_telehealth_telemed","abbrSyn":[{"text":"HIC-STAT","link":"https://csrc.nist.gov/glossary/term/hic_stat"}],"definitions":null},{"term":"Health Industry Cybersecurity Information Sharing Best Practices","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_information_sharing_best_practices","abbrSyn":[{"text":"HIC-ISBP","link":"https://csrc.nist.gov/glossary/term/hic_isbp"}],"definitions":null},{"term":"Health Industry Cybersecurity Matrix of Information Sharing Organizations","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_matrix_of_info_sharing_orgs","abbrSyn":[{"text":"HIC-MISO","link":"https://csrc.nist.gov/glossary/term/hic_miso"}],"definitions":null},{"term":"Health Industry Cybersecurity Practices","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_practices","abbrSyn":[{"text":"HICP","link":"https://csrc.nist.gov/glossary/term/hicp"}],"definitions":null},{"term":"Health Industry Cybersecurity Supply Chain Risk Management","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_scrm","abbrSyn":[{"text":"HIC-SCRiM","link":"https://csrc.nist.gov/glossary/term/hic_scrim"}],"definitions":null},{"term":"Health Industry Cybersecurity Tactical Crisis Response","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_tactical_crisis_response","abbrSyn":[{"text":"HIC-TCR","link":"https://csrc.nist.gov/glossary/term/hic_tcr"}],"definitions":null},{"term":"Health Information System","link":"https://csrc.nist.gov/glossary/term/health_information_system","abbrSyn":[{"text":"HIS","link":"https://csrc.nist.gov/glossary/term/his"}],"definitions":null},{"term":"Health Information Technology","link":"https://csrc.nist.gov/glossary/term/health_information_technology","abbrSyn":[{"text":"HIT","link":"https://csrc.nist.gov/glossary/term/hit"}],"definitions":null},{"term":"Health Information Technology for Economic and Clinical Health Act","link":"https://csrc.nist.gov/glossary/term/health_information_technology_for_economic_and_clinical_health_act","abbrSyn":[{"text":"HITECH Act","link":"https://csrc.nist.gov/glossary/term/hitech_act"}],"definitions":[{"text":"a 2009 law designed to stimulate the adoption of electronic health records (HER) in the United States","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Health Information Trust Alliance","link":"https://csrc.nist.gov/glossary/term/health_information_trust_alliance","abbrSyn":[{"text":"HITRUST","link":"https://csrc.nist.gov/glossary/term/hitrust"}],"definitions":null},{"term":"Health Insurance Portability and Accountability Act","link":"https://csrc.nist.gov/glossary/term/health_insurance_portability_and_accountability_act","abbrSyn":[{"text":"HIPAA","link":"https://csrc.nist.gov/glossary/term/hipaa"}],"definitions":[{"text":"A federal statute that called on the federal Department of Health and Human Services to establish regulatory standards to protect the privacy and security of individually identifiable health information.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under Health Insurance Portability and Accountability Act of 1996 "}]},{"text":"the primary law in the United States that governs the privacy of healthcare information","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under Health Insurance Portability and Accountability Act of 1996 "}]}]},{"term":"Health Level 7","link":"https://csrc.nist.gov/glossary/term/health_level_7","abbrSyn":[{"text":"HL7","link":"https://csrc.nist.gov/glossary/term/hl7"}],"definitions":null},{"term":"Health Sector Cybersecurity Coordination Center","link":"https://csrc.nist.gov/glossary/term/health_sector_cybersecurity_coordination_center","abbrSyn":[{"text":"HC3","link":"https://csrc.nist.gov/glossary/term/hc3"}],"definitions":null},{"term":"Health Testing","link":"https://csrc.nist.gov/glossary/term/health_testing","definitions":[{"text":"Testing within an implementation immediately prior to or during normal operation to determine that the implementation continues to perform as implemented and as validated.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"},{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Health testing "}]}]},{"term":"Health, Education and Welfare","link":"https://csrc.nist.gov/glossary/term/health_education_and_welfare","abbrSyn":[{"text":"HEW","link":"https://csrc.nist.gov/glossary/term/hew"}],"definitions":null},{"term":"Healthcare and Public Health","link":"https://csrc.nist.gov/glossary/term/healthcare_and_public_health","abbrSyn":[{"text":"HPH","link":"https://csrc.nist.gov/glossary/term/hph"}],"definitions":null},{"term":"Healthcare Delivery Organization","link":"https://csrc.nist.gov/glossary/term/healthcare_delivery_organization","abbrSyn":[{"text":"HDO","link":"https://csrc.nist.gov/glossary/term/hdo"}],"definitions":null},{"term":"healthcare identifier","link":"https://csrc.nist.gov/glossary/term/healthcare_identifier","definitions":[{"text":"identifier of a person for exclusive use by a healthcare system","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"Healthcare Information and Management Systems Society","link":"https://csrc.nist.gov/glossary/term/healthcare_information_and_management_systems_society","abbrSyn":[{"text":"HIMSS","link":"https://csrc.nist.gov/glossary/term/himss"}],"definitions":null},{"term":"Healthcare Technology Management","link":"https://csrc.nist.gov/glossary/term/healthcare_technology_management","abbrSyn":[{"text":"HTM","link":"https://csrc.nist.gov/glossary/term/htm"}],"definitions":null},{"term":"Heap","link":"https://csrc.nist.gov/glossary/term/heap","definitions":[{"text":"A software data structure used for dynamic allocation of memory.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Heating, Ventilation, and Air Conditioning","link":"https://csrc.nist.gov/glossary/term/heating_ventilation_and_air_conditioning","abbrSyn":[{"text":"HVAC","link":"https://csrc.nist.gov/glossary/term/hvac"}],"definitions":null},{"term":"Help America Vote Act","link":"https://csrc.nist.gov/glossary/term/help_america_vote_act","abbrSyn":[{"text":"HAVA","link":"https://csrc.nist.gov/glossary/term/hava"}],"definitions":null},{"term":"HeNB","link":"https://csrc.nist.gov/glossary/term/henb","abbrSyn":[{"text":"Home eNodeB","link":"https://csrc.nist.gov/glossary/term/home_enodeb"}],"definitions":null},{"term":"HeNB Gateway","link":"https://csrc.nist.gov/glossary/term/henb_gateway","abbrSyn":[{"text":"HeNB-GW","link":"https://csrc.nist.gov/glossary/term/henb_gw"}],"definitions":null},{"term":"HeNB-GW","link":"https://csrc.nist.gov/glossary/term/henb_gw","abbrSyn":[{"text":"HeNB Gateway","link":"https://csrc.nist.gov/glossary/term/henb_gateway"}],"definitions":null},{"term":"HERF","link":"https://csrc.nist.gov/glossary/term/herf","abbrSyn":[{"text":"Hazards of Electromagnetic Radiation to Fuel","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_fuel"}],"definitions":null},{"term":"HERO","link":"https://csrc.nist.gov/glossary/term/hero","abbrSyn":[{"text":"Hazards of Electromagnetic Radiation to Ordnance","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_ordnance"}],"definitions":null},{"term":"HERP","link":"https://csrc.nist.gov/glossary/term/herp","abbrSyn":[{"text":"Hazards of Electromagnetic Radiation to People","link":"https://csrc.nist.gov/glossary/term/hazards_of_electromagnetic_radiation_to_people"}],"definitions":null},{"term":"Hertz","link":"https://csrc.nist.gov/glossary/term/hertz","abbrSyn":[{"text":"Hz","link":"https://csrc.nist.gov/glossary/term/hz"}],"definitions":null},{"term":"HES","link":"https://csrc.nist.gov/glossary/term/hes","abbrSyn":[{"text":"Hardware Enforced Security","link":"https://csrc.nist.gov/glossary/term/hardware_enforced_security"}],"definitions":null},{"term":"HEW","link":"https://csrc.nist.gov/glossary/term/hew","abbrSyn":[{"text":"Health, Education and Welfare","link":"https://csrc.nist.gov/glossary/term/health_education_and_welfare"},{"text":"U.S. Department of Health, Education, and Welfare","link":"https://csrc.nist.gov/glossary/term/us_department_of_health_education_and_welfare"}],"definitions":null},{"term":"Hewlett Packard Enterprise","link":"https://csrc.nist.gov/glossary/term/hewlett_packard_enterprise","abbrSyn":[{"text":"HPE","link":"https://csrc.nist.gov/glossary/term/hpe"}],"definitions":null},{"term":"HF","link":"https://csrc.nist.gov/glossary/term/hf","abbrSyn":[{"text":"High Frequency","link":"https://csrc.nist.gov/glossary/term/high_frequency"}],"definitions":null},{"term":"HFE","link":"https://csrc.nist.gov/glossary/term/hfe","abbrSyn":[{"text":"Hidden Field Equations"}],"definitions":null},{"term":"HFEv","link":"https://csrc.nist.gov/glossary/term/hfev","abbrSyn":[{"text":"Hidden Field Equation","link":"https://csrc.nist.gov/glossary/term/hidden_field_equation"}],"definitions":null},{"term":"HFS","link":"https://csrc.nist.gov/glossary/term/hfs","abbrSyn":[{"text":"Hierarchical File System","link":"https://csrc.nist.gov/glossary/term/hierarchical_file_system"}],"definitions":null},{"term":"HHS","link":"https://csrc.nist.gov/glossary/term/hhs","abbrSyn":[{"text":"Department of Health and Human Services","link":"https://csrc.nist.gov/glossary/term/department_of_health_and_human_services"},{"text":"Health and Human Services","link":"https://csrc.nist.gov/glossary/term/health_and_human_services"}],"definitions":null},{"term":"HIC-ISBP","link":"https://csrc.nist.gov/glossary/term/hic_isbp","abbrSyn":[{"text":"Health Industry Cybersecurity Information Sharing Best Practices","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_information_sharing_best_practices"}],"definitions":null},{"term":"HIC-MISO","link":"https://csrc.nist.gov/glossary/term/hic_miso","abbrSyn":[{"text":"Health Industry Cybersecurity Matrix of Information Sharing Organizations","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_matrix_of_info_sharing_orgs"}],"definitions":null},{"term":"HICP","link":"https://csrc.nist.gov/glossary/term/hicp","abbrSyn":[{"text":"Health Industry Cybersecurity Practices","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_practices"}],"definitions":null},{"term":"HIC-SCRiM","link":"https://csrc.nist.gov/glossary/term/hic_scrim","abbrSyn":[{"text":"Health Industry Cybersecurity Supply Chain Risk Management","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_scrm"}],"definitions":null},{"term":"HIC-STAT","link":"https://csrc.nist.gov/glossary/term/hic_stat","abbrSyn":[{"text":"Health Industry Cybersecurity – Securing Telehealth and Telemedicine","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity__securing_telehealth_telemed"}],"definitions":null},{"term":"HIC-TCR","link":"https://csrc.nist.gov/glossary/term/hic_tcr","abbrSyn":[{"text":"Health Industry Cybersecurity Tactical Crisis Response","link":"https://csrc.nist.gov/glossary/term/health_industry_cybersecurity_tactical_crisis_response"}],"definitions":null},{"term":"Hidden Field Equation","link":"https://csrc.nist.gov/glossary/term/hidden_field_equation","abbrSyn":[{"text":"HFE","link":"https://csrc.nist.gov/glossary/term/hfe"},{"text":"HFEv","link":"https://csrc.nist.gov/glossary/term/hfev"}],"definitions":null},{"term":"Hidden Medium Field Equation","link":"https://csrc.nist.gov/glossary/term/hidden_medium_field_equation","abbrSyn":[{"text":"HMFEv","link":"https://csrc.nist.gov/glossary/term/hmfev"}],"definitions":null},{"term":"HIDS","link":"https://csrc.nist.gov/glossary/term/hids","abbrSyn":[{"text":"Host Intrusion Detection System","link":"https://csrc.nist.gov/glossary/term/host_intrusion_detection_system"}],"definitions":null},{"term":"Hierarchical Deterministic","link":"https://csrc.nist.gov/glossary/term/hierarchical_deterministic","abbrSyn":[{"text":"HD","link":"https://csrc.nist.gov/glossary/term/hd"}],"definitions":null},{"term":"Hierarchical File System","link":"https://csrc.nist.gov/glossary/term/hierarchical_file_system","abbrSyn":[{"text":"HFS","link":"https://csrc.nist.gov/glossary/term/hfs"}],"definitions":null},{"term":"Hierarchical Signature Scheme","link":"https://csrc.nist.gov/glossary/term/hierarchical_signature_scheme","abbrSyn":[{"text":"HSS","link":"https://csrc.nist.gov/glossary/term/hss"}],"definitions":null},{"term":"High Assurance Internet Protocol Encryptor (HAIPE)","link":"https://csrc.nist.gov/glossary/term/high_assurance_internet_protocol_encryptor","abbrSyn":[{"text":"HAIPE","link":"https://csrc.nist.gov/glossary/term/haipe"}],"definitions":[{"text":"Device that provides networking, traffic protection, and management features that provide information assurance (IA) services in an IPv4/IPv6 network.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 19","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"High Assurance Internet Protocol Encryptor Interoperability Specification (HAIPE-IS)","link":"https://csrc.nist.gov/glossary/term/high_assurance_internet_protocol_encryptor_interoperability_specification","definitions":[{"text":"Suite of documents containing the traffic protection, networking, and interoperability functional requirements necessary to ensure the interoperability of HAIPE compliant devices. This policy applies to HAIPE-IS Version 3.0.2 and all subsequent HAIPE-IS versions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 19","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"High Availability","link":"https://csrc.nist.gov/glossary/term/high_availability","abbrSyn":[{"text":"HA","link":"https://csrc.nist.gov/glossary/term/ha"}],"definitions":[{"text":"A failover feature to ensure availability during device or component interruptions.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"High Frequency","link":"https://csrc.nist.gov/glossary/term/high_frequency","abbrSyn":[{"text":"HF","link":"https://csrc.nist.gov/glossary/term/hf"}],"definitions":null},{"term":"high impact","link":"https://csrc.nist.gov/glossary/term/high_impact","definitions":[{"text":"The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under High Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"CNSSI 4009"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life-threatening injuries.)","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life-threatening injuries).","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under High Impact ","refSources":[{"text":"CNSSI 4009-2010"},{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]}]},{"term":"High Performance Computing Modernization Program","link":"https://csrc.nist.gov/glossary/term/high_performance_computing_modernization_program","abbrSyn":[{"text":"HPCMP","link":"https://csrc.nist.gov/glossary/term/hpcmp"}],"definitions":null},{"term":"High Performance Radio Local Area Network","link":"https://csrc.nist.gov/glossary/term/high_performance_radio_local_area_network","abbrSyn":[{"text":"HIPERLAN","link":"https://csrc.nist.gov/glossary/term/hiperlan"}],"definitions":null},{"term":"High Speed","link":"https://csrc.nist.gov/glossary/term/high_speed","abbrSyn":[{"text":"HS","link":"https://csrc.nist.gov/glossary/term/hs"}],"definitions":null},{"term":"High Speed Packet Access","link":"https://csrc.nist.gov/glossary/term/high_speed_packet_access","abbrSyn":[{"text":"HSPA","link":"https://csrc.nist.gov/glossary/term/hspa"}],"definitions":null},{"term":"High Technology Crime Investigation Association","link":"https://csrc.nist.gov/glossary/term/high_technology_crime_investigation_association","abbrSyn":[{"text":"HTCIA","link":"https://csrc.nist.gov/glossary/term/htcia"}],"definitions":null},{"term":"High-Availability Seamless Redundancy","link":"https://csrc.nist.gov/glossary/term/high_availability_seamless_redundancy","abbrSyn":[{"text":"HSR","link":"https://csrc.nist.gov/glossary/term/hsr"}],"definitions":null},{"term":"high-impact system","link":"https://csrc.nist.gov/glossary/term/high_impact_system","definitions":[{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under HIGH-IMPACT SYSTEM "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under High-Impact System "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under High-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under High-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under High-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under High-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of high.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under High-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS PUB 199 potential impact value of high. \nNote: For National Security Systems, CNSSI No. 1253 does not adopt this FIPS PUB 200 high water mark across security objectives.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"A system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of high.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}]},{"term":"Highly Adaptive Cybersecurity Services","link":"https://csrc.nist.gov/glossary/term/highly_adaptive_cybersecurity_services","abbrSyn":[{"text":"HACS","link":"https://csrc.nist.gov/glossary/term/hacs"}],"definitions":null},{"term":"High-Performance File System","link":"https://csrc.nist.gov/glossary/term/high_performance_file_system","abbrSyn":[{"text":"HPFS","link":"https://csrc.nist.gov/glossary/term/hpfs"}],"definitions":null},{"term":"high-power transmitter","link":"https://csrc.nist.gov/glossary/term/high_power_transmitter","definitions":[{"text":"For the purposes of determining separation between RED equipment/lines and RF transmitters, high-power is that which exceeds 100 m Watt (20dBm) emitted isotropic radiated power (EIRP). See low-power transmitter.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}],"seeAlso":[{"text":"low-power transmitter","link":"low_power_transmitter"}]},{"term":"High-Value Asset","link":"https://csrc.nist.gov/glossary/term/high_value_asset","abbrSyn":[{"text":"HVA","link":"https://csrc.nist.gov/glossary/term/hva"}],"definitions":[{"text":"Information or an information system that is so critical to an organization that the loss or corruption of this information or loss of access to the system would have serious impacts on the organization’s ability to perform its mission or conduct business.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CISA Secure High Value Assets","link":"https://www.cisa.gov/publication/secure-high-value-assets"}]}]},{"text":"A designation of federal information or a federal information system when it relates to one or more of the following categories: -  Informational Value – The information or information system that processes, stores, or transmits the information is of high value to the Government or its adversaries. -  Mission Essential – The agency that owns the information or information system cannot accomplish its Primary Mission Essential Functions (PMEF), as approved in accordance with Presidential Policy Directive 40 (PPD-40) National Continuity Policy, within expected timelines without the information or information system. -  Federal Civilian Enterprise Essential (FCEE) – The information or information system serves a critical function in maintaining the security and resilience of the federal civilian enterprise.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under high value asset ","refSources":[{"text":"OMB M-19-03","link":"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf"}]}]},{"text":"Those information resources, mission/business processes, and/or critical programs that are of particular interest to potential or actual adversaries.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under high value asset "}]},{"text":"A designation of Federal information or a Federal information system when it relates to one or more of the following categories: \n-  Informational Value – The information or information system that processes, stores, or transmits the information is of high value to the Government or its adversaries.\n-  Mission Essential – The agency that owns the information or information system cannot accomplish its Primary Mission Essential Functions (PMEF), as approved in accordance with Presidential Policy Directive 40 (PPD-40) National Continuity Policy, within expected timelines without the information or information system.\n-  Federal Civilian Enterprise Essential (FCEE) – The information or information system serves a critical function in maintaining the security and resilience of the Federal civilian enterprise.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under high value asset ","refSources":[{"text":"OMB M-19-03","link":"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf"}]}]},{"text":"Those assets, federal information systems, information, and data for which an unauthorized access, use, disclosure, disruption, modification, or destruction could cause a significant impact to the United States' national security interests, foreign relations, economy – or to the public confidence, civil liberties, or public health and safety of the American people.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under High Value Asset ","refSources":[{"text":"OMB M-17-09","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-09.pdf"}]}]}]},{"term":"Highway Addressable Remote Transducer","link":"https://csrc.nist.gov/glossary/term/highway_addressable_remote_transducer","abbrSyn":[{"text":"HART","link":"https://csrc.nist.gov/glossary/term/hart"}],"definitions":null},{"term":"HIMSS","link":"https://csrc.nist.gov/glossary/term/himss","abbrSyn":[{"text":"Healthcare Information and Management Systems Society","link":"https://csrc.nist.gov/glossary/term/healthcare_information_and_management_systems_society"}],"definitions":null},{"term":"HINFO","link":"https://csrc.nist.gov/glossary/term/hinfo","abbrSyn":[{"text":"Host Information","link":"https://csrc.nist.gov/glossary/term/host_information"}],"definitions":null},{"term":"HIP","link":"https://csrc.nist.gov/glossary/term/hip","abbrSyn":[{"text":"Host Identity Protocol","link":"https://csrc.nist.gov/glossary/term/host_identity_protocol"}],"definitions":null},{"term":"HIPAA","link":"https://csrc.nist.gov/glossary/term/hipaa","abbrSyn":[{"text":"Health and Human Services","link":"https://csrc.nist.gov/glossary/term/health_and_human_services"},{"text":"Health Information Portability and Accountability Act"},{"text":"Health Insurance Portability and Accountability Act","link":"https://csrc.nist.gov/glossary/term/health_insurance_portability_and_accountability_act"},{"text":"Health Insurance Portability and Accountability Act of 1996"}],"definitions":[{"text":"A federal statute that called on the federal Department of Health and Human Services to establish regulatory standards to protect the privacy and security of individually identifiable health information.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under Health Insurance Portability and Accountability Act of 1996 "}]},{"text":"the primary law in the United States that governs the privacy of healthcare information","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under Health Insurance Portability and Accountability Act of 1996 "}]}]},{"term":"HIPERLAN","link":"https://csrc.nist.gov/glossary/term/hiperlan","abbrSyn":[{"text":"High Performance Radio Local Area Network","link":"https://csrc.nist.gov/glossary/term/high_performance_radio_local_area_network"}],"definitions":null},{"term":"HIPS","link":"https://csrc.nist.gov/glossary/term/hips","abbrSyn":[{"text":"Host Intrusion Prevention System","link":"https://csrc.nist.gov/glossary/term/host_intrusion_prevention_system"}],"definitions":null},{"term":"HIRS","link":"https://csrc.nist.gov/glossary/term/hirs","abbrSyn":[{"text":"Host Integrity at Runtime and Start-Up","link":"https://csrc.nist.gov/glossary/term/host_integrity_at_runtime_and_start_up"}],"definitions":null},{"term":"HIS","link":"https://csrc.nist.gov/glossary/term/his","abbrSyn":[{"text":"Health Information System","link":"https://csrc.nist.gov/glossary/term/health_information_system"}],"definitions":null},{"term":"HIT","link":"https://csrc.nist.gov/glossary/term/hit","abbrSyn":[{"text":"Health Information Technology","link":"https://csrc.nist.gov/glossary/term/health_information_technology"}],"definitions":null},{"term":"HITRUST","link":"https://csrc.nist.gov/glossary/term/hitrust","abbrSyn":[{"text":"Health Information Trust Alliance","link":"https://csrc.nist.gov/glossary/term/health_information_trust_alliance"}],"definitions":null},{"term":"HKDF","link":"https://csrc.nist.gov/glossary/term/hkdf","abbrSyn":[{"text":"Hash-based Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hash_based_key_derivation_function"},{"text":"HMAC-based Extract-and-Expand Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hmac_based_extract_and_expand_key_derivation_function"},{"text":"HMAC-Based Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hmac_based_key_derivation_function"}],"definitions":null},{"term":"HL7","link":"https://csrc.nist.gov/glossary/term/hl7","abbrSyn":[{"text":"Health Level 7","link":"https://csrc.nist.gov/glossary/term/health_level_7"}],"definitions":null},{"term":"HLAT","link":"https://csrc.nist.gov/glossary/term/hlat","abbrSyn":[{"text":"Hypervisor Managed Linear Address Translation","link":"https://csrc.nist.gov/glossary/term/hypervisor_managed_linear_address_translation"}],"definitions":null},{"term":"HMAC","link":"https://csrc.nist.gov/glossary/term/hmac","abbrSyn":[{"text":"Hash- Based Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/hash__based_message_authentication_code"},{"text":"Hash Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/hash_message_authentication_code"},{"text":"hash-based message authentication code"},{"text":"Hash-based Message Authentication Code"},{"text":"Hash-Based Message Authentication Code"},{"text":"keyed hash-based message authentication code"},{"text":"Keyed-Hash Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code"}],"definitions":[{"text":"A message authentication code that uses a cryptographic key in conjunction with a hash function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under keyed hash-based message authentication code ","refSources":[{"text":"FIPS 198-1","link":"https://doi.org/10.6028/NIST.FIPS.198-1"}]},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Hash-based Message Authentication Code "}]},{"text":"Keyed-hash Message Authentication Code (as specified in FIPS 198-1).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"Keyed-Hash Message Authentication Code specified in [FIPS198].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]}]},{"term":"HMAC_DRBG","link":"https://csrc.nist.gov/glossary/term/hmac_drbg","definitions":[{"text":"A DRBG specified in SP 800-90A based on HMAC.","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"HMAC-based Extract-and-Expand Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hmac_based_extract_and_expand_key_derivation_function","abbrSyn":[{"text":"HKDF","link":"https://csrc.nist.gov/glossary/term/hkdf"}],"definitions":null},{"term":"HMAC-Based Key Derivation Function","link":"https://csrc.nist.gov/glossary/term/hmac_based_key_derivation_function","abbrSyn":[{"text":"HKDF","link":"https://csrc.nist.gov/glossary/term/hkdf"}],"definitions":null},{"term":"HMAC-MD5","link":"https://csrc.nist.gov/glossary/term/hmac_md5","abbrSyn":[{"text":"Keyed-Hash Message Authentication Code-Message Digest","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code_message_digest"}],"definitions":null},{"term":"HMAC-PRF","link":"https://csrc.nist.gov/glossary/term/hmac_prf","definitions":[{"text":"The HMAC function being used as a PRF.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"HMAC-SHA","link":"https://csrc.nist.gov/glossary/term/hmac_sha","abbrSyn":[{"text":"Keyed-Hash Message Authentication Code-Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code_secure_hash_algorithm"}],"definitions":null},{"term":"HMEE","link":"https://csrc.nist.gov/glossary/term/hmee","abbrSyn":[{"text":"Hardware Mediated Execution Enclave","link":"https://csrc.nist.gov/glossary/term/hardware_mediated_execution_enclave"}],"definitions":null},{"term":"HMFEv","link":"https://csrc.nist.gov/glossary/term/hmfev","abbrSyn":[{"text":"Hidden Medium Field Equation","link":"https://csrc.nist.gov/glossary/term/hidden_medium_field_equation"}],"definitions":null},{"term":"HMI","link":"https://csrc.nist.gov/glossary/term/hmi","abbrSyn":[{"text":"Human Machine Interface"},{"text":"human-machine interface","link":"https://csrc.nist.gov/glossary/term/human_machine_interface"},{"text":"Human-Machine Interface"}],"definitions":[{"text":"The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under human-machine interface ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]}]}]},{"term":"holdover","link":"https://csrc.nist.gov/glossary/term/holdover","definitions":[{"text":"An operating condition of a clock which has lost its controlling reference input, is using its local oscillator, and can be augmented with stored data acquired while locked to the reference input or a frequency reference to control its output.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]}]},{"term":"Home eNodeB","link":"https://csrc.nist.gov/glossary/term/home_enodeb","abbrSyn":[{"text":"HeNB","link":"https://csrc.nist.gov/glossary/term/henb"}],"definitions":null},{"term":"Home Subscriber Server","link":"https://csrc.nist.gov/glossary/term/home_subscriber_server","abbrSyn":[{"text":"HSS","link":"https://csrc.nist.gov/glossary/term/hss"}],"definitions":null},{"term":"Homeland Security Information Network","link":"https://csrc.nist.gov/glossary/term/homeland_security_information_network","abbrSyn":[{"text":"HSIN","link":"https://csrc.nist.gov/glossary/term/hsin"}],"definitions":null},{"term":"Homeland Security Information Network - Critical Infrastructure","link":"https://csrc.nist.gov/glossary/term/hsin_critical_infrastructure","abbrSyn":[{"text":"HSIN-CI","link":"https://csrc.nist.gov/glossary/term/hsin_ci"}],"definitions":null},{"term":"Homeland Security Presidential Directive","link":"https://csrc.nist.gov/glossary/term/homeland_security_presidential_directive","abbrSyn":[{"text":"HSPD","link":"https://csrc.nist.gov/glossary/term/hspd"}],"definitions":null},{"term":"Homeland Security Presidential Directive-12","link":"https://csrc.nist.gov/glossary/term/homeland_security_presidential_directive_12","abbrSyn":[{"text":"HSPD-12","link":"https://csrc.nist.gov/glossary/term/hspd_12"}],"definitions":[{"text":"Homeland Security Presidential Directive; HSPD-12 established the policy for which FIPS 201-2 was developed.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under HSPD-12 "}]}]},{"term":"honeypot","link":"https://csrc.nist.gov/glossary/term/honeypot","definitions":[{"text":"A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"host","link":"https://csrc.nist.gov/glossary/term/host","definitions":[{"text":"A host is any hardware device that has the capability of permitting access to a network via a user interface, specialized software, network address, protocol stack, or any other means. Some examples include, but are not limited to, computers, personal electronic devices, thin clients, and multi-functional devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1012","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"CNSSI 1013","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Almost any kind of computer, including a centralized mainframe that is a host to its terminals, a server that is host to its clients, or a desktop personal computer (PC) that is host to its peripherals. In network architectures, a client station (user’s machine) is also considered a host because it is a source of information to the network, in contrast to a device, such as a router or switch, that directs traffic.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Host "}]}]},{"term":"Host Bus Adapter","link":"https://csrc.nist.gov/glossary/term/host_bus_adapter","abbrSyn":[{"text":"HBA","link":"https://csrc.nist.gov/glossary/term/hba"}],"definitions":null},{"term":"Host Controller Interface","link":"https://csrc.nist.gov/glossary/term/host_controller_interface","abbrSyn":[{"text":"HCI","link":"https://csrc.nist.gov/glossary/term/hci"}],"definitions":null},{"term":"Host Identity Protocol","link":"https://csrc.nist.gov/glossary/term/host_identity_protocol","abbrSyn":[{"text":"HIP","link":"https://csrc.nist.gov/glossary/term/hip"}],"definitions":null},{"term":"Host Information","link":"https://csrc.nist.gov/glossary/term/host_information","abbrSyn":[{"text":"HINFO","link":"https://csrc.nist.gov/glossary/term/hinfo"}],"definitions":null},{"term":"Host Integrity at Runtime and Start-Up","link":"https://csrc.nist.gov/glossary/term/host_integrity_at_runtime_and_start_up","abbrSyn":[{"text":"HIRS","link":"https://csrc.nist.gov/glossary/term/hirs"}],"definitions":null},{"term":"Host Intrusion Detection System","link":"https://csrc.nist.gov/glossary/term/host_intrusion_detection_system","abbrSyn":[{"text":"HIDS","link":"https://csrc.nist.gov/glossary/term/hids"}],"definitions":null},{"term":"Host Intrusion Prevention System","link":"https://csrc.nist.gov/glossary/term/host_intrusion_prevention_system","abbrSyn":[{"text":"HIPS","link":"https://csrc.nist.gov/glossary/term/hips"}],"definitions":null},{"term":"Host Key","link":"https://csrc.nist.gov/glossary/term/host_key","definitions":[{"text":"A public key used for authenticating a host in the SSH protocol to hosts that want to communicate with it (each host also generally has its own private host key). Some hosts may have more than one host key (e.g., one for each algorithm). Host keys are used for authenticating hosts (machines) themselves, not users or accounts, whereas identity keys and authorized keys relate to authenticating users/accounts and authorizing access to accounts on hosts.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Host Name","link":"https://csrc.nist.gov/glossary/term/host_name","definitions":[{"text":"Host names are most commonly defined and used in the context of DNS. The host name of a system typically refers to the fully qualified DNS domain name of that system.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Host operating system","link":"https://csrc.nist.gov/glossary/term/host_operating_system","definitions":[{"text":"In a hosted virtualization solution, the OS that the hypervisor runs on top of.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]},{"text":"The operating system kernel shared by multiple applications within an application virtualization architecture.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"Host Protected Area","link":"https://csrc.nist.gov/glossary/term/host_protected_area","abbrSyn":[{"text":"HPA","link":"https://csrc.nist.gov/glossary/term/hpa"}],"definitions":null},{"term":"Host Verification Service","link":"https://csrc.nist.gov/glossary/term/host_verification_service","abbrSyn":[{"text":"HVS","link":"https://csrc.nist.gov/glossary/term/hvs"}],"definitions":null},{"term":"Host-Based Firewall","link":"https://csrc.nist.gov/glossary/term/host_based_firewall","definitions":[{"text":"A software-based firewall installed on a server to monitor and control its incoming and outgoing network traffic.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"host-based intrusion detection and prevention system","link":"https://csrc.nist.gov/glossary/term/host_based_intrusion_detection_and_prevention_system","definitions":[{"text":"A program that monitors the characteristics of a single host and the events occurring within that host to identify and stop suspicious activity.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Host-Based Intrusion Detection and Prevention System ","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]}]},{"term":"host-based security","link":"https://csrc.nist.gov/glossary/term/host_based_security","definitions":[{"text":"A set of capabilities that provide a framework to implement a wide-range of security solutions on hosts. This framework includes a trusted agent and a centralized management function that together provide automated protection to detect, respond, and report host-based vulnerabilities and incidents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Hosted virtualization","link":"https://csrc.nist.gov/glossary/term/hosted_virtualization","definitions":[{"text":"A form of full virtualization where the hypervisor runs on top of a host OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"Hostname","link":"https://csrc.nist.gov/glossary/term/hostname","definitions":[{"text":"Hostnames are most commonly defined and used in the context of DNS. The hostname of a system typically refers to the fully qualified DNS domain name of that system.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"hot site","link":"https://csrc.nist.gov/glossary/term/hot_site","definitions":[{"text":"A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Hot Site "}]}]},{"term":"Hotfix","link":"https://csrc.nist.gov/glossary/term/hotfix","definitions":[{"text":"Microsoft’s term for “patch.”","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"Updated code from Microsoft that addresses a specific security problem.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]"}]}]},{"term":"Hotwash","link":"https://csrc.nist.gov/glossary/term/hotwash","definitions":[{"text":"A debrief conducted immediately after an exercise or test with the staff and participants.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"HPA","link":"https://csrc.nist.gov/glossary/term/hpa","abbrSyn":[{"text":"Host Protected Area","link":"https://csrc.nist.gov/glossary/term/host_protected_area"}],"definitions":null},{"term":"HPC","link":"https://csrc.nist.gov/glossary/term/hpc","abbrSyn":[{"text":"High-Performance Computing","link":"https://csrc.nist.gov/glossary/term/high_performance_computing"}],"definitions":null},{"term":"HPCMP","link":"https://csrc.nist.gov/glossary/term/hpcmp","abbrSyn":[{"text":"High Performance Computing Modernization Program","link":"https://csrc.nist.gov/glossary/term/high_performance_computing_modernization_program"}],"definitions":null},{"term":"HPE","link":"https://csrc.nist.gov/glossary/term/hpe","abbrSyn":[{"text":"Hewlett Packard Enterprise","link":"https://csrc.nist.gov/glossary/term/hewlett_packard_enterprise"}],"definitions":null},{"term":"HPFS","link":"https://csrc.nist.gov/glossary/term/hpfs","abbrSyn":[{"text":"High-Performance File System","link":"https://csrc.nist.gov/glossary/term/high_performance_file_system"}],"definitions":null},{"term":"HPH","link":"https://csrc.nist.gov/glossary/term/hph","abbrSyn":[{"text":"Healthcare and Public Health","link":"https://csrc.nist.gov/glossary/term/healthcare_and_public_health"}],"definitions":null},{"term":"HR","link":"https://csrc.nist.gov/glossary/term/hr","abbrSyn":[{"text":"House of Representatives","link":"https://csrc.nist.gov/glossary/term/house_of_representatives"},{"text":"Human Resource"},{"text":"Human Resources","link":"https://csrc.nist.gov/glossary/term/human_resources"}],"definitions":null},{"term":"HRCyber","link":"https://csrc.nist.gov/glossary/term/hrcyber","abbrSyn":[{"text":"Hampton Roads Cybersecurity Education, Workforce and Economic Development Alliance","link":"https://csrc.nist.gov/glossary/term/hampton_roads_cybersecurity_education_workforce_and_economic_development_alliance"}],"definitions":null},{"term":"HS","link":"https://csrc.nist.gov/glossary/term/hs","abbrSyn":[{"text":"High Speed","link":"https://csrc.nist.gov/glossary/term/high_speed"}],"definitions":null},{"term":"HSIN","link":"https://csrc.nist.gov/glossary/term/hsin","abbrSyn":[{"text":"Homeland Security Information Network","link":"https://csrc.nist.gov/glossary/term/homeland_security_information_network"}],"definitions":null},{"term":"HSIN-CI","link":"https://csrc.nist.gov/glossary/term/hsin_ci","abbrSyn":[{"text":"Homeland Security Information Network - Critical Infrastructure","link":"https://csrc.nist.gov/glossary/term/hsin_critical_infrastructure"}],"definitions":null},{"term":"HSM","link":"https://csrc.nist.gov/glossary/term/hsm","abbrSyn":[{"text":"hardware security module"},{"text":"Hardware Security Module"}],"definitions":null},{"term":"HSN","link":"https://csrc.nist.gov/glossary/term/hsn","abbrSyn":[{"text":"Hybrid Satellite Network","link":"https://csrc.nist.gov/glossary/term/hybrid_satellite_network"}],"definitions":[{"text":"An integrated terrestrial and space infrastructure comprised of independently owned and operated segments, parts, or systems that collectively create or perform as a singular space system.","sources":[{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under Hybrid Satellite Network "}]}]},{"term":"HSPA","link":"https://csrc.nist.gov/glossary/term/hspa","abbrSyn":[{"text":"High Speed Packet Access","link":"https://csrc.nist.gov/glossary/term/high_speed_packet_access"}],"definitions":null},{"term":"HSPD","link":"https://csrc.nist.gov/glossary/term/hspd","abbrSyn":[{"text":"Homeland Security Presidential Directive","link":"https://csrc.nist.gov/glossary/term/homeland_security_presidential_directive"}],"definitions":null},{"term":"HSPD-12","link":"https://csrc.nist.gov/glossary/term/hspd_12","abbrSyn":[{"text":"Homeland Security Presidential Directive 12"},{"text":"Homeland Security Presidential Directive-12","link":"https://csrc.nist.gov/glossary/term/homeland_security_presidential_directive_12"}],"definitions":[{"text":"Homeland Security Presidential Directive; HSPD-12 established the policy for which FIPS 201-2 was developed.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"HSR","link":"https://csrc.nist.gov/glossary/term/hsr","abbrSyn":[{"text":"High-Availability Seamless Redundancy","link":"https://csrc.nist.gov/glossary/term/high_availability_seamless_redundancy"}],"definitions":null},{"term":"HSS","link":"https://csrc.nist.gov/glossary/term/hss","abbrSyn":[{"text":"Hierarchical Signature Scheme","link":"https://csrc.nist.gov/glossary/term/hierarchical_signature_scheme"},{"text":"Home Subscriber Server","link":"https://csrc.nist.gov/glossary/term/home_subscriber_server"}],"definitions":null},{"term":"HSTS","link":"https://csrc.nist.gov/glossary/term/hsts","abbrSyn":[{"text":"HTTP Strict-Transport-Security","link":"https://csrc.nist.gov/glossary/term/http_strict_transport_security"}],"definitions":null},{"term":"HTBC","link":"https://csrc.nist.gov/glossary/term/htbc","abbrSyn":[{"text":"HyTrust BoundaryControl","link":"https://csrc.nist.gov/glossary/term/hytrust_boundarycontrol"}],"definitions":null},{"term":"HTCA","link":"https://csrc.nist.gov/glossary/term/htca","abbrSyn":[{"text":"HyTrust CloudAdvisor","link":"https://csrc.nist.gov/glossary/term/hytrust_cloudadvisor"}],"definitions":null},{"term":"HTCC","link":"https://csrc.nist.gov/glossary/term/htcc","abbrSyn":[{"text":"HyTrust CloudControl","link":"https://csrc.nist.gov/glossary/term/hytrust_cloudcontrol"}],"definitions":null},{"term":"HTCIA","link":"https://csrc.nist.gov/glossary/term/htcia","abbrSyn":[{"text":"High Technology Crime Investigation Association","link":"https://csrc.nist.gov/glossary/term/high_technology_crime_investigation_association"}],"definitions":null},{"term":"HTDC","link":"https://csrc.nist.gov/glossary/term/htdc","abbrSyn":[{"text":"HyTrust DataControl","link":"https://csrc.nist.gov/glossary/term/hytrust_datacontrol"}],"definitions":null},{"term":"HTKC","link":"https://csrc.nist.gov/glossary/term/htkc","abbrSyn":[{"text":"HyTrust KeyControl","link":"https://csrc.nist.gov/glossary/term/hytrust_keycontrol"}],"definitions":null},{"term":"HTLC","link":"https://csrc.nist.gov/glossary/term/htlc","abbrSyn":[{"text":"Hashed Timelock Contract","link":"https://csrc.nist.gov/glossary/term/hashed_timelock_contract"}],"definitions":null},{"term":"HTM","link":"https://csrc.nist.gov/glossary/term/htm","abbrSyn":[{"text":"Healthcare Technology Management","link":"https://csrc.nist.gov/glossary/term/healthcare_technology_management"}],"definitions":null},{"term":"HTML","link":"https://csrc.nist.gov/glossary/term/html","abbrSyn":[{"text":"Hypertext Markup Language"},{"text":"HyperText Markup Language","link":"https://csrc.nist.gov/glossary/term/hypertext_markup_language"}],"definitions":null},{"term":"HTML5","link":"https://csrc.nist.gov/glossary/term/html5","abbrSyn":[{"text":"Hypertext Markup Language (version 5)"},{"text":"Hypertext Markup Language version 5","link":"https://csrc.nist.gov/glossary/term/hypertext_markup_language_version_5"}],"definitions":null},{"term":"HTTP","link":"https://csrc.nist.gov/glossary/term/http","abbrSyn":[{"text":"Hyper Text Transfer Protocol"},{"text":"Hypertext Transfer Protocol"},{"text":"HyperText Transfer Protocol"}],"definitions":[{"text":"A standard method for communication between clients and Web servers.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Hypertext Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under HyperText Transfer Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under HyperText Transfer Protocol "}]}]},{"term":"HTTP Strict-Transport-Security","link":"https://csrc.nist.gov/glossary/term/http_strict_transport_security","abbrSyn":[{"text":"HSTS","link":"https://csrc.nist.gov/glossary/term/hsts"}],"definitions":null},{"term":"HTTPD","link":"https://csrc.nist.gov/glossary/term/httpd","abbrSyn":[{"text":"Hypertext Transfer Protocol Daemon","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol_daemon"}],"definitions":null},{"term":"HTTPS","link":"https://csrc.nist.gov/glossary/term/https","abbrSyn":[{"text":"Hyper Text Transfer Protocol Secure"},{"text":"Hypertext Transfer Protocol"},{"text":"HyperText Transfer Protocol over SSL/TLS"},{"text":"Hypertext Transfer Protocol over Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol_over_transport_layer_security"},{"text":"Hypertext Transfer Protocol Secure"},{"text":"HyperText Transfer Protocol Secure"}],"definitions":[{"text":"A standard method for communication between clients and Web servers.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Hypertext Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]}]},{"term":"Human Resources","link":"https://csrc.nist.gov/glossary/term/human_resources","abbrSyn":[{"text":"HR","link":"https://csrc.nist.gov/glossary/term/hr"}],"definitions":null},{"term":"Human User Interface Capability","link":"https://csrc.nist.gov/glossary/term/human_user_interface_capability","definitions":[{"text":"The ability for an IoT device to communicate directly with people.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"HVA","link":"https://csrc.nist.gov/glossary/term/hva","abbrSyn":[{"text":"High Value Asset"},{"text":"High-Value Asset","link":"https://csrc.nist.gov/glossary/term/high_value_asset"}],"definitions":[{"text":"Information or an information system that is so critical to an organization that the loss or corruption of this information or loss of access to the system would have serious impacts on the organization’s ability to perform its mission or conduct business.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under High-Value Asset ","refSources":[{"text":"CISA Secure High Value Assets","link":"https://www.cisa.gov/publication/secure-high-value-assets"}]}]},{"text":"Those assets, federal information systems, information, and data for which an unauthorized access, use, disclosure, disruption, modification, or destruction could cause a significant impact to the United States' national security interests, foreign relations, economy – or to the public confidence, civil liberties, or public health and safety of the American people.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under High Value Asset ","refSources":[{"text":"OMB M-17-09","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-09.pdf"}]}]}]},{"term":"HVAC","link":"https://csrc.nist.gov/glossary/term/hvac","abbrSyn":[{"text":"Heating, Ventilation, and Air Conditioning","link":"https://csrc.nist.gov/glossary/term/heating_ventilation_and_air_conditioning"}],"definitions":null},{"term":"HVS","link":"https://csrc.nist.gov/glossary/term/hvs","abbrSyn":[{"text":"Host Verification Service","link":"https://csrc.nist.gov/glossary/term/host_verification_service"}],"definitions":null},{"term":"HWAM","link":"https://csrc.nist.gov/glossary/term/hwam","abbrSyn":[{"text":"Hardware Asset Management","link":"https://csrc.nist.gov/glossary/term/hardware_asset_management"}],"definitions":[{"text":"See Capability, Hardware Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Hardware Asset Management "}]}]},{"term":"Hybrid cloud","link":"https://csrc.nist.gov/glossary/term/hybrid_cloud","definitions":[{"text":"The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"hybrid control","link":"https://csrc.nist.gov/glossary/term/hybrid_control","definitions":[{"text":"A security control or privacy control that is implemented in an information system in part as a common control and in part as a system-specific control. \nSee Common Control and System-Specific Security Control.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Hybrid Control ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53","note":" - Adapted"}]}]},{"text":"A security or privacy control that is implemented for an information system in part as a common control and in part as a system-specific control. See common control and system-specific control.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A security or privacy control that is implemented for an information system in part as a common control and in part as a system-specific control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A security or privacy control that is implemented for an information system, in part as a common control and in part as a system-specific control.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"Common Control"},{"text":"System-Specific Security Control"}]},{"term":"hybrid security control","link":"https://csrc.nist.gov/glossary/term/hybrid_security_control","definitions":[{"text":"A security control that is implemented in an information system in part as a common control and in part as a system-specific control. \nSee Common Control and System-Specific Security Control.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Hybrid Security Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Hybrid Security Control "}]},{"text":"A security control that is implemented in an information system in part as a common control and in part as a system-specific control.See Common Control and System-Specific Security Control.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Hybrid Security Control ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"A security control that is implemented in an information system in part as a common control and in part as a system-specific control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Hybrid Security Control ","refSources":[{"text":"NIST SP 800-53 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-53r3"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Hybrid Security Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Hybrid Security Control ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]}],"seeAlso":[{"text":"common control","link":"common_control"},{"text":"Common Control"},{"text":"system-specific security control","link":"system_specific_security_control"},{"text":"System-Specific Security Control"}]},{"term":"Hyper-Converged Infrastructure","link":"https://csrc.nist.gov/glossary/term/hyper_converged_infrastructure","abbrSyn":[{"text":"HCI","link":"https://csrc.nist.gov/glossary/term/hci"}],"definitions":null},{"term":"HyperText Markup Language","link":"https://csrc.nist.gov/glossary/term/hypertext_markup_language","abbrSyn":[{"text":"HTML","link":"https://csrc.nist.gov/glossary/term/html"}],"definitions":null},{"term":"Hypertext Markup Language version 5","link":"https://csrc.nist.gov/glossary/term/hypertext_markup_language_version_5","abbrSyn":[{"text":"HTML5","link":"https://csrc.nist.gov/glossary/term/html5"}],"definitions":null},{"term":"Hypertext Preprocessor","link":"https://csrc.nist.gov/glossary/term/hypertext_preprocessor","abbrSyn":[{"text":"PHP","link":"https://csrc.nist.gov/glossary/term/php"}],"definitions":null},{"term":"Hypertext Transfer Protocol (HTTP)","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol","abbrSyn":[{"text":"http"},{"text":"HTTP","link":"https://csrc.nist.gov/glossary/term/http"},{"text":"HTTPS","link":"https://csrc.nist.gov/glossary/term/https"}],"definitions":[{"text":"A standard method for communication between clients and Web servers.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under HyperText Transfer Protocol (HTTP) "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Hypertext Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under HyperText Transfer Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under HyperText Transfer Protocol "}]}]},{"term":"Hypertext Transfer Protocol Daemon","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol_daemon","abbrSyn":[{"text":"HTTPD","link":"https://csrc.nist.gov/glossary/term/httpd"}],"definitions":null},{"term":"Hypertext Transfer Protocol over Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol_over_transport_layer_security","abbrSyn":[{"text":"HTTPS","link":"https://csrc.nist.gov/glossary/term/https"}],"definitions":[{"text":"HTTP transmitted over TLS.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under HyperText Transfer Protocol over SSL/TLS (HTTPS) ","refSources":[{"text":"RFC 2818","link":"https://doi.org/10.17487/RFC2818"}]}]}]},{"term":"Hypertext Transfer Protocol Secure (HTTPS)","link":"https://csrc.nist.gov/glossary/term/hypertext_transfer_protocol_secure","abbrSyn":[{"text":"https"},{"text":"HTTPS","link":"https://csrc.nist.gov/glossary/term/https"}],"definitions":[{"text":"HTTP transmitted over TLS.","sources":[{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]}]},{"term":"Hyper-V virtual hard disk","link":"https://csrc.nist.gov/glossary/term/hyper_v_virtual_hard_disk","abbrSyn":[{"text":"VHDX","link":"https://csrc.nist.gov/glossary/term/vhdx"}],"definitions":null},{"term":"hypervisor","link":"https://csrc.nist.gov/glossary/term/hypervisor","abbrSyn":[{"text":"Virtual machine monitor (VMM)","link":"https://csrc.nist.gov/glossary/term/virtual_machine_monitor"}],"definitions":[{"text":"The virtualization component that manages the guest OSs on a host and controls the flow of instructions between the guest OSs and the physical hardware.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","underTerm":" under Hypervisor "}]},{"text":"See “hypervisor”.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","underTerm":" under Virtual machine monitor (VMM) "}]},{"text":"A software built using a specialized kernel of an OS, along with supporting kernel modules that provides isolation for various execution stacks represented by Virtual Machines (see below).","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A","underTerm":" under Hypervisor "}]}],"seeAlso":[{"text":"Virtual Machines","link":"virtual_machines"}]},{"term":"Hypervisor Managed Linear Address Translation","link":"https://csrc.nist.gov/glossary/term/hypervisor_managed_linear_address_translation","abbrSyn":[{"text":"HLAT","link":"https://csrc.nist.gov/glossary/term/hlat"}],"definitions":null},{"term":"Hypothesis (Alternative)","link":"https://csrc.nist.gov/glossary/term/hypothesis_alt","definitions":[{"text":"A statement Ha that an analyst will consider as true (e.g., Ha: the sequence is non-random) if and when the null hypothesis is determined to be false.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Hypothesis (Null)","link":"https://csrc.nist.gov/glossary/term/hypothesis_null","definitions":[{"text":"A statement H0 about the assumed default condition/property of the observed sequence. For the purposes of this document, the null hypothesis H0 is that the sequence is random. If H0 is in fact true, then the reference distribution and critical values of the test statistic may be derived.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"HyTrust BoundaryControl","link":"https://csrc.nist.gov/glossary/term/hytrust_boundarycontrol","abbrSyn":[{"text":"HTBC","link":"https://csrc.nist.gov/glossary/term/htbc"}],"definitions":null},{"term":"HyTrust CloudAdvisor","link":"https://csrc.nist.gov/glossary/term/hytrust_cloudadvisor","abbrSyn":[{"text":"HTCA","link":"https://csrc.nist.gov/glossary/term/htca"}],"definitions":null},{"term":"HyTrust CloudControl","link":"https://csrc.nist.gov/glossary/term/hytrust_cloudcontrol","abbrSyn":[{"text":"HTCC","link":"https://csrc.nist.gov/glossary/term/htcc"}],"definitions":null},{"term":"HyTrust DataControl","link":"https://csrc.nist.gov/glossary/term/hytrust_datacontrol","abbrSyn":[{"text":"HTDC","link":"https://csrc.nist.gov/glossary/term/htdc"}],"definitions":null},{"term":"HyTrust KeyControl","link":"https://csrc.nist.gov/glossary/term/hytrust_keycontrol","abbrSyn":[{"text":"HTKC","link":"https://csrc.nist.gov/glossary/term/htkc"}],"definitions":null},{"term":"Hz","link":"https://csrc.nist.gov/glossary/term/hz","abbrSyn":[{"text":"Hertz","link":"https://csrc.nist.gov/glossary/term/hertz"}],"definitions":null},{"term":"I","link":"https://csrc.nist.gov/glossary/term/i_uppercase","definitions":[{"text":"Input Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"A 16-byte string used in LMS as a key pair identifier.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"I&A","link":"https://csrc.nist.gov/glossary/term/ianda","abbrSyn":[{"text":"Identification and Authentication","link":"https://csrc.nist.gov/glossary/term/identification_and_authentication"}],"definitions":[{"text":"The process of establishing the identity of an entity interacting with a system.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Identification and Authentication "}]}]},{"term":"I&T","link":"https://csrc.nist.gov/glossary/term/i_and_t","abbrSyn":[{"text":"Information and Technology","link":"https://csrc.nist.gov/glossary/term/information_and_technology"}],"definitions":null},{"term":"I&W","link":"https://csrc.nist.gov/glossary/term/iandw","abbrSyn":[{"text":"Indications and Warnings","link":"https://csrc.nist.gov/glossary/term/indications_and_warnings"}],"definitions":null},{"term":"I/O","link":"https://csrc.nist.gov/glossary/term/i_o","abbrSyn":[{"text":"Input/Output"}],"definitions":[{"text":"A general term for the equipment that is used to communicate with a computer as well as the data involved in the communications.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Input/Output ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"I1, …, I64","link":"https://csrc.nist.gov/glossary/term/input_block_bits","definitions":[{"text":"Bits of the Input Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"I2BS","link":"https://csrc.nist.gov/glossary/term/i2bs","abbrSyn":[{"text":"Integer to Byte String conversion routine","link":"https://csrc.nist.gov/glossary/term/integer_to_byte_string_conversion_routine"}],"definitions":[{"text":"Integer to Byte String conversion routine.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"I2C","link":"https://csrc.nist.gov/glossary/term/i2c","abbrSyn":[{"text":"Inter-Integrated Circuit","link":"https://csrc.nist.gov/glossary/term/inter_integrated_circuit"}],"definitions":null},{"term":"I2P","link":"https://csrc.nist.gov/glossary/term/i2p","abbrSyn":[{"text":"Invisible Internet Project","link":"https://csrc.nist.gov/glossary/term/invisible_internet_project"}],"definitions":null},{"term":"I3P","link":"https://csrc.nist.gov/glossary/term/i3p","abbrSyn":[{"text":"Institute for Information Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/institute_for_information_infrastructure_protection"}],"definitions":null},{"term":"IA","link":"https://csrc.nist.gov/glossary/term/ia","abbrSyn":[{"text":"Identification and Authentication","link":"https://csrc.nist.gov/glossary/term/identification_and_authentication"},{"text":"Information Assurance"},{"text":"Itanium Architecture","link":"https://csrc.nist.gov/glossary/term/itanium_architecture"}],"definitions":[{"text":"Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The process of establishing the identity of an entity interacting with a system.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Identification and Authentication "}]}]},{"term":"IA architecture","link":"https://csrc.nist.gov/glossary/term/ia_architecture","definitions":[{"text":"A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub- units, showing their alignment with the enterprise’s mission and strategic plans. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IA infrastructure","link":"https://csrc.nist.gov/glossary/term/ia_infrastructure","definitions":[{"text":"The underlying security framework that lies beyond an enterprise’s defined boundary, but supports its information assurance (IA) and IA-enabled products, its security posture and its risk management plan. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IA product","link":"https://csrc.nist.gov/glossary/term/ia_product","definitions":[{"text":"Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IAARC","link":"https://csrc.nist.gov/glossary/term/iaarc","abbrSyn":[{"text":"International Association for Automation and Robotics in Construction","link":"https://csrc.nist.gov/glossary/term/intl_assoc_for_automation_and_robotics_in_construction"}],"definitions":null},{"term":"IaaS","link":"https://csrc.nist.gov/glossary/term/iaas","abbrSyn":[{"text":"Infrastructure as a Service"}],"definitions":null},{"term":"IAB","link":"https://csrc.nist.gov/glossary/term/iab","abbrSyn":[{"text":"Interagency Advisory Board","link":"https://csrc.nist.gov/glossary/term/interagency_advisory_board"},{"text":"Internet Architecture Board","link":"https://csrc.nist.gov/glossary/term/internet_architecture_board"}],"definitions":null},{"term":"IAC","link":"https://csrc.nist.gov/glossary/term/iac","abbrSyn":[{"text":"Information Assurance Component"},{"text":"infrastructure as code","link":"https://csrc.nist.gov/glossary/term/infrastructure_as_code"}],"definitions":[{"text":"The process of managing and provisioning an organization’s IT infrastructure using machine-readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under infrastructure as code "}]}]},{"term":"IACD","link":"https://csrc.nist.gov/glossary/term/iacd","abbrSyn":[{"text":"Integrated Adaptive Cyber Defense","link":"https://csrc.nist.gov/glossary/term/integrated_adaptive_cyber_defense"}],"definitions":null},{"term":"IACIS","link":"https://csrc.nist.gov/glossary/term/iacis","abbrSyn":[{"text":"International Association of Computer Investigative Specialists","link":"https://csrc.nist.gov/glossary/term/international_association_of_computer_investigative_specialists"}],"definitions":null},{"term":"IACS","link":"https://csrc.nist.gov/glossary/term/iacs","abbrSyn":[{"text":"Industrial Automation and Control System","link":"https://csrc.nist.gov/glossary/term/industrial_automation_and_control_system"},{"text":"Industrial Automation and Control Systems","link":"https://csrc.nist.gov/glossary/term/industrial_automation_and_control_systems"}],"definitions":null},{"term":"IAD","link":"https://csrc.nist.gov/glossary/term/iad","abbrSyn":[{"text":"Information Access Division","link":"https://csrc.nist.gov/glossary/term/information_access_division"},{"text":"ITL Information Access Division","link":"https://csrc.nist.gov/glossary/term/itl_information_access_division"}],"definitions":null},{"term":"IAEA","link":"https://csrc.nist.gov/glossary/term/iaea","abbrSyn":[{"text":"International Atomic Energy Agency","link":"https://csrc.nist.gov/glossary/term/international_atomic_energy_agency"}],"definitions":null},{"term":"IA-enabled information technology product","link":"https://csrc.nist.gov/glossary/term/ia_enabled_information_technology_product","note":"(C.F.D.)","definitions":[{"text":"Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as security-enabled web browsers, screening routers, trusted operating systems, and security-enabled messaging systems. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IA-enabled product","link":"https://csrc.nist.gov/glossary/term/ia_enabled_product","definitions":[{"text":"Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities. \nNote: Examples include such products as security-enabled web browsers, screening routers, trusted operating systems, and security enabling messaging systems. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IAK","link":"https://csrc.nist.gov/glossary/term/iak","abbrSyn":[{"text":"Initial Attestation Key","link":"https://csrc.nist.gov/glossary/term/initial_attestation_key"}],"definitions":null},{"term":"IAL","link":"https://csrc.nist.gov/glossary/term/ial","abbrSyn":[{"text":"Identity Assurance Level"}],"definitions":[{"text":"A category that conveys the degree of confidence that the applicant’s claimed identity is their real identity.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity Assurance Level "}]}]},{"term":"IAM","link":"https://csrc.nist.gov/glossary/term/iam","abbrSyn":[{"text":"Identity and Access Management"},{"text":"Information Assessment Methodology","link":"https://csrc.nist.gov/glossary/term/information_assessment_methodology"},{"text":"Information Assurance Manager","link":"https://csrc.nist.gov/glossary/term/information_assurance_manager"}],"definitions":null},{"term":"IANA","link":"https://csrc.nist.gov/glossary/term/iana","abbrSyn":[{"text":"Internet Assigned Number Authority","link":"https://csrc.nist.gov/glossary/term/internet_assigned_number_authority"},{"text":"Internet Assigned Numbers Authority","link":"https://csrc.nist.gov/glossary/term/internet_assigned_numbers_authority"}],"definitions":null},{"term":"IAO","link":"https://csrc.nist.gov/glossary/term/iao","note":"(C.F.D.)","abbrSyn":[{"text":"Information Assurance Officer","link":"https://csrc.nist.gov/glossary/term/information_assurance_officer"}],"definitions":null},{"term":"IAPP","link":"https://csrc.nist.gov/glossary/term/iapp","abbrSyn":[{"text":"International Association of Privacy Professionals","link":"https://csrc.nist.gov/glossary/term/international_association_of_privacy_professionals"}],"definitions":null},{"term":"IARPA","link":"https://csrc.nist.gov/glossary/term/iarpa","abbrSyn":[{"text":"Intelligence Advanced Research Projects Activity","link":"https://csrc.nist.gov/glossary/term/intelligence_advanced_research_projects_activity"}],"definitions":null},{"term":"IASAE","link":"https://csrc.nist.gov/glossary/term/iasae","abbrSyn":[{"text":"Information Assurance Workforce System Architecture","link":"https://csrc.nist.gov/glossary/term/information_assurance_workforce_system_architecture"}],"definitions":null},{"term":"IAST","link":"https://csrc.nist.gov/glossary/term/iast","abbrSyn":[{"text":"interactive application security testing","link":"https://csrc.nist.gov/glossary/term/interactive_application_security_testing"}],"definitions":null},{"term":"IATAC","link":"https://csrc.nist.gov/glossary/term/iatac","abbrSyn":[{"text":"Information Assurance Technology Analysis Center","link":"https://csrc.nist.gov/glossary/term/information_assurance_technology_analysis_center"}],"definitions":null},{"term":"IATF","link":"https://csrc.nist.gov/glossary/term/iatf","abbrSyn":[{"text":"Information Assurance Technical Framework","link":"https://csrc.nist.gov/glossary/term/information_assurance_technical_framework"}],"definitions":null},{"term":"IATO","link":"https://csrc.nist.gov/glossary/term/iato","abbrSyn":[{"text":"Interim Approval to Operate","link":"https://csrc.nist.gov/glossary/term/interim_approval_to_operate"}],"definitions":[{"text":"Interim Authorization to Operate; issued by a DAO to an issuer who is not satisfactorily performing PIV Card and/or Derived PIV Credential specified services (e.g., identity proofing/registration (if applicable)), card/token production, activation/issuance and maintenance).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"IATT","link":"https://csrc.nist.gov/glossary/term/iatt","abbrSyn":[{"text":"Interim Authorization to Test"}],"definitions":null},{"term":"IAVA","link":"https://csrc.nist.gov/glossary/term/iava","abbrSyn":[{"text":"Information Assurance Vulnerability Alert"}],"definitions":null},{"term":"IAVB","link":"https://csrc.nist.gov/glossary/term/iavb","abbrSyn":[{"text":"Information Assurance Vulnerability Bulletin"}],"definitions":null},{"term":"IBAC","link":"https://csrc.nist.gov/glossary/term/ibac","abbrSyn":[{"text":"Identity Based Access Control"}],"definitions":null},{"term":"IBB","link":"https://csrc.nist.gov/glossary/term/ibb","abbrSyn":[{"text":"Initial Boot Block","link":"https://csrc.nist.gov/glossary/term/initial_boot_block"}],"definitions":null},{"term":"IBC","link":"https://csrc.nist.gov/glossary/term/ibc","abbrSyn":[{"text":"Iterated Block Cipher","link":"https://csrc.nist.gov/glossary/term/iterated_block_cipher"}],"definitions":null},{"term":"IBE","link":"https://csrc.nist.gov/glossary/term/ibe","abbrSyn":[{"text":"Identity-Based Encryption","link":"https://csrc.nist.gov/glossary/term/identity_based_encryption"}],"definitions":null},{"term":"iBGP","link":"https://csrc.nist.gov/glossary/term/ibgp","abbrSyn":[{"text":"Interior Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/interior_border_gateway_protocol"},{"text":"Internal BGP","link":"https://csrc.nist.gov/glossary/term/internal_bgp"},{"text":"Internal Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/internal_border_gateway_protocol"}],"definitions":[{"text":"A BGP operation communicating routing information within an AS.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54","underTerm":" under IBGP "}]}]},{"term":"IBM Cloud Secure Virtualization","link":"https://csrc.nist.gov/glossary/term/ibm_cloud_secure_virtualization","abbrSyn":[{"text":"ICSV","link":"https://csrc.nist.gov/glossary/term/icsv"}],"definitions":null},{"term":"IBSS","link":"https://csrc.nist.gov/glossary/term/ibss","abbrSyn":[{"text":"Independent Basic Service Set","link":"https://csrc.nist.gov/glossary/term/independent_basic_service_set"},{"text":"Interdependent Basic Service Set","link":"https://csrc.nist.gov/glossary/term/interdependent_basic_service_set"}],"definitions":null},{"term":"IC","link":"https://csrc.nist.gov/glossary/term/ic","abbrSyn":[{"text":"Intelligence Community"}],"definitions":[{"text":"The term 'intelligence community' refers to the following agencies or organizations:\n(1) The Central Intelligence Agency (CIA);\n(2) The National Security Agency (NSA);\n(3) The Defense Intelligence Agency (DIA);\n(4) The offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs;\n(5) The Bureau of Intelligence and Research of the Department of State;\n(6) The int elligence elements of the Army, Navy, Air Force, and Marine Corps, the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Department of Energy; and\n(7) The staff elements of the Director of Central Intelligence.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Intelligence Community ","refSources":[{"text":"E.O. 12333","link":"https://www.archives.gov/federal-register/codification/executive-order/12333.html"}]}]},{"text":"The term 'intelligence community' refers to the following agencies or organizations:\n(i) The Central Intelligence Agency (CIA);\n(ii)The National Security Agency (NSA);\n(iii) The Defense Intelligence Agency (DIA);\n(iv) The offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs;\n(v) The Bureau of Intelligence and Research of the Department of State;\n(vi) The intelligence elements of the Army, Navy, Air Force, and Marine Corps, the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Department of Energy; and\n(vii) The staff elements of the Director of Central Intelligence.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Intelligence Community "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Intelligence Community "}]}]},{"term":"ICA","link":"https://csrc.nist.gov/glossary/term/ica","abbrSyn":[{"text":"Information Centric Analytics","link":"https://csrc.nist.gov/glossary/term/information_centric_analytics"}],"definitions":null},{"term":"ICAM","link":"https://csrc.nist.gov/glossary/term/icam","abbrSyn":[{"text":"Identity, Credential and Access Management"},{"text":"Identity, Credential, and Access Management"},{"text":"Identity, Credentials, and Access Management"}],"definitions":null},{"term":"ICANN","link":"https://csrc.nist.gov/glossary/term/icann","abbrSyn":[{"text":"Internet Corporation for Assigned Names and Numbers","link":"https://csrc.nist.gov/glossary/term/internet_corporation_for_assigned_names_and_numbers"}],"definitions":null},{"term":"ICAO","link":"https://csrc.nist.gov/glossary/term/icao","abbrSyn":[{"text":"International Civil Aviation Organization","link":"https://csrc.nist.gov/glossary/term/international_civil_aviation_organization"}],"definitions":null},{"term":"ICB","link":"https://csrc.nist.gov/glossary/term/icb","definitions":[{"text":"Initial Counter Block","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]},{"text":"The initial counter block","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"ICC","link":"https://csrc.nist.gov/glossary/term/icc","abbrSyn":[{"text":"Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_card"},{"text":"Integrated Circuit Chip","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_chip"}],"definitions":null},{"term":"ICCD","link":"https://csrc.nist.gov/glossary/term/iccd","abbrSyn":[{"text":"Integrated Circuit(s) Card Device","link":"https://csrc.nist.gov/glossary/term/integrated_circuits_card_device"}],"definitions":null},{"term":"ICCID","link":"https://csrc.nist.gov/glossary/term/iccid","abbrSyn":[{"text":"Integrated Circuit Card Identification","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_card_identification"}],"definitions":[{"text":"a unique and immutable identifier maintained within the SIM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Integrated Circuit Card Identification "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Integrated Circuit Card Identification "}]}]},{"term":"ICCP","link":"https://csrc.nist.gov/glossary/term/iccp","abbrSyn":[{"text":"Inter-control Center Communications Protocol","link":"https://csrc.nist.gov/glossary/term/inter_control_center_communications_protocol"}],"definitions":null},{"term":"ICD","link":"https://csrc.nist.gov/glossary/term/icd","abbrSyn":[{"text":"Intelligence Community Directive","link":"https://csrc.nist.gov/glossary/term/intelligence_community_directive"}],"definitions":null},{"term":"ICMC","link":"https://csrc.nist.gov/glossary/term/icmc","abbrSyn":[{"text":"International Cryptographic Module Conference","link":"https://csrc.nist.gov/glossary/term/international_cryptographic_module_conference"}],"definitions":null},{"term":"ICMP","link":"https://csrc.nist.gov/glossary/term/icmp","abbrSyn":[{"text":"Internet Control Message Protocol","link":"https://csrc.nist.gov/glossary/term/internet_control_message_protocol"}],"definitions":null},{"term":"ICS","link":"https://csrc.nist.gov/glossary/term/ics","abbrSyn":[{"text":"industrial control system"},{"text":"Industrial Control System"},{"text":"Industrial Control System(s)"},{"text":"Industrial Control Systems"},{"text":"Intelligence Community Standard","link":"https://csrc.nist.gov/glossary/term/intelligence_community_standard"},{"text":"Internet Connection Sharing","link":"https://csrc.nist.gov/glossary/term/internet_connection_sharing"}],"definitions":[{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Industrial Control Systems ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems used to control geographically dispersed assets, as well as distributed control systems and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Industrial Control System ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Industrial Control System "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations that are often found in the industrial sectors and critical infrastructures, such as programmable logic controllers (PLC). An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under industrial control system ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under industrial control system "}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.  Industrial control systems include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC) found in the industrial sectors and critical infrastructures. An industrial control system consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under industrial control system ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"a general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Industrial Control System ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]}]},{"term":"ICS-CERT","link":"https://csrc.nist.gov/glossary/term/ics_cert","abbrSyn":[{"text":"Industrial Control Systems - Cyber Emergency Response Team","link":"https://csrc.nist.gov/glossary/term/industrial_control_systems_cyber_emergency_response_team"},{"text":"Industrial Control Systems Cyber Emergency Response Team"}],"definitions":null},{"term":"ICSP","link":"https://csrc.nist.gov/glossary/term/icsp","abbrSyn":[{"text":"Interagency Council on Standards Policy","link":"https://csrc.nist.gov/glossary/term/interagency_council_on_standards_policy"},{"text":"Interagency Council on Statistical Policy","link":"https://csrc.nist.gov/glossary/term/interagency_council_on_statistical_policy"}],"definitions":null},{"term":"icss","link":"https://csrc.nist.gov/glossary/term/icss","abbrSyn":[{"text":"Integrated Control and Safety Systems","link":"https://csrc.nist.gov/glossary/term/integrated_control_and_safety_systems"}],"definitions":null},{"term":"ICSV","link":"https://csrc.nist.gov/glossary/term/icsv","abbrSyn":[{"text":"IBM Cloud Secure Virtualization","link":"https://csrc.nist.gov/glossary/term/ibm_cloud_secure_virtualization"}],"definitions":null},{"term":"ICT","link":"https://csrc.nist.gov/glossary/term/ict","abbrSyn":[{"text":"information and communication technology"},{"text":"Information and Communication Technology"},{"text":"Information and Communications Technology"}],"definitions":[{"text":"Encompasses the capture, storage, retrieval, processing, display, representation, presentation, organization, management, security, transfer, and interchange of data and information.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Information and Communications Technology ","refSources":[{"text":"ISO/IEC 2382:2015","note":" - adapted"}]}]}]},{"term":"ICT ROF","link":"https://csrc.nist.gov/glossary/term/ict_rof","abbrSyn":[{"text":"Information and Communications Technology Risk Outcomes Framework","link":"https://csrc.nist.gov/glossary/term/ict_risk_outcomes_framework"}],"definitions":null},{"term":"ICT Supply Chain","link":"https://csrc.nist.gov/glossary/term/ict_supply_chain","definitions":[{"text":"Linked set of resources and processes between acquirers, integrators, and suppliers that begins with the design of ICT products and services and extends through development, sourcing, manufacturing, handling, and delivery of ICT products and services to the acquirer.  \nNote: An ICT supply chain can include vendors, manufacturing facilities, logistics providers, distribution centers, distributors, wholesalers, and other organizations involved in the manufacturing, processing, design and development, handling and delivery of the products, or service providers involved in the operation, management, and delivery of the services.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"ISO 28001","note":" - Adapted"}]}]},{"text":"Linked set of resources and processes between acquirers, integrators, and suppliers that begins with the design of ICT products and services and extends through development, sourcing, manufacturing, handling, and delivery of ICT products and services to the acquirer.  ","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"ISO 28001","note":" - Adapted"}]}]}]},{"term":"ICT Supply Chain Risk","link":"https://csrc.nist.gov/glossary/term/ict_supply_chain_risk","definitions":[{"text":"Risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"},{"text":"NIST SP 800-53 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-53r3"}]}]}]},{"term":"ICT Supply Chain Risk Management","link":"https://csrc.nist.gov/glossary/term/ict_supply_chain_risk_management","definitions":[{"text":"The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"}]}]},{"term":"ICT/OT-related service providers","link":"https://csrc.nist.gov/glossary/term/ict_ot_related_service_providers","definitions":[{"text":"Any organization or individual providing services which may include authorized access to an ICT or OT system.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"ICTRM","link":"https://csrc.nist.gov/glossary/term/ictrm","abbrSyn":[{"text":"Information and Communications Technology Risk Management","link":"https://csrc.nist.gov/glossary/term/information_and_communications_technology_risk_management"}],"definitions":null},{"term":"ICU","link":"https://csrc.nist.gov/glossary/term/icu","abbrSyn":[{"text":"Interface Configuration Utility","link":"https://csrc.nist.gov/glossary/term/interface_configuration_utility"}],"definitions":null},{"term":"ICV","link":"https://csrc.nist.gov/glossary/term/icv","abbrSyn":[{"text":"integrity check value","link":"https://csrc.nist.gov/glossary/term/integrity_check_value"},{"text":"Integrity Check Value"}],"definitions":[{"text":"See checksum.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under integrity check value "}]},{"text":"A fixed string that is prepended to the plaintext within the authenticated-encryption function of a key-wrap algorithm, in order to enable the verification of the integrity of the plaintext within the authenticated-decryption function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under integrity check value "}]}]},{"term":"ID","link":"https://csrc.nist.gov/glossary/term/id","abbrSyn":[{"text":"Identification"},{"text":"Identifier"},{"text":"Identify","link":"https://csrc.nist.gov/glossary/term/identify"},{"text":"identify (CSF function)","link":"https://csrc.nist.gov/glossary/term/identify_csf"},{"text":"identity","link":"https://csrc.nist.gov/glossary/term/identity"},{"text":"Identity"}],"definitions":[{"text":"The process of discovering the identity (i.e., origin or initial history) of a person or item from the entire collection of similar persons or items.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identification "}]},{"text":"Unique group element \\(0\\) for which \\(x+0=x\\) for each group element \\(x\\), relative to the binary group operator \\(+\\).","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186","underTerm":" under identity "}]},{"text":"The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Identity ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Identity ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Identification "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identification "}]},{"text":"The set of physical and behavioral characteristics by which an individual is uniquely recognizable. \nNote: This also encompasses non-person entities (NPEs).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under identity ","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Identification "},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Identification ","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Identification ","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]},{"text":"Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Identifier "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identifier "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identifier "}]},{"text":"The set of physical and behavioral characteristics by which an individual is uniquely recognizable.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Identity "},{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under identity "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity "}]},{"text":"Information that is unique within a security domain and which is recognized as denoting a particular entity within that domain.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under identity "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under identity "}]},{"text":"The bit string denoting the identifier associated with an entity.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"A bit string that is associated with a person, device or organization. It may be an identifying name or a nickname, or may be something more abstract (for example, a string consisting of an IP address).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Identifier "}]},{"text":"A bit string that is associated with a person, device or organization. It may be an identifying name, or may be something more abstract (for example, a string consisting of an IP address and timestamp), depending on the application.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Identifier "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Identifier "}]},{"text":"The distinguishing character or personality of an entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Identity "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Identity "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Identity "}]},{"text":"An attribute or set of attributes that uniquely describe a subject within a given context.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Identity "}]},{"text":"Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under identify (CSF function) ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"A bit string that is associated with a person, device or organization. It may be an identifying name, or may be something more abstract (for example, a string consisting of an Internet Protocol (IP) address).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Identifier "}]},{"text":"A bit string that is associated with a person, device, or organization. It may be an identifying name or may be something more abstract (e.g., a string consisting of an IP address and timestamp), depending on the application.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Identifier "}]},{"text":"A set of attributes that uniquely describe a person within a given context.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Identity ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Identity "}]},{"text":"A unique, auditable representation of identity within the system usually in the form of a simple character string for each individual user, machine, software component or any other entity.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Identification "}]},{"text":"Something (data) that identifies an assessment object or other entity of interest (like a defect check). In database terms, it is a primary or candidate key that can be used to uniquely identify the assessment object so it is not confused with other objects.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Identifier "}]},{"text":"A bit string that is associated with a person, device or organization. It may be an identifying name, or may be something more abstract (for example, a string consisting of an Internet Protocol (IP) address and timestamp).","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Identifier "}]}]},{"term":"IDA","link":"https://csrc.nist.gov/glossary/term/ida","abbrSyn":[{"text":"Institute for Defense Analyses","link":"https://csrc.nist.gov/glossary/term/institute_for_defense_analyses"}],"definitions":null},{"term":"IDaaS","link":"https://csrc.nist.gov/glossary/term/idaas","abbrSyn":[{"text":"Identity as a Service","link":"https://csrc.nist.gov/glossary/term/identity_as_a_service"}],"definitions":null},{"term":"Idaho National Laboratory","link":"https://csrc.nist.gov/glossary/term/idaho_national_laboratory","abbrSyn":[{"text":"INL","link":"https://csrc.nist.gov/glossary/term/inl"}],"definitions":null},{"term":"IdAM","link":"https://csrc.nist.gov/glossary/term/idam","abbrSyn":[{"text":"Identity and access management","link":"https://csrc.nist.gov/glossary/term/identity_and_access_management"},{"text":"Identity and Access Management"}],"definitions":null},{"term":"IDART","link":"https://csrc.nist.gov/glossary/term/idart","abbrSyn":[{"text":"Information Design Assurance Red Team","link":"https://csrc.nist.gov/glossary/term/information_design_assurance_red_team"}],"definitions":null},{"term":"iDASH","link":"https://csrc.nist.gov/glossary/term/idash","abbrSyn":[{"text":"Integrating Data for Analysis, Anonymization, and Sharing","link":"https://csrc.nist.gov/glossary/term/integrating_data_for_analysis_anonymization_and_sharing"}],"definitions":null},{"term":"IDE","link":"https://csrc.nist.gov/glossary/term/ide","abbrSyn":[{"text":"Integrated Development Environment","link":"https://csrc.nist.gov/glossary/term/integrated_development_environment"},{"text":"Integrated Drive Electronics","link":"https://csrc.nist.gov/glossary/term/integrated_drive_electronics"}],"definitions":null},{"term":"Ideal Random Bitstring","link":"https://csrc.nist.gov/glossary/term/ideal_random_bitstring","abbrSyn":[{"text":"Ideal Random Sequence"}],"definitions":[{"text":"See Ideal Random Sequence.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"Each bit of an ideal random sequence is unpredictable and unbiased, with a value that is independent of the values of the other bits in the sequence. Prior to the observation of the sequence, the value of each bit is equally likely to be 0 or 1, and the probability that a particular bit will have a particular value is unaffected by knowledge of the values of any or all of the other bits. An ideal random sequence of n bits contains n bits of entropy.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Ideal Random Sequence "}]}]},{"term":"ideal randomness source","link":"https://csrc.nist.gov/glossary/term/ideal_randomness_source","definitions":[{"text":"The source of an ideal random sequence of bits. Each bit of an ideal random sequence is unpredictable and unbiased, with a value that is independent of the values of the other bits in the sequence. Prior to an observation of the sequence, the value of each bit is equally likely to be 0 or 1, and the probability that a particular bit will have a particular value is unaffected by knowledge of the values of any or all of the other bits. An ideal random sequence of \\(n\\) bits contains \\(n\\) bits of entropy.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]}]},{"term":"iDEN","link":"https://csrc.nist.gov/glossary/term/iden","abbrSyn":[{"text":"Integrated Digital Enhanced Network"}],"definitions":[{"text":"a proprietary mobile communications technology developed by Motorola that combine the capabilities of a digital cellular telephone with two-way radio.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Integrated Digital Enhanced Network "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Integrated Digital Enhanced Network "}]}]},{"term":"identifiable person","link":"https://csrc.nist.gov/glossary/term/identifiable_person","definitions":[{"text":"one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/TS 25237:2008"}]}]}]},{"term":"Identification and Authentication","link":"https://csrc.nist.gov/glossary/term/identification_and_authentication","abbrSyn":[{"text":"I&A","link":"https://csrc.nist.gov/glossary/term/ianda"},{"text":"IA","link":"https://csrc.nist.gov/glossary/term/ia"}],"definitions":[{"text":"The process of establishing the identity of an entity interacting with a system.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711"}]}]},{"term":"identified information","link":"https://csrc.nist.gov/glossary/term/identified_information","definitions":[{"text":"information that explicitly identifies an individual","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Identifier CPE Name","link":"https://csrc.nist.gov/glossary/term/identifier_cpe_name","definitions":[{"text":"A bound representation of a CPE WFN that uniquely identifies a single product class. Also referred to as an “identifier name”.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Identifier Lookup","link":"https://csrc.nist.gov/glossary/term/identifier_lookup","definitions":[{"text":"The process of determining if a single identifier name exists in a CPE dictionary.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Identify","link":"https://csrc.nist.gov/glossary/term/identify","abbrSyn":[{"text":"ID","link":"https://csrc.nist.gov/glossary/term/id"}],"definitions":[{"text":"The bit string denoting the identifier associated with an entity.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under ID "}]}]},{"term":"identify (CSF function)","link":"https://csrc.nist.gov/glossary/term/identify_csf","abbrSyn":[{"text":"ID","link":"https://csrc.nist.gov/glossary/term/id"}],"definitions":[{"text":"The bit string denoting the identifier associated with an entity.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under ID "}]},{"text":"Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Identify (function) "}]}]},{"term":"Identifying Information","link":"https://csrc.nist.gov/glossary/term/identifying_information","definitions":[{"text":"Information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under identifying information ","refSources":[{"text":"OMB M-17-12","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-12.pdf"}]}]},{"text":"The set of an asset's attributes that may be useful for identifying that asset, including discoverable information about the asset and identifiers assigned to the asset.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Identify-P (Function)","link":"https://csrc.nist.gov/glossary/term/identify_pf","definitions":[{"text":"Develop the organizational understanding to manage privacy risk for individuals arising from data processing.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"identity","link":"https://csrc.nist.gov/glossary/term/identity","abbrSyn":[{"text":"ID","link":"https://csrc.nist.gov/glossary/term/id"}],"definitions":[{"text":"Unique group element \\(0\\) for which \\(x+0=x\\) for each group element \\(x\\), relative to the binary group operator \\(+\\).","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]},{"text":"The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Identity ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Identity ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"The set of physical and behavioral characteristics by which an individual is uniquely recognizable. \nNote: This also encompasses non-person entities (NPEs).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"The set of physical and behavioral characteristics by which an individual is uniquely recognizable.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Identity "},{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity "}]},{"text":"Information that is unique within a security domain and which is recognized as denoting a particular entity within that domain.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"The bit string denoting the identifier associated with an entity.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under ID "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under ID "}]},{"text":"The distinguishing character or personality of an entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Identity "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Identity "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Identity "}]},{"text":"An attribute or set of attributes that uniquely describe a subject within a given context.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Identity "}]},{"text":"A set of attributes that uniquely describe a person within a given context.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Identity ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Identity "}]}]},{"term":"Identity and access management","link":"https://csrc.nist.gov/glossary/term/identity_and_access_management","abbrSyn":[{"text":"IAM","link":"https://csrc.nist.gov/glossary/term/iam"},{"text":"IdAM","link":"https://csrc.nist.gov/glossary/term/idam"},{"text":"IDAM"}],"definitions":[{"text":"Broadly refers to the administration of individual identities within a system, such as a company, a network or even a country. In enterprise IT, identity management is about establishing and managing the roles and access privileges of individual network users.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under identity management "}]}]},{"term":"Identity and Credential Management System","link":"https://csrc.nist.gov/glossary/term/identity_and_credential_management_system","abbrSyn":[{"text":"IDMS/CMS","link":"https://csrc.nist.gov/glossary/term/idms_cms"}],"definitions":null},{"term":"Identity as a Service","link":"https://csrc.nist.gov/glossary/term/identity_as_a_service","abbrSyn":[{"text":"IDaaS","link":"https://csrc.nist.gov/glossary/term/idaas"}],"definitions":null},{"term":"Identity Assurance Level (IAL)","link":"https://csrc.nist.gov/glossary/term/identity_assurance_level","abbrSyn":[{"text":"IAL","link":"https://csrc.nist.gov/glossary/term/ial"}],"definitions":[{"text":"A category that conveys the degree of confidence that a person’s claimed identity is their real identity, as defined in [NIST SP 800-63-3] in terms of three levels: IAL 1 (Some confidence), IAL 2 (High confidence), IAL 3 (Very high confidence).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A category that conveys the degree of confidence that the applicant’s claimed identity is their real identity.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Identity Assurance Level "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Identity authentication","link":"https://csrc.nist.gov/glossary/term/identity_authentication","definitions":[{"text":"The process of providing assurance about the identity of an entity interacting with a system; also see Source authentication.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"The process of providing assurance about the identity of an entity interacting with a system (e.g., to access a resource). Sometimes called entity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The process of providing assurance about the identity of an entity interacting with a system (e.g., to access a resource). Sometimes called entity authentication. Compare with source authentication.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"identity certificate","link":"https://csrc.nist.gov/glossary/term/identity_certificate","definitions":[{"text":"A certificate that provides authentication of the identity claimed. Within the National Security System (NSS) public key infrastructure (PKI), identity certificates may be used only for authentication or may be used for both authentication and digital signatures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"certificate","link":"certificate"}]},{"term":"Identity Defined Networking","link":"https://csrc.nist.gov/glossary/term/identity_defined_networking","abbrSyn":[{"text":"IDN","link":"https://csrc.nist.gov/glossary/term/idn"}],"definitions":null},{"term":"Identity Ecosystem","link":"https://csrc.nist.gov/glossary/term/identity_ecosystem","definitions":[{"text":"An online environment where individuals can choose from a variety of credentials to use in lieu of passwords for interactions conducted across the internet.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","refSources":[{"text":"NSTIC","link":"https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf"}]}]}]},{"term":"Identity Ecosystem Steering Group","link":"https://csrc.nist.gov/glossary/term/identity_ecosystem_steering_group","abbrSyn":[{"text":"IDESG","link":"https://csrc.nist.gov/glossary/term/idesg"}],"definitions":null},{"term":"Identity Evidence","link":"https://csrc.nist.gov/glossary/term/identity_evidence","definitions":[{"text":"Information or documentation provided by the applicant to support the claimed identity. Identity evidence may be physical (e.g. a driver license) or digital (e.g. an assertion generated and issued by a CSP based on the applicant successfully authenticating to the CSP).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Identity Federation","link":"https://csrc.nist.gov/glossary/term/identity_federation","definitions":[{"text":"A group of organizations that agree to follow the rules of a trust framework.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"Identity Federation Framework","link":"https://csrc.nist.gov/glossary/term/identity_federation_framework","abbrSyn":[{"text":"IDFF","link":"https://csrc.nist.gov/glossary/term/idff"}],"definitions":null},{"term":"Identity Fraud and Identity Theft","link":"https://csrc.nist.gov/glossary/term/identity_fraud_and_identity_theft","definitions":[{"text":"Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another personʼs personal data in some way that involves fraud or deception, typically for economic gain.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"}]}]},{"term":"Identity Guard","link":"https://csrc.nist.gov/glossary/term/identity_guard","abbrSyn":[{"text":"IDG","link":"https://csrc.nist.gov/glossary/term/idg"}],"definitions":null},{"term":"Identity Key","link":"https://csrc.nist.gov/glossary/term/identity_key","definitions":[{"text":"A private key that is used for authentication in the SSH protocol; grants access  to the accounts for which the corresponding public key has been configured as an authorized key.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Identity Management and Governance","link":"https://csrc.nist.gov/glossary/term/identity_management_and_governance","abbrSyn":[{"text":"IMG","link":"https://csrc.nist.gov/glossary/term/img"}],"definitions":null},{"term":"Identity Management System (IDMS)","link":"https://csrc.nist.gov/glossary/term/identity_management_system","abbrSyn":[{"text":"IDMS","link":"https://csrc.nist.gov/glossary/term/idms"}],"definitions":[{"text":"One or more systems or applications that manage the identity proofing, registration, and issuance processes.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"One or more systems or applications that manage the identity verification, validation, and issuance process.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under identity management system "}]},{"text":"Identity management system comprised of one or more systems or applications that manages the identity verification, validation, and issuance process.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","refSources":[{"text":"FIPS 201-2","link":"https://doi.org/10.6028/NIST.FIPS.201-2"}]}]},{"text":"Identity management system comprised of one or more systems or applications that manages the identity verification, validation and issuance process.","sources":[{"text":"FIPS 201","note":" [version unknown]"}]}]},{"term":"Identity Manager","link":"https://csrc.nist.gov/glossary/term/identity_manager","abbrSyn":[{"text":"IM","link":"https://csrc.nist.gov/glossary/term/im"}],"definitions":null},{"term":"identity proofing","link":"https://csrc.nist.gov/glossary/term/identity_proofing","definitions":[{"text":"The process of providing sufficient information (e.g., identity history, credentials, documents) to establish an identity.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity Proofing "}]},{"text":"The process by which a CSP collects, validates, and verifies information about a person.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Identity Proofing "}]},{"text":"Verifying the claimed identity of an applicant by authenticating the identity source documents provided by the applicant.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Identity Proofing "}]},{"text":"The process of providing sufficient information (e.g., identity history, credentials, documents) to establish an identity.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"The process by which a CSP or Registration Authority (RA) collect, validate and verify information about a person for the purpose of issuing credentials to that person.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Identity Proofing ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The process of providing sufficient information (e.g., identity history, credentials, documents) to a PIV Registrar when attempting to establish an identity.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity Proofing "}]},{"text":"The process by which a CSP and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Identity Proofing "}]}]},{"term":"Identity Provider (IdP)","link":"https://csrc.nist.gov/glossary/term/identity_provider","abbrSyn":[{"text":"Credential Service Provider"},{"text":"IdP","link":"https://csrc.nist.gov/glossary/term/idp"},{"text":"IP","link":"https://csrc.nist.gov/glossary/term/ip"}],"definitions":[{"text":"A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. A CSP may be an independent third party or issue credentials for its own use.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential Service Provider "}]},{"text":"The party that manages the subscriber’s primary authentication credentials and issues assertions derived from those credentials. This is commonly the CSP as discussed within this document suite.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"See Credential Service Provider.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"identity registration","link":"https://csrc.nist.gov/glossary/term/identity_registration","abbrSyn":[{"text":"Enrollment","link":"https://csrc.nist.gov/glossary/term/enrollment"},{"text":"Registration"}],"definitions":[{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. In some other NIST documents, such as [NIST SP 800-63A], identity registration is referred to as enrollment.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity Registration "}]},{"text":"The process of making a person’s identity known to the personal identity verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and the CSP validates the applicant’s identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Enrollment "}]},{"text":"See Enrollment.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Registration "}]},{"text":"Making a person’s identity known to the enrollment/Identity Management System information system by associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the information system. Registration is necessary in order to initiate other processes, such as adjudication, card/token personalization and issuance and, maintenance that are necessary to issue and to re-issue or maintain a PIV Card or a Derived PIV Credential token.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Registration "}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate.)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Enrollment ","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Enrollment ","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and an RA validates the identity of the applicant on behalf of the CSP. (NIST SP 800-63-3)","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Registration ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The process that a Certificate Authority (CA) uses to create a certificate for a web server or email user","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Enrollment "}]},{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity Registration "}]},{"text":"See “Identity Registration”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Registration "}]},{"text":"The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Registration "}]}]},{"term":"Identity Resolving Key","link":"https://csrc.nist.gov/glossary/term/identity_resolving_key","abbrSyn":[{"text":"IRK","link":"https://csrc.nist.gov/glossary/term/irk"}],"definitions":null},{"term":"Identity Root","link":"https://csrc.nist.gov/glossary/term/identity_root","abbrSyn":[{"text":"IR","link":"https://csrc.nist.gov/glossary/term/ir"}],"definitions":null},{"term":"Identity Service Provider (ISP)","link":"https://csrc.nist.gov/glossary/term/identity_service_provider","abbrSyn":[{"text":"Credential Service Provider"}],"definitions":[{"text":"A trusted entity that issues or registers subscriber authenticators and issues electronic credentials to subscribers. A CSP may be an independent third party or issue credentials for its own use.","sources":[{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Credential Service Provider "}]},{"text":"See Credential Service Provider.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"Identity Services Engine","link":"https://csrc.nist.gov/glossary/term/identity_services_engine","abbrSyn":[{"text":"ISE","link":"https://csrc.nist.gov/glossary/term/ise"}],"definitions":null},{"term":"identity token","link":"https://csrc.nist.gov/glossary/term/identity_token","definitions":[{"text":"Smart card, metal key, or other physical object used to authenticate identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"identity verification","link":"https://csrc.nist.gov/glossary/term/identity_verification","abbrSyn":[{"text":"Verification"}],"definitions":[{"text":"The process of confirming or denying that a claimed identity is correct by comparing the credentials of a person requesting access with those previously proven and associated with the PIV Card or a derived PIV credential associated with the identity being claimed.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity Verification "}]},{"text":"Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Verification ","refSources":[{"text":"CNSSI 4009"},{"text":"ISO 9000","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Verification ","refSources":[{"text":"CNSSI 4009"},{"text":"ISO 9000","note":" - Adapted"}]}]},{"text":"The process of testing the media to ensure the information cannot be read.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Verification "}]},{"text":"The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those credentials previously proven and stored in the PIV Card or system and associated with the identity being claimed.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome). Adapted from Verification.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Identity Verification ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Internal phase within the NVD where a second, usually more experienced, NVD Analyst verifies the work completed during the Initial Analysis.","sources":[{"text":"NISTIR 8246","link":"https://doi.org/10.6028/NIST.IR.8246","underTerm":" under Verification "}]},{"text":"Process of producing objective evidence that sufficiently demonstrates that the system satisfies its security requirements and security characteristics with the level of assurance that applies to the system.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Verification ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - §3.4.9, Adapted"}]}]},{"text":"The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card or system and associated with the identity being claimed.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity Verification "}]},{"text":"See “Identity Verification”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Verification "}]}],"seeAlso":[{"text":"Comparison","link":"comparison"}]},{"term":"Identity Web Services Framework","link":"https://csrc.nist.gov/glossary/term/identity_web_services_framework","abbrSyn":[{"text":"ID-WSF","link":"https://csrc.nist.gov/glossary/term/id_wsf"}],"definitions":null},{"term":"Identity, Credential, and Access Management (ICAM)","link":"https://csrc.nist.gov/glossary/term/identity_credential_and_access_management","abbrSyn":[{"text":"ICAM","link":"https://csrc.nist.gov/glossary/term/icam"}],"definitions":[{"text":"Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), bind those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leverage the credentials to provide authorized access to an agency‘s resources. \nSee also attribute-based access control (ABAC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FICAM Roadmap and IG V2.0","link":"https://www.idmanagement.gov/wp-content/uploads/sites/1171/uploads/FICAM_Roadmap_and_Implem_Guid.pdf"}]}]}],"seeAlso":[{"text":"attribute-based access control (ABAC)","link":"attribute_based_access_control"}]},{"term":"identity-based access control","link":"https://csrc.nist.gov/glossary/term/identity_based_access_control","abbrSyn":[{"text":"IBAC","link":"https://csrc.nist.gov/glossary/term/ibac"}],"definitions":[{"text":"Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Identity-based authentication","link":"https://csrc.nist.gov/glossary/term/identity_based_authentication","definitions":[{"text":"A process that provides assurance of an entity’s identity by means of an authentication mechanism that verifies the identity of the entity. Contrast with role-based authentication","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Identity-Based Encryption","link":"https://csrc.nist.gov/glossary/term/identity_based_encryption","abbrSyn":[{"text":"IBE","link":"https://csrc.nist.gov/glossary/term/ibe"}],"definitions":null},{"term":"IDESG","link":"https://csrc.nist.gov/glossary/term/idesg","abbrSyn":[{"text":"Identity Ecosystem Steering Group","link":"https://csrc.nist.gov/glossary/term/identity_ecosystem_steering_group"}],"definitions":null},{"term":"IDevID","link":"https://csrc.nist.gov/glossary/term/idevid","abbrSyn":[{"text":"Initial Device Identity","link":"https://csrc.nist.gov/glossary/term/initial_device_identity"}],"definitions":null},{"term":"IDFF","link":"https://csrc.nist.gov/glossary/term/idff","abbrSyn":[{"text":"Identity Federation Framework","link":"https://csrc.nist.gov/glossary/term/identity_federation_framework"}],"definitions":null},{"term":"IDG","link":"https://csrc.nist.gov/glossary/term/idg","abbrSyn":[{"text":"Identity Guard","link":"https://csrc.nist.gov/glossary/term/identity_guard"}],"definitions":null},{"term":"IDIQ","link":"https://csrc.nist.gov/glossary/term/idiq","abbrSyn":[{"text":"Indefinite Delivery/Indefinite Quantity","link":"https://csrc.nist.gov/glossary/term/indefinite_delivery_indefinite_quantity"}],"definitions":null},{"term":"IDM","link":"https://csrc.nist.gov/glossary/term/idm","abbrSyn":[{"text":"interference detection and mitigation","link":"https://csrc.nist.gov/glossary/term/interference_detection_and_mitigation"}],"definitions":null},{"term":"IDMEF","link":"https://csrc.nist.gov/glossary/term/idmef","abbrSyn":[{"text":"Intrusion Detection Message Exchange Format","link":"https://csrc.nist.gov/glossary/term/intrusion_detection_message_exchange_format"}],"definitions":null},{"term":"IDMS","link":"https://csrc.nist.gov/glossary/term/idms","abbrSyn":[{"text":"Identity Management System"}],"definitions":null},{"term":"IDMS/CMS","link":"https://csrc.nist.gov/glossary/term/idms_cms","abbrSyn":[{"text":"Identity and Credential Management System","link":"https://csrc.nist.gov/glossary/term/identity_and_credential_management_system"}],"definitions":null},{"term":"IDN","link":"https://csrc.nist.gov/glossary/term/idn","abbrSyn":[{"text":"Identity Defined Networking","link":"https://csrc.nist.gov/glossary/term/identity_defined_networking"}],"definitions":null},{"term":"IdP","link":"https://csrc.nist.gov/glossary/term/idp","abbrSyn":[{"text":"Identity Provider"}],"definitions":null},{"term":"IDPS","link":"https://csrc.nist.gov/glossary/term/idps","abbrSyn":[{"text":"Intrusion Detection and Prevention System"},{"text":"Intrusion Detection Prevention System"}],"definitions":null},{"term":"iDRAC","link":"https://csrc.nist.gov/glossary/term/idrac","abbrSyn":[{"text":"Dell Remote Access Controller","link":"https://csrc.nist.gov/glossary/term/dell_remote_access_controller"}],"definitions":null},{"term":"IDS","link":"https://csrc.nist.gov/glossary/term/ids","abbrSyn":[{"text":"Intrusion detection system"},{"text":"Intrusion Detection System"}],"definitions":[{"text":"Software that looks for suspicious activity and alerts administrators.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Intrusion Detection System "}]}]},{"term":"ID-WSF","link":"https://csrc.nist.gov/glossary/term/id_wsf","abbrSyn":[{"text":"Identity Web Services Framework","link":"https://csrc.nist.gov/glossary/term/identity_web_services_framework"}],"definitions":null},{"term":"IEA","link":"https://csrc.nist.gov/glossary/term/iea","abbrSyn":[{"text":"Information Exchange Agreement"}],"definitions":null},{"term":"IEC","link":"https://csrc.nist.gov/glossary/term/iec","abbrSyn":[{"text":"International Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/international_electrotechnical_commission"}],"definitions":null},{"term":"IED","link":"https://csrc.nist.gov/glossary/term/ied","abbrSyn":[{"text":"Intelligent Electronic Device"}],"definitions":[{"text":"Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers).","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Intelligent Electronic Device ","refSources":[{"text":"AGA 12","link":"https://www.aga.org/"}]}]}]},{"term":"IEEE","link":"https://csrc.nist.gov/glossary/term/ieee","abbrSyn":[{"text":"Institute of Electrical and Electronics Engineers","link":"https://csrc.nist.gov/glossary/term/institute_of_electrical_and_electronics_engineers"},{"text":"Institute of Electrical and Electronics Engineers, Inc."}],"definitions":null},{"term":"IEEE Engineering in Medicine and Biology Society","link":"https://csrc.nist.gov/glossary/term/ieee_engineering_in_medicine_and_biology_society","abbrSyn":[{"text":"EMBS","link":"https://csrc.nist.gov/glossary/term/embs"}],"definitions":null},{"term":"IEEE Industrial Electronics Society","link":"https://csrc.nist.gov/glossary/term/ieee_industrial_electronics_society","abbrSyn":[{"text":"IES","link":"https://csrc.nist.gov/glossary/term/ies"}],"definitions":null},{"term":"IEEE Power & Energy Society","link":"https://csrc.nist.gov/glossary/term/ieee_power_and_energy_society","abbrSyn":[{"text":"PES","link":"https://csrc.nist.gov/glossary/term/pes"}],"definitions":null},{"term":"IEEE Power System Communications and Cybersecurity","link":"https://csrc.nist.gov/glossary/term/ieee_power_system_comms_and_cybersecurity","abbrSyn":[{"text":"PSCCC","link":"https://csrc.nist.gov/glossary/term/psccc"}],"definitions":null},{"term":"IEEE Robotics and Automation Society","link":"https://csrc.nist.gov/glossary/term/ieee_robotics_and_automation_society","abbrSyn":[{"text":"RAS","link":"https://csrc.nist.gov/glossary/term/ras"}],"definitions":null},{"term":"IEEE Vehicular Technology Society","link":"https://csrc.nist.gov/glossary/term/ieee_vehicular_technology_society","abbrSyn":[{"text":"VTS","link":"https://csrc.nist.gov/glossary/term/vts"}],"definitions":null},{"term":"IERS","link":"https://csrc.nist.gov/glossary/term/iers","abbrSyn":[{"text":"International Earth Rotation and Reference Systems Service","link":"https://csrc.nist.gov/glossary/term/international_earth_rotation_and_reference_systems_service"}],"definitions":null},{"term":"IES","link":"https://csrc.nist.gov/glossary/term/ies","abbrSyn":[{"text":"IEEE Industrial Electronics Society","link":"https://csrc.nist.gov/glossary/term/ieee_industrial_electronics_society"}],"definitions":null},{"term":"IETF","link":"https://csrc.nist.gov/glossary/term/ietf","abbrSyn":[{"text":"Internet Engineering Task Force"}],"definitions":[{"text":"The Internet Engineering Task Force is the premier Internet standards body that develops open Internet standards.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Internet Engineering Task Force "}]},{"text":"The internet standards organization made up of network designers, operators, vendors, and researchers that defines protocol standards (e.g., IP, TCP, DNS) through process of collaboration and consensus.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Engineering Task Force "}]}]},{"term":"IFC","link":"https://csrc.nist.gov/glossary/term/ifc","abbrSyn":[{"text":"Integer Factorization Cryptography","link":"https://csrc.nist.gov/glossary/term/integer_factorization_cryptography"}],"definitions":[{"text":"Integer factorization cryptography","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"Integer Factorization Cryptography.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"iFCP","link":"https://csrc.nist.gov/glossary/term/ifcp","abbrSyn":[{"text":"Internet Fibre-Channel Protocol","link":"https://csrc.nist.gov/glossary/term/internet_fibre_channel_protocol"}],"definitions":null},{"term":"IFIP","link":"https://csrc.nist.gov/glossary/term/ifip","abbrSyn":[{"text":"International Federation for Information Processing","link":"https://csrc.nist.gov/glossary/term/international_federation_for_information_processing"}],"definitions":null},{"term":"IG","link":"https://csrc.nist.gov/glossary/term/ig","abbrSyn":[{"text":"Implementation Guidance","link":"https://csrc.nist.gov/glossary/term/implementation_guidance"},{"text":"Implementation Guide","link":"https://csrc.nist.gov/glossary/term/implementation_guide"},{"text":"Inspector General","link":"https://csrc.nist.gov/glossary/term/inspector_general"}],"definitions":null},{"term":"igamc","link":"https://csrc.nist.gov/glossary/term/igamc","abbrSyn":[{"text":"Incomplete Gamma Function","link":"https://csrc.nist.gov/glossary/term/incomplete_gamma_function"}],"definitions":[{"text":"The incomplete gamma function Q(a,x) is defined in Section 5.5.3.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"See the definition for igamc.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Incomplete Gamma Function "}]}]},{"term":"IGMP","link":"https://csrc.nist.gov/glossary/term/igmp","abbrSyn":[{"text":"Internet Group Management Protocol","link":"https://csrc.nist.gov/glossary/term/internet_group_management_protocol"}],"definitions":null},{"term":"IGP","link":"https://csrc.nist.gov/glossary/term/igp","abbrSyn":[{"text":"Interior Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/interior_gateway_protocol"},{"text":"Internal Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/internal_gateway_protocol"}],"definitions":null},{"term":"IHE","link":"https://csrc.nist.gov/glossary/term/ihe","abbrSyn":[{"text":"Integrating the Healthcare Enterprise","link":"https://csrc.nist.gov/glossary/term/integrating_the_healthcare_enterprise"}],"definitions":null},{"term":"IHSN","link":"https://csrc.nist.gov/glossary/term/ihsn","abbrSyn":[{"text":"International Household Survey Network","link":"https://csrc.nist.gov/glossary/term/international_household_survey_network"}],"definitions":null},{"term":"IIC","link":"https://csrc.nist.gov/glossary/term/iic","abbrSyn":[{"text":"Industrial Internet Consortium","link":"https://csrc.nist.gov/glossary/term/industrial_internet_consortium"},{"text":"Industrial Internet of Things Consortium","link":"https://csrc.nist.gov/glossary/term/iiot_consortium"},{"text":"Industry IoT Consortium","link":"https://csrc.nist.gov/glossary/term/industry_iot_consortium"}],"definitions":null},{"term":"IICS WG","link":"https://csrc.nist.gov/glossary/term/iics_wg","abbrSyn":[{"text":"Interagency International Cybersecurity Standardization Working Group","link":"https://csrc.nist.gov/glossary/term/interagency_international_cybersecurity_standardization_working_group"}],"definitions":null},{"term":"IICSWG","link":"https://csrc.nist.gov/glossary/term/iicswg","abbrSyn":[{"text":"Interagency International Cybersecurity Standardization Working Group","link":"https://csrc.nist.gov/glossary/term/interagency_international_cybersecurity_standardization_working_group"}],"definitions":null},{"term":"IID","link":"https://csrc.nist.gov/glossary/term/iid","abbrSyn":[{"text":"Independent and Identically Distributed","link":"https://csrc.nist.gov/glossary/term/independent_and_identically_distributed"}],"definitions":null},{"term":"IIF","link":"https://csrc.nist.gov/glossary/term/iif","abbrSyn":[{"text":"Information in Identifiable Form"}],"definitions":null},{"term":"IIHI","link":"https://csrc.nist.gov/glossary/term/iihi","abbrSyn":[{"text":"Individually Identifiable Health Information"}],"definitions":null},{"term":"IIoT","link":"https://csrc.nist.gov/glossary/term/iiot","abbrSyn":[{"text":"Industrial Internet of Things","link":"https://csrc.nist.gov/glossary/term/industrial_internet_of_things"}],"definitions":null},{"term":"IIP","link":"https://csrc.nist.gov/glossary/term/iip","abbrSyn":[{"text":"Internet Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/internet_infrastructure_protection"}],"definitions":null},{"term":"IIS","link":"https://csrc.nist.gov/glossary/term/iis","abbrSyn":[{"text":"Internet Information Server","link":"https://csrc.nist.gov/glossary/term/internet_information_server"},{"text":"Internet Information Services","link":"https://csrc.nist.gov/glossary/term/internet_information_services"}],"definitions":null},{"term":"IK","link":"https://csrc.nist.gov/glossary/term/ik","abbrSyn":[{"text":"Integrity Key","link":"https://csrc.nist.gov/glossary/term/integrity_key"}],"definitions":null},{"term":"IKE","link":"https://csrc.nist.gov/glossary/term/ike","abbrSyn":[{"text":"Internet Key Exchange","link":"https://csrc.nist.gov/glossary/term/internet_key_exchange"}],"definitions":null},{"term":"IKE version 1","link":"https://csrc.nist.gov/glossary/term/ike_version_1","abbrSyn":[{"text":"IKEv1"}],"definitions":null},{"term":"IKE version 2","link":"https://csrc.nist.gov/glossary/term/ike_version_2","abbrSyn":[{"text":"IKEv2"}],"definitions":null},{"term":"ILK","link":"https://csrc.nist.gov/glossary/term/ilk","abbrSyn":[{"text":"Intermediate Link Key","link":"https://csrc.nist.gov/glossary/term/intermediate_link_key"}],"definitions":null},{"term":"ILTK","link":"https://csrc.nist.gov/glossary/term/iltk","abbrSyn":[{"text":"Intermediate Long Term Key","link":"https://csrc.nist.gov/glossary/term/intermediate_long_term_key"}],"definitions":null},{"term":"IM","link":"https://csrc.nist.gov/glossary/term/im","abbrSyn":[{"text":"Identity Manager","link":"https://csrc.nist.gov/glossary/term/identity_manager"},{"text":"Instant Messaging"}],"definitions":[{"text":"a facility for exchanging messages in real-time with other people over the Internet and tracking the progress of the conversation.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Instant Messaging "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Instant Messaging "}]}]},{"term":"IMA","link":"https://csrc.nist.gov/glossary/term/ima","abbrSyn":[{"text":"Integrity Measurement Architecture","link":"https://csrc.nist.gov/glossary/term/integrity_measurement_architecture"}],"definitions":null},{"term":"Image","link":"https://csrc.nist.gov/glossary/term/image","definitions":[{"text":"An exact bit-stream copy of all electronic data on a device, performed in a manner that ensures the information is not altered.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"A file or directory that contains, at a minimum, the encapsulated components of a guest OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]},{"text":"A package that contains all the files required to run a container.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"Imaging","link":"https://csrc.nist.gov/glossary/term/imaging","definitions":[{"text":"The process used to obtain a bit by bit copy of data residing on the original electronic media; allows the investigator to review a duplicate of the original evidence while preserving that evidence","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"Computer Forensics DFAM","link":"https://www.justice.gov/sites/default/files/usao/legacy/2008/02/04/usab5601.pdf"}]}]}]},{"term":"IMAP","link":"https://csrc.nist.gov/glossary/term/imap","abbrSyn":[{"text":"Internet Message Access Protocol"},{"text":"Internet Message Access Protocol Mail Delivery Agent","link":"https://csrc.nist.gov/glossary/term/internet_message_access_protocol_mail_delivery_agent"}],"definitions":[{"text":"a method of communication used to read electronic mail stored in a remote server.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Internet Message Access Protocol "}]},{"text":"A method of communication used to read electronic messages stored in a remote server.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Internet Message Access Protocol "}]}]},{"term":"IMEI","link":"https://csrc.nist.gov/glossary/term/imei","abbrSyn":[{"text":"International Mobile Equipment Identifier","link":"https://csrc.nist.gov/glossary/term/international_mobile_equipment_identifier"},{"text":"International Mobile Equipment Identity"}],"definitions":[{"text":"a unique number programmed into GSM and UMTS mobile phones.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under International Mobile Equipment Identity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under International Mobile Equipment Identity "}]}]},{"term":"IMG","link":"https://csrc.nist.gov/glossary/term/img","abbrSyn":[{"text":"Identity Management and Governance","link":"https://csrc.nist.gov/glossary/term/identity_management_and_governance"}],"definitions":null},{"term":"I-MLWE","link":"https://csrc.nist.gov/glossary/term/i_mlwe","abbrSyn":[{"text":"Integer Module Learning With Errors","link":"https://csrc.nist.gov/glossary/term/integer_module_learning_with_errors"}],"definitions":null},{"term":"Immutable","link":"https://csrc.nist.gov/glossary/term/immutable","definitions":[{"text":"Data that can only be written, not modified or deleted.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"IMO","link":"https://csrc.nist.gov/glossary/term/imo","abbrSyn":[{"text":"International Maritime Organization","link":"https://csrc.nist.gov/glossary/term/international_maritime_organization"}],"definitions":null},{"term":"impact level","link":"https://csrc.nist.gov/glossary/term/impact_level","abbrSyn":[{"text":"impact value","link":"https://csrc.nist.gov/glossary/term/impact_value"}],"definitions":[{"text":"The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of an information type, expressed as a value of low, moderate, or high.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under impact value ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Impact Level ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate or high.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"Refers to the three broadly defined impact-levels in [FIPS 200] that categorize the impact of a security breach as Low, Moderate or High.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Impact-level "}]},{"text":"High, Moderate, or Low security categories of an information system established in FIPS 199 which classify the intensity of a potential impact that may occur if the information system is jeopardized.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Impact Level "}]},{"text":"See impact value.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate, or high.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under impact value ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The assessed potential impact resulting from a compromise of the confidentiality of information (e.g., CUI) expressed as a value of low, moderate, or high.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under impact value "}]}]},{"term":"impact value","link":"https://csrc.nist.gov/glossary/term/impact_value","abbrSyn":[{"text":"impact level","link":"https://csrc.nist.gov/glossary/term/impact_level"}],"definitions":[{"text":"The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of an information type, expressed as a value of low, moderate, or high.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Impact Value ","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under impact level ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate or high.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate or high.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Impact Value "}]},{"text":"See impact value.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under impact level "}]},{"text":"The assessed worst-case potential impact that could result from a compromise of the confidentiality, integrity, or availability of information expressed as a value of low, moderate, or high.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The assessed potential impact resulting from a compromise of the confidentiality of information (e.g., CUI) expressed as a value of low, moderate, or high.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}]},{"term":"implant","link":"https://csrc.nist.gov/glossary/term/implant","definitions":[{"text":"Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Implementation","link":"https://csrc.nist.gov/glossary/term/implementation","definitions":[{"text":"An implementation of an RBG is a cryptographic device or portion of a cryptographic device that is the physical embodiment of the RBG design, for example, some code running on a computing platform.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Implementation Guidance","link":"https://csrc.nist.gov/glossary/term/implementation_guidance","abbrSyn":[{"text":"IG","link":"https://csrc.nist.gov/glossary/term/ig"}],"definitions":null},{"term":"Implementation Guide","link":"https://csrc.nist.gov/glossary/term/implementation_guide","abbrSyn":[{"text":"IG","link":"https://csrc.nist.gov/glossary/term/ig"}],"definitions":null},{"term":"Implementation Testing for Validation","link":"https://csrc.nist.gov/glossary/term/implementation_testing_for_validation","definitions":[{"text":"Testing by an independent and accredited party to ensure that an implementation of this Recommendation conforms to the specifications of this Recommendation.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Implementation Tier","link":"https://csrc.nist.gov/glossary/term/implementation_tier","definitions":[{"text":"Provides a point of reference on how an organization views privacy risk and whether it has sufficient processes and resources in place to manage that risk.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Implementation Under Test","link":"https://csrc.nist.gov/glossary/term/implementation_under_test","abbrSyn":[{"text":"IUT","link":"https://csrc.nist.gov/glossary/term/iut"}],"definitions":[{"text":"Implementation Under Test","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under IUT "}]}]},{"term":"Import","link":"https://csrc.nist.gov/glossary/term/import","definitions":[{"text":"A process available to end users by which an SCAP source data stream can be loaded into the vendor’s product. During this process, the vendor process may optionally translate this file into a proprietary format.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"IMS","link":"https://csrc.nist.gov/glossary/term/ims","abbrSyn":[{"text":"IP Multimedia Subsystem","link":"https://csrc.nist.gov/glossary/term/ip_multimedia_subsystem"}],"definitions":null},{"term":"IMSI","link":"https://csrc.nist.gov/glossary/term/imsi","abbrSyn":[{"text":"International Mobile Subscriber Identity"}],"definitions":[{"text":"a unique number associated with every GSM mobile phone user.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under International Mobile Subscriber Identity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under International Mobile Subscriber Identity "}]}]},{"term":"IMU","link":"https://csrc.nist.gov/glossary/term/imu","abbrSyn":[{"text":"Inertial Measurement Units","link":"https://csrc.nist.gov/glossary/term/inertial_measurement_units"}],"definitions":null},{"term":"IN","link":"https://csrc.nist.gov/glossary/term/in_acronym","abbrSyn":[{"text":"internet","link":"https://csrc.nist.gov/glossary/term/internet"}],"definitions":[{"text":"The single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB) and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under internet ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"The single interconnected world-wide system of commercial, government, educational, and other computer networks that share the set of protocols specified by the Internet Architecture Board (IAB) and the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under internet ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under internet ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]}]},{"term":"inadvertent disclosure","link":"https://csrc.nist.gov/glossary/term/inadvertent_disclosure","definitions":[{"text":"Type of incident involving accidental exposure of information to an individual not authorized access.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Incentive Mechanism","link":"https://csrc.nist.gov/glossary/term/incentive_mechanism","abbrSyn":[{"text":"Reward system","link":"https://csrc.nist.gov/glossary/term/reward_system"}],"definitions":[{"text":"See Incentive Mechanism","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Reward system ","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"text":"See Reward system","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Incentive mechanism "}]},{"text":"A means of providing blockchain network users an award for activities within the blockchain network (typically used as a system to reward successful publishing of blocks). Also known as incentive systems.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Reward system "}]}]},{"term":"incident","link":"https://csrc.nist.gov/glossary/term/incident","abbrSyn":[{"text":"computer security incident"},{"text":"Computer Security Incident","link":"https://csrc.nist.gov/glossary/term/computer_security_incident"},{"text":"cyber incident","link":"https://csrc.nist.gov/glossary/term/cyber_incident"},{"text":"cyberspace incident"},{"text":"security incident","link":"https://csrc.nist.gov/glossary/term/security_incident"},{"text":"Security Incident"}],"definitions":[{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INCIDENT "},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"},{"text":"NIST Cybersecurity Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.02122014"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. See cyber incident. See also event, security-relevant, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein. See incident. See also event, security-relevant event, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cyber incident "}]},{"text":"See “incident.”","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Computer Security Incident "}]},{"text":"A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident "}]},{"text":"See incident.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under computer security incident ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security incident ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Incident "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Incident "}]},{"text":"Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under cyber incident ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under cyber incident ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of a system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of a project, product, service, or system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}],"seeAlso":[{"text":"cyber incident","link":"cyber_incident"},{"text":"event","link":"event"},{"text":"intrusion","link":"intrusion"},{"text":"security-relevant event","link":"security_relevant_event"}]},{"term":"incident handling","link":"https://csrc.nist.gov/glossary/term/incident_handling","abbrSyn":[{"text":"incident response","link":"https://csrc.nist.gov/glossary/term/incident_response"},{"text":"Incident Response"}],"definitions":[{"text":"The mitigation of violations of security policies and recommended practices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]},{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident Handling "}]},{"text":"See incident handling.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident response "}]},{"text":"An IT security incident is an adverse event in a computer system or network caused by the failure of a security mechanism or an attempted or threatened breach of these mechanisms","sources":[{"text":"NIST SP 800-35","link":"https://doi.org/10.6028/NIST.SP.800-35","underTerm":" under Incident Handling "}]},{"text":"See “incident handling.”","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident Response "}]}]},{"term":"Incident Object Description Exchange Format","link":"https://csrc.nist.gov/glossary/term/incident_object_description_exchange_format","abbrSyn":[{"text":"IODEF","link":"https://csrc.nist.gov/glossary/term/iodef"}],"definitions":null},{"term":"incident response","link":"https://csrc.nist.gov/glossary/term/incident_response","abbrSyn":[{"text":"incident handling","link":"https://csrc.nist.gov/glossary/term/incident_handling"},{"text":"IR","link":"https://csrc.nist.gov/glossary/term/ir"}],"definitions":[{"text":"The mitigation of violations of security policies and recommended practices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident handling ","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]}]},{"text":"See incident handling.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See “incident handling.”","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident Response "}]}]},{"term":"incident response plan","link":"https://csrc.nist.gov/glossary/term/incident_response_plan","abbrSyn":[{"text":"IRP","link":"https://csrc.nist.gov/glossary/term/irp"}],"definitions":[{"text":"The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems(s).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"text":"The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s).","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Incident Response Plan "}]}]},{"term":"Incineration","link":"https://csrc.nist.gov/glossary/term/incineration","definitions":[{"text":"A physically Destructive method of sanitizing media; the act of burning completely to ashes.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"INCITS","link":"https://csrc.nist.gov/glossary/term/incits","abbrSyn":[{"text":"International Committee for Information Technology Standards"},{"text":"InterNational Committee for Information Technology Standards","link":"https://csrc.nist.gov/glossary/term/international_committee_for_information_technology_standards"}],"definitions":null},{"term":"Incomplete Gamma Function","link":"https://csrc.nist.gov/glossary/term/incomplete_gamma_function","abbrSyn":[{"text":"igamc","link":"https://csrc.nist.gov/glossary/term/igamc"}],"definitions":[{"text":"The incomplete gamma function Q(a,x) is defined in Section 5.5.3.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under igamc "}]},{"text":"See the definition for igamc.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"INCOSE","link":"https://csrc.nist.gov/glossary/term/incose","abbrSyn":[{"text":"International Council on Systems Engineering","link":"https://csrc.nist.gov/glossary/term/international_council_on_systems_engineering"}],"definitions":null},{"term":"Incremental testing","link":"https://csrc.nist.gov/glossary/term/incremental_testing","definitions":[{"text":"Testing a system or device to determine that minor changes have not affected its security and intended functionality.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Inculpatory Evidence","link":"https://csrc.nist.gov/glossary/term/inculpatory_evidence","definitions":[{"text":"Evidence that tends to increase the likelihood of fault or guilt.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"IND-CCA","link":"https://csrc.nist.gov/glossary/term/ind_cca","abbrSyn":[{"text":"Indistinguishability security under the Chosen Ciphertext Attack"},{"text":"Indistinguishability under Chosen-Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_chosen_ciphertext_attack"}],"definitions":null},{"term":"IND-CCA2","link":"https://csrc.nist.gov/glossary/term/ind_cca2","abbrSyn":[{"text":"Indistinguishability under Adaptive Chosen-Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_adaptive_chosen_ciphertext_attack"}],"definitions":null},{"term":"IND-CPA","link":"https://csrc.nist.gov/glossary/term/ind_cpa","abbrSyn":[{"text":"Indistinguishability security under the Chosen Plaintext Attack"},{"text":"Indistinguishability under Chosen-Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_chosen_plaintext_attack"}],"definitions":null},{"term":"Indefinite Delivery/Indefinite Quantity","link":"https://csrc.nist.gov/glossary/term/indefinite_delivery_indefinite_quantity","abbrSyn":[{"text":"IDIQ","link":"https://csrc.nist.gov/glossary/term/idiq"}],"definitions":null},{"term":"Independent and Identically Distributed","link":"https://csrc.nist.gov/glossary/term/independent_and_identically_distributed","abbrSyn":[{"text":"IID","link":"https://csrc.nist.gov/glossary/term/iid"}],"definitions":[{"text":"A quality of a sequence of random variables for which each element of the sequence has the same probability distribution as the other values, and all values are mutually independent.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Independent and Identically Distributed (IID) "}]}]},{"term":"Independent Basic Service Set","link":"https://csrc.nist.gov/glossary/term/independent_basic_service_set","abbrSyn":[{"text":"IBSS","link":"https://csrc.nist.gov/glossary/term/ibss"}],"definitions":null},{"term":"Independent Qualified Reviewer","link":"https://csrc.nist.gov/glossary/term/independent_qualified_reviewer","definitions":[{"text":"A Reviewer tasked by NIST with making a recommendation to NIST regarding public review or listing of the checklist.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Reviewer tasked by NIST to make a recommendation about a checklist.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Independent Regulatory Agency","link":"https://csrc.nist.gov/glossary/term/independent_regulatory_agency","definitions":[{"text":"The term 'independent regulatory agency' means the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Consumer Product Safety Commission, the Federal Communications Commission, the Federal Deposit Insurance Corporation, the Federal Energy Regulatory Commission, the Federal Housing Finance Board, the Federal Maritime Commission, the Federal Trade Commission, the Interstate Commerce Commission, the Mine Enforcement Safety and Health Review Commission, the National Labor Relations Board, the Nuclear Regulatory Commission, the Occupational Safety and Health Review Commission, the Postal Rate Commission, the Securities and Exchange Commission, and any other similar agency designated by statute as a Federal independent regulatory agency or commission.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","refSources":[{"text":"44 U.S.C., Sec. 3502 (5)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"The Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Consumer Product Safety Commission, the Federal Communications Commission, the Federal Deposit Insurance Corporation, the Federal Energy Regulatory Commission, the Federal Housing Finance Board, the Federal Maritime Commission, the Federal Trade Commission, the Interstate Commerce Commission, the Mine Enforcement Safety and Health Review Commission, the National Labor Relations Board, the Nuclear Regulatory Commission, the Occupational Safety and Health Review Commission, the Postal Rate Commission, the Securities and Exchange Commission, and any other similar agency designated by statute as a Federal independent regulatory agency or commission.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"independent validation authority (IVA)","link":"https://csrc.nist.gov/glossary/term/independent_validation_authority","abbrSyn":[{"text":"IVA","link":"https://csrc.nist.gov/glossary/term/iva"}],"definitions":[{"text":"Entity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the authorizing official as needed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"independent verification & validation (IV&V)","link":"https://csrc.nist.gov/glossary/term/independent_verification_and_validation","abbrSyn":[{"text":"IV&V","link":"https://csrc.nist.gov/glossary/term/ivandv"}],"definitions":[{"text":"A comprehensive review, analysis, and testing, (software and/or hardware) performed by an objective third party to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the required functionality and security requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under independent verification and validation ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Verification and validation (V&V) performed by an organization that is technically, managerially, and financially independent of the development organization.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under independent verification and validation ","refSources":[{"text":"IEEE 610.12"}]}]}]},{"term":"Indications and Warnings","link":"https://csrc.nist.gov/glossary/term/indications_and_warnings","abbrSyn":[{"text":"I&W","link":"https://csrc.nist.gov/glossary/term/iandw"}],"definitions":null},{"term":"indicator","link":"https://csrc.nist.gov/glossary/term/indicator","definitions":[{"text":"Recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A technical artifact or observable that suggests an attack is imminent or is currently underway, or that a compromise may have already occurred.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Indicator "}]},{"text":"A sign that an incident may have occurred or may be currently occurring.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Indicator "}]}],"seeAlso":[{"text":"precursor","link":"precursor"}]},{"term":"Indicator of Compromise","link":"https://csrc.nist.gov/glossary/term/indicator_of_compromise","abbrSyn":[{"text":"IoC","link":"https://csrc.nist.gov/glossary/term/ioc"},{"text":"IOC"}],"definitions":null},{"term":"indirect identifier","link":"https://csrc.nist.gov/glossary/term/indirect_identifier","definitions":[{"text":"information that can be used to identify an individual through association with other information","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Indistinguishability under Adaptive Chosen-Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_adaptive_chosen_ciphertext_attack","abbrSyn":[{"text":"IND-CCA2","link":"https://csrc.nist.gov/glossary/term/ind_cca2"}],"definitions":null},{"term":"Indistinguishability under Chosen-Ciphertext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_chosen_ciphertext_attack","abbrSyn":[{"text":"IND-CCA","link":"https://csrc.nist.gov/glossary/term/ind_cca"}],"definitions":null},{"term":"Indistinguishability under Chosen-Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/indistinguishability_under_chosen_plaintext_attack","abbrSyn":[{"text":"IND-CPA","link":"https://csrc.nist.gov/glossary/term/ind_cpa"}],"definitions":null},{"term":"Individual","link":"https://csrc.nist.gov/glossary/term/individual","definitions":[{"text":"A citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and E-Government Act to businesses, sole proprietors, aliens, etc.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]},{"text":"A single person or a group of persons, including at a societal level.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"individual accountability","link":"https://csrc.nist.gov/glossary/term/individual_accountability","definitions":[{"text":"Ability to associate positively the identity of a user with the time, method, and degree of access to an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Individual Privacy","link":"https://csrc.nist.gov/glossary/term/individual_privacy","abbrSyn":[{"text":"IP","link":"https://csrc.nist.gov/glossary/term/ip"}],"definitions":null},{"term":"individuals","link":"https://csrc.nist.gov/glossary/term/individuals","definitions":[{"text":"An assessment object that includes people applying specifications, mechanisms, or activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Individuals ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Individuals "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Individuals "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"Industrial Automation and Control System","link":"https://csrc.nist.gov/glossary/term/industrial_automation_and_control_system","abbrSyn":[{"text":"IACS","link":"https://csrc.nist.gov/glossary/term/iacs"}],"definitions":null},{"term":"Industrial Automation and Control Systems","link":"https://csrc.nist.gov/glossary/term/industrial_automation_and_control_systems","abbrSyn":[{"text":"IACS","link":"https://csrc.nist.gov/glossary/term/iacs"}],"definitions":null},{"term":"industrial control system (ICS)","link":"https://csrc.nist.gov/glossary/term/industrial_control_system","abbrSyn":[{"text":"ICS","link":"https://csrc.nist.gov/glossary/term/ics"}],"definitions":[{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Industrial Control Systems ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition systems used to control geographically dispersed assets, as well as distributed control systems and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Industrial Control System ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Industrial Control System "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations that are often found in the industrial sectors and critical infrastructures, such as programmable logic controllers (PLC). An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-82 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-82r1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under industrial control system ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under industrial control system "}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Industrial Control System (ICS) "}]},{"text":"An information system used to control industrial processes such as manufacturing, product handling, production, and distribution.  Industrial control systems include supervisory control and data acquisition (SCADA) systems used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Industrial Control System "}]},{"text":"General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC) found in the industrial sectors and critical infrastructures. An industrial control system consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under industrial control system ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"a general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Industrial Control System ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]}]},{"term":"Industrial Control System Joint Working Group","link":"https://csrc.nist.gov/glossary/term/industrial_control_system_joint_working_group","abbrSyn":[{"text":"ICSJWG","link":"https://csrc.nist.gov/glossary/term/icsjwg"}],"definitions":null},{"term":"Industrial Internet Consortium","link":"https://csrc.nist.gov/glossary/term/industrial_internet_consortium","abbrSyn":[{"text":"IIC","link":"https://csrc.nist.gov/glossary/term/iic"}],"definitions":null},{"term":"Industrial Internet of Things","link":"https://csrc.nist.gov/glossary/term/industrial_internet_of_things","abbrSyn":[{"text":"IIoT","link":"https://csrc.nist.gov/glossary/term/iiot"}],"definitions":[{"text":"The sensors, instruments, machines, and other devices that are networked together and use Internet connectivity to enhance industrial and manufacturing business processes and applications.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under industrial internet of things "}]}]},{"term":"Industrial Internet of Things Consortium","link":"https://csrc.nist.gov/glossary/term/iiot_consortium","abbrSyn":[{"text":"IIC","link":"https://csrc.nist.gov/glossary/term/iic"}],"definitions":null},{"term":"Industrial Personal Computer","link":"https://csrc.nist.gov/glossary/term/industrial_personal_computer","abbrSyn":[{"text":"IPC","link":"https://csrc.nist.gov/glossary/term/ipc"}],"definitions":null},{"term":"Industrial Security","link":"https://csrc.nist.gov/glossary/term/industrial_security","definitions":[{"text":"The portion of internal security that refers to the protection of industrial installations, resources, utilities, materials, and classified information essential to protect from loss or damage.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"NISPOM","link":"https://www.govinfo.gov/app/details/CFR-2014-title32-vol1/CFR-2014-title32-vol1-part117","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"DoD 5220.22-M","link":"https://www.esd.whs.mil/Directives/issuances/dodm/","note":" - Adapted"}]}]}]},{"term":"Industrial, Scientific, and Medical","link":"https://csrc.nist.gov/glossary/term/industrial_scientific_and_medical","abbrSyn":[{"text":"ISM","link":"https://csrc.nist.gov/glossary/term/ism"}],"definitions":null},{"term":"Industry IoT Consortium","link":"https://csrc.nist.gov/glossary/term/industry_iot_consortium","abbrSyn":[{"text":"IIC","link":"https://csrc.nist.gov/glossary/term/iic"}],"definitions":null},{"term":"Inertial Measurement Units","link":"https://csrc.nist.gov/glossary/term/inertial_measurement_units","abbrSyn":[{"text":"IMU","link":"https://csrc.nist.gov/glossary/term/imu"}],"definitions":null},{"term":"Inertial Navigation Systems","link":"https://csrc.nist.gov/glossary/term/inertial_navigation_systems","abbrSyn":[{"text":"INS","link":"https://csrc.nist.gov/glossary/term/ins"}],"definitions":null},{"term":"Information Access Division","link":"https://csrc.nist.gov/glossary/term/information_access_division","abbrSyn":[{"text":"IAD","link":"https://csrc.nist.gov/glossary/term/iad"}],"definitions":null},{"term":"information and communications technology (ICT)","link":"https://csrc.nist.gov/glossary/term/information_and_communications_technology","abbrSyn":[{"text":"ICT","link":"https://csrc.nist.gov/glossary/term/ict"}],"definitions":[{"text":"Encompasses the capture, storage, retrieval, processing, display, representation, presentation, organization, management, security, transfer, and interchange of data and information.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Information and Communications Technology ","refSources":[{"text":"ISO/IEC 2382:2015","note":" - adapted"}]}]},{"text":"Encompasses the capture, storage, retrieval, processing, display, representation, presentation, organization, management, security, transfer, and interchange of data and information.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Information and Communications Technology (ICT) ","refSources":[{"text":"ISO/IEC 2382","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Information and Communications Technologies ","refSources":[{"text":"ANSDIT","link":"https://www.incits.org/html/ext/ANSDIT/Ansdit.htm","note":" - Adapted"}]}]},{"text":"Includes all categories of ubiquitous technology used for the gathering, storing, transmitting, retrieving, or processing of information (e.g., microelectronics, printed circuit boards, computing systems, software, signal processors, mobile telephony, satellite communications, and networks).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.44","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"encompasses all technologies for the capture, storage, retrieval, processing, display, representation, organization, management, security, transfer, and interchange of data and information.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Information and Communications Technologies "}]}]},{"term":"Information and Communications Technology Risk Management","link":"https://csrc.nist.gov/glossary/term/information_and_communications_technology_risk_management","abbrSyn":[{"text":"ICTRM","link":"https://csrc.nist.gov/glossary/term/ictrm"}],"definitions":null},{"term":"Information and Communications Technology Risk Outcomes Framework","link":"https://csrc.nist.gov/glossary/term/ict_risk_outcomes_framework","abbrSyn":[{"text":"ICT ROF","link":"https://csrc.nist.gov/glossary/term/ict_rof"}],"definitions":null},{"term":"Information and Technology","link":"https://csrc.nist.gov/glossary/term/information_and_technology","abbrSyn":[{"text":"I&T","link":"https://csrc.nist.gov/glossary/term/i_and_t"}],"definitions":null},{"term":"Information Assessment Methodology","link":"https://csrc.nist.gov/glossary/term/information_assessment_methodology","abbrSyn":[{"text":"IAM","link":"https://csrc.nist.gov/glossary/term/iam"}],"definitions":null},{"term":"information assurance (IA)","link":"https://csrc.nist.gov/glossary/term/information_assurance","abbrSyn":[{"text":"IA","link":"https://csrc.nist.gov/glossary/term/ia"}],"definitions":[{"text":"Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Information Assurance (IA) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009-2010"}]}]},{"text":"Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Assurance ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"information systems security (INFOSEC)","link":"information_systems_security"},{"text":"virtual private network (VPN)","link":"virtual_private_network"}]},{"term":"information assurance (IA) professional","link":"https://csrc.nist.gov/glossary/term/information_assurance_professional","note":"(C.F.D.)","definitions":[{"text":"Individual who works IA issues and has real world experience plus appropriate IA training and education commensurate with their level of IA responsibility. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms. \nRationale: Term is self-describing and generic.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information assurance component (IAC)","link":"https://csrc.nist.gov/glossary/term/information_assurance_component","abbrSyn":[{"text":"IAC","link":"https://csrc.nist.gov/glossary/term/iac"}],"definitions":[{"text":"An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Information Assurance Manager","link":"https://csrc.nist.gov/glossary/term/information_assurance_manager","abbrSyn":[{"text":"IAM","link":"https://csrc.nist.gov/glossary/term/iam"}],"definitions":[{"text":"See information systems security manager (ISSM). ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information assurance manager "}]}],"seeAlso":[{"text":"information systems security manager (ISSM)","link":"information_systems_security_manager"}]},{"term":"Information Assurance Officer","link":"https://csrc.nist.gov/glossary/term/information_assurance_officer","abbrSyn":[{"text":"IAO","link":"https://csrc.nist.gov/glossary/term/iao"}],"definitions":[{"text":"See information systems security officer (ISSO). \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms. \nRationale: Term is deprecated in favor of ISSO.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information assurance officer (IAO) "}]}],"seeAlso":[{"text":"information systems security officer (ISSO)"}]},{"term":"Information Assurance Technical Framework","link":"https://csrc.nist.gov/glossary/term/information_assurance_technical_framework","abbrSyn":[{"text":"IATF","link":"https://csrc.nist.gov/glossary/term/iatf"}],"definitions":null},{"term":"Information Assurance Technology Analysis Center","link":"https://csrc.nist.gov/glossary/term/information_assurance_technology_analysis_center","abbrSyn":[{"text":"IATAC","link":"https://csrc.nist.gov/glossary/term/iatac"}],"definitions":null},{"term":"information assurance vulnerability alert (IAVA)","link":"https://csrc.nist.gov/glossary/term/information_assurance_vulnerability_alert","abbrSyn":[{"text":"IAVA","link":"https://csrc.nist.gov/glossary/term/iava"}],"definitions":[{"text":"Notification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective action because of the severity of the vulnerability risk. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information assurance vulnerability bulletin (IAVB)","link":"https://csrc.nist.gov/glossary/term/information_assurance_vulnerability_bulletin","abbrSyn":[{"text":"IAVB","link":"https://csrc.nist.gov/glossary/term/iavb"}],"definitions":[{"text":"Addresses new vulnerabilities that do not pose an immediate risk to DoD systems, but are significant enough that noncompliance with the corrective action could escalate the risk. \nNote: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"SECNAV M-5239.1","link":"https://www.secnav.navy.mil/doni/SECNAV%20Manuals1/5239.1.pdf","note":" - Adapted"}]}]}]},{"term":"Information Assurance Workforce System Architecture","link":"https://csrc.nist.gov/glossary/term/information_assurance_workforce_system_architecture","abbrSyn":[{"text":"IASAE","link":"https://csrc.nist.gov/glossary/term/iasae"}],"definitions":null},{"term":"Information Centric Analytics","link":"https://csrc.nist.gov/glossary/term/information_centric_analytics","abbrSyn":[{"text":"ICA","link":"https://csrc.nist.gov/glossary/term/ica"}],"definitions":null},{"term":"Information Design Assurance Red Team","link":"https://csrc.nist.gov/glossary/term/information_design_assurance_red_team","abbrSyn":[{"text":"IDART","link":"https://csrc.nist.gov/glossary/term/idart"}],"definitions":null},{"term":"information domain","link":"https://csrc.nist.gov/glossary/term/information_domain","definitions":[{"text":"A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information environment","link":"https://csrc.nist.gov/glossary/term/information_environment","definitions":[{"text":"The aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"JP 3-13","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/3-0-Operations-Series/"}]}]}]},{"term":"information exchange","link":"https://csrc.nist.gov/glossary/term/information_exchange","definitions":[{"text":"Access to or the transfer of data outside of system authorization boundaries in order to accomplish a mission or business function.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"information exchange agreement","link":"https://csrc.nist.gov/glossary/term/information_exchange_agreement","abbrSyn":[{"text":"IEA","link":"https://csrc.nist.gov/glossary/term/iea"}],"definitions":[{"text":"A document specifying protection requirements and responsibilities for information being exchanged outside of system authorization boundaries. Similar to the interconnection security agreement but does not include technical details associated with an interconnection.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"information flow control","link":"https://csrc.nist.gov/glossary/term/information_flow_control","definitions":[{"text":"Procedure to ensure that information transfers within a system do not violate the security policy.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Procedure to ensure that information transfers within an information system are not made in violation of the security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Procedure to ensure that information transfers within a system are not made in violation of the security policy.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"Controls to ensure that information transfers within a system or organization are not made in violation of the security policy.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}],"seeAlso":[{"text":"data flow control","link":"data_flow_control"}]},{"term":"information item","link":"https://csrc.nist.gov/glossary/term/information_item","definitions":[{"text":"Separately identifiable body of information that is produced, stored, and delivered for human use.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE DIS 24748-6","link":"https://www.iso.org/standard/81563.html"}]}]}]},{"term":"information leakage","link":"https://csrc.nist.gov/glossary/term/information_leakage","definitions":[{"text":"The intentional or unintentional release of information to an untrusted environment.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Leakage ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"information life cycle","link":"https://csrc.nist.gov/glossary/term/information_life_cycle","definitions":[{"text":"The stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage, and disposition, to include destruction and deletion.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"information management","link":"https://csrc.nist.gov/glossary/term/information_management","definitions":[{"text":"The planning, budgeting, manipulating, and controlling of information throughout its life cycle.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Information Management Policy","link":"https://csrc.nist.gov/glossary/term/information_management_policy","definitions":[{"text":"The high-level policy of an organization that specifies what information is to be collected or created, and how it is to be managed.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"information object","link":"https://csrc.nist.gov/glossary/term/information_object","definitions":[{"text":"A well-defined piece of information, definition, or specification that requires a name to identify its use in an instance of communication.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","refSources":[{"text":"ISO/IEC 8824"}]}]}]},{"term":"information operations (IO)","link":"https://csrc.nist.gov/glossary/term/information_operations","abbrSyn":[{"text":"IO","link":"https://csrc.nist.gov/glossary/term/io"}],"definitions":[{"text":"The integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own. Also called IO.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-13","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"information owner","link":"https://csrc.nist.gov/glossary/term/information_owner","definitions":[{"text":"Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION OWNER ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Owner ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009-2010"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Owner ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, and disposal. See information steward. \nNote: Information steward is a related term, but it is not identical to information owner.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}],"seeAlso":[{"text":"Information steward"},{"text":"Information Steward"}]},{"term":"Information Relevant to Cybersecurity","link":"https://csrc.nist.gov/glossary/term/information_relevant_to_cybersecurity","definitions":[{"text":"Information describing use of, assumptions, risks, vulnerabilities, assessments, and/or mitigations related to the IoT product, its components, and data.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"Information Resource Management","link":"https://csrc.nist.gov/glossary/term/information_resource_management","abbrSyn":[{"text":"IRM","link":"https://csrc.nist.gov/glossary/term/irm"}],"definitions":null},{"term":"information resources","link":"https://csrc.nist.gov/glossary/term/information_resources","definitions":[{"text":"Information and related resources, such as personnel, equipment, funds, and information technology.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION RESOURCES ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"The term 'information resources' means information and related resources, such as personnel, equipment, funds, and information technology.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Resources ","refSources":[{"text":"44 U.S.C., Sec. 3502 (6)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]}]},{"term":"information resources management (IRM)","link":"https://csrc.nist.gov/glossary/term/information_resources_management","abbrSyn":[{"text":"IRM","link":"https://csrc.nist.gov/glossary/term/irm"}],"definitions":[{"text":"The planning, budgeting, organizing, directing, training, controlling, and management activities associated with the burden, collection, creation, use, and dissemination of information by agencies.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information security","link":"https://csrc.nist.gov/glossary/term/information_security","abbrSyn":[{"text":"INFOSEC","link":"https://csrc.nist.gov/glossary/term/infosec"},{"text":"IS","link":"https://csrc.nist.gov/glossary/term/is"}],"definitions":[{"text":"

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—

(A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity;

(B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and

(C) availability, which means ensuring timely and reliable access to and use of information.

","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION SECURITY ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3541","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3541"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"The term 'information security' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(1)","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"The protection of information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]}]},{"term":"Information Security and Privacy Advisory Board","link":"https://csrc.nist.gov/glossary/term/information_security_and_privacy_advisory_board","abbrSyn":[{"text":"ISPAB","link":"https://csrc.nist.gov/glossary/term/ispab"}],"definitions":null},{"term":"information security architect","link":"https://csrc.nist.gov/glossary/term/information_security_architect","definitions":[{"text":"Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Architect ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security Architect "}]}]},{"term":"information security architecture","link":"https://csrc.nist.gov/glossary/term/information_security_architecture","definitions":[{"text":"A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security Architecture ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Architecture "}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior of the enterprise security processes, security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans. See security architecture.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security Architecture "}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior of the enterprise security processes, security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"information security continuous monitoring (ISCM)","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring","abbrSyn":[{"text":"automated security monitoring","link":"https://csrc.nist.gov/glossary/term/automated_security_monitoring"},{"text":"ISCM","link":"https://csrc.nist.gov/glossary/term/iscm"},{"text":"ISO","link":"https://csrc.nist.gov/glossary/term/iso"},{"text":"ongoing assessment and authorization","link":"https://csrc.nist.gov/glossary/term/ongoing_assessment_and_authorization"},{"text":"ongoing authorization"}],"definitions":[{"text":"Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. \nNote: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information. \nSee organizational information security continuous monitoring and automated security monitoring.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under automated security monitoring "}]},{"text":"See information security continuous monitoring (ISCM).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under ongoing assessment and authorization "},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under ongoing authorization "}]},{"text":"Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. \n[Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Continuous Monitoring (ISCM) "}]}],"seeAlso":[{"text":"automated security monitoring","link":"automated_security_monitoring"},{"text":"continuous monitoring","link":"continuous_monitoring"},{"text":"Continuous Monitoring"},{"text":"organizational information security continuous monitoring"}]},{"term":"information security continuous monitoring (ISCM) process","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_process","definitions":[{"text":"A process to: \n• Define an ISCM strategy; \n• Establish an ISCM program; \n• Implement an ISCM program; \n• Analyze data and Report findings; \n• Respond to findings; and \n• Review and Update the ISCM strategy and program.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Continuous Monitoring (ISCM) Process "}]}]},{"term":"information security continuous monitoring (ISCM) program","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_program","definitions":[{"text":"A program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"A program established to collect information in accordance with preestablished metrics, utilizing information readily available in part through implemented security controls.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Continuous Monitoring (ISCM) Program "}]},{"text":"A program established to collect information in accordance with organizational strategy, policies, procedures, and pre-established metrics, utilizing readily available information in part through implemented security controls.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]}]},{"term":"information security continuous monitoring (ISCM) strategy","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_iscm_strategy","definitions":[{"text":"A strategy that establishes an ISCM program.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"Information Security Continuous Monitoring Target Network","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_target_network","abbrSyn":[{"text":"ISCM-TN","link":"https://csrc.nist.gov/glossary/term/iscm_tn"}],"definitions":null},{"term":"Information Security Management Systems","link":"https://csrc.nist.gov/glossary/term/information_security_management_systems","abbrSyn":[{"text":"ISMS","link":"https://csrc.nist.gov/glossary/term/isms"}],"definitions":null},{"term":"Information Security Marketing","link":"https://csrc.nist.gov/glossary/term/information_security_marketing","abbrSyn":[{"text":"ISM","link":"https://csrc.nist.gov/glossary/term/ism"}],"definitions":null},{"term":"information security officer","link":"https://csrc.nist.gov/glossary/term/information_security_officer","abbrSyn":[{"text":"ISO","link":"https://csrc.nist.gov/glossary/term/iso"}],"definitions":[{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]}]},{"term":"Information Security Oversight Office","link":"https://csrc.nist.gov/glossary/term/information_security_oversight_office","abbrSyn":[{"text":"ISOO","link":"https://csrc.nist.gov/glossary/term/isoo"}],"definitions":null},{"term":"information security policy","link":"https://csrc.nist.gov/glossary/term/information_security_policy","definitions":[{"text":"Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Security Policy ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Security Policy ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Security Policy ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security Policy ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Policy ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Aggregate of directives, regulations, and rules that prescribe how an organization manages, protects, and distributes information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A high-level policy of an organization that is created to support and enforce portions of the organization’s Information Management Policy by specifying in more detail what information is to be protected from anticipated threats and how that protection is to be attained.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Information Security Policy "}]}]},{"term":"information security program plan","link":"https://csrc.nist.gov/glossary/term/information_security_program_plan","definitions":[{"text":"Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Program Plan ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security Program Plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security Program Plan "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security Program Plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Program Plan "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Security Program Plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Information Security Program Plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Information Security Program Plan ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"security plan","link":"security_plan"},{"text":"Security Plan"}]},{"term":"information security risk","link":"https://csrc.nist.gov/glossary/term/information_security_risk","definitions":[{"text":"The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and /or information systems. See Risk.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Risk ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or a system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Security Risk ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Risk "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security Risk "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information Security Risk ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information Security Risk ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security Risk "}]}],"seeAlso":[{"text":"Risk"},{"text":"risk","link":"risk"},{"text":"Risk"}]},{"term":"Information Security Risk Management","link":"https://csrc.nist.gov/glossary/term/information_security_risk_management","abbrSyn":[{"text":"ISRM","link":"https://csrc.nist.gov/glossary/term/isrm"}],"definitions":null},{"term":"Information Security Testing","link":"https://csrc.nist.gov/glossary/term/information_security_testing","definitions":[{"text":"The process of validating the effective implementation of security controls for information systems and networks, based on the organization’s security requirements.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Information Sharing","link":"https://csrc.nist.gov/glossary/term/information_sharing","definitions":[{"text":"the requirements for information sharing by an IT system with one ormore other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/information_sharing_and_analysis_center","abbrSyn":[{"text":"ISAC","link":"https://csrc.nist.gov/glossary/term/isac"}],"definitions":null},{"term":"Information Sharing and Analysis Organization","link":"https://csrc.nist.gov/glossary/term/information_sharing_and_analysis_organization","abbrSyn":[{"text":"ISAO","link":"https://csrc.nist.gov/glossary/term/isao"}],"definitions":[{"text":"An ISAO is any entity or collaboration created or employed by public- or private sector organizations, for purposes of gathering and analyzing critical cyber and related information in order to better understand security problems and interdependencies related to cyber systems, so as to ensure their availability, integrity, and reliability.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","refSources":[{"text":"Information Sharing and Analysis Organization Standards Organization Product Outline v0.2 "}]}]}]},{"term":"Information Sharing Architecture","link":"https://csrc.nist.gov/glossary/term/information_sharing_architecture","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":null},{"term":"information sharing environment (ISE)","link":"https://csrc.nist.gov/glossary/term/information_sharing_environment","abbrSyn":[{"text":"ISE","link":"https://csrc.nist.gov/glossary/term/ise"}],"definitions":[{"text":"1. An approach that facilitates the sharing of terrorism and homeland security information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. ISE in its broader application enables those in a trusted partnership to share, discover, and access controlled information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information steward","link":"https://csrc.nist.gov/glossary/term/information_steward","definitions":[{"text":"An agency official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Steward ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Steward ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Steward ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"Individual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of the Federal Information Security Management Act (FISMA) and any associated security-related federal policies, directives, regulations, standards, and guidance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"Individual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, created, or compiled the information. Information stewards provide maximum access to federal information to elements of the federal government and its customers, balanced by the obligation to protect the information in accordance with the provisions of FISMA and any associated security-related federal policies, directives, regulations, standards, and guidance.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Steward "}]}],"seeAlso":[{"text":"information owner","link":"information_owner"},{"text":"Information Owner"}]},{"term":"information system","link":"https://csrc.nist.gov/glossary/term/information_system","abbrSyn":[{"text":"IS","link":"https://csrc.nist.gov/glossary/term/is"},{"text":"system","link":"https://csrc.nist.gov/glossary/term/system"},{"text":"System"},{"text":"SYSTEM"}],"definitions":[{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program."},{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under system ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An arrangement of parts or elements that together exhibit behavior or meaning that the individual constituents do not. Systems can be physical or conceptual, or a combination of both.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under system ","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"},{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under system "}]},{"text":"An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §164.304"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION SYSTEM ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Information System ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under System "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"PL 107-347","link":"https://www.govinfo.gov/app/details/PLAW-107publ347/"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"See information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SYSTEM "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under System "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under System "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under System "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under System "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under System "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under System "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under System "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under system "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under system "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under system "}]},{"text":"A discrete set of resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"The term 'information system' means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502 (8)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. \nNote: Systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under System ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under system ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes. Note 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control, and communication systems; crypto modules; central process unit and graphics processor boards; industrial/process control systems; flight control systems; weapons, targeting, and fire control systems; medical devices and treatment systems; financial, banking, and merchandising transaction systems; and social networking systems. Note 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilites, materials, and naturally occurring physical entities. Note 3: Systems of systems is included in the definition of system.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system ","refSources":[{"text":"ISO/IEC 15288"}]}]},{"text":"A combination of interacting elements organized to achieve one or more stated purposes.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288:2008"}]}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under system ","refSources":[{"text":"ISO/IEC 15288:2008"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under system ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under system ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under system ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System "}]},{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. See information system (IS).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under system "}]},{"text":"A computer-based system used by an issuer to perform the functions necessary for PIV Card or Derived PIV Credential issuance as per [FIPS 201-2].","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Information System "}]},{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. See information system. Note: Systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.\n[Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.\nNote: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An information system is a discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Information systems also include specialized systems such as industrial/process controls systems, telephone switching/private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. \nNote: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information system (IS) ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"A discrete set of resources that are organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under System "}]},{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. Note: Systems also include specialized systems such as industrial control systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under system ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes. Note 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control, and communication systems; crypto modules; central processing unit and graphics processor boards; industrial control systems; flight control systems; weapons, targeting, and fire control systems; medical devices and treatment systems; financial, banking, and merchandising transaction systems; and social networking systems. Note 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilities, materials, and naturally occurring physical entities. Note 3: System-of-systems is included in the definition of system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under system ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A specific IT installation, with a particular purpose and operational environment.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under System ","refSources":[{"text":"ITSEC Ver. 1.2"}]}]},{"text":"See Information System","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under System "}]},{"text":"A discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under System ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, facilities, and people and provides support for a variety of users and/or applications. Individual applications support different mission-related functions. Users may be from the same or different organizations.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under system "}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. \nRefer to system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"EGovAct","link":"https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.\nRefer to system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"EGovAct","link":"https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf"}]}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes. \nNote 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control, and communication systems; crypto modules; central processing unit and graphics processor boards; industrial/process control systems; flight control systems; weapons, targeting, and fire control systems; medical devices and treatment systems; financial, banking, and merchandising transaction systems; and social networking systems. \nNote 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilities, materials, and naturally occurring physical entities. \nNote 3: System of systems is included in the definition of system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system ","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes.\nNote 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control, and communication systems; crypto modules; central processing unit and graphics processor boards; industrial/process control systems; flight control systems; weapons, targeting, and fire control systems; medical devices and treatment systems; financial, banking, and merchandising transaction systems; and social networking systems.\nNote 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilities, materials, and naturally occurring physical entities.\nNote 3: System of systems is included in the definition of system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system ","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}],"seeAlso":[{"text":"system","link":"system"}]},{"term":"Information System Administrator","link":"https://csrc.nist.gov/glossary/term/information_system_administrator","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":[{"text":"Individual who implements approved secure baseline configurations, incorporates secure configuration settings for IT products, and conducts/assists with configuration monitoring activities as needed.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"information system boundary","link":"https://csrc.nist.gov/glossary/term/information_system_boundary","abbrSyn":[{"text":"authorization boundary","link":"https://csrc.nist.gov/glossary/term/authorization_boundary"},{"text":"Authorization Boundary"}],"definitions":[{"text":"All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorization Boundary ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Boundary "}]},{"text":"All components of an information system to be authorized for operation by an authorizing official. This excludes separately authorized systems to which the information system is connected.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under authorization boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"See Authorization Boundary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System Boundary "}]}]},{"term":"information system component","link":"https://csrc.nist.gov/glossary/term/information_system_component","abbrSyn":[{"text":"Authorization Boundary"},{"text":"Component"},{"text":"information technology product","link":"https://csrc.nist.gov/glossary/term/information_technology_product"},{"text":"Information Technology Product"},{"text":"ISC","link":"https://csrc.nist.gov/glossary/term/isc"}],"definitions":[{"text":"An element of a large system—such as an identity card, issuer, card reader, or identity verification support—within the PIV system.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Component "}]},{"text":"All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorization Boundary ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"A software object, meant to interact with other components, encapsulating certain functionality or a set of functionalities. A component has a clearly defined interface and conforms to a prescribed behavior common to all components within an architecture.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Component ","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"A discrete identifiable IT asset that represents a building block of an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Component "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A system, component, application, etc., that is based upon technology which is used to electronically process, store, or transmit information.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Technology Product "}]},{"text":"Any hardware, software, and/or firmware required to construct a CKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Component "}]},{"text":"An element such as a fingerprint capture station or card reader used by an issuer, for which [FIPS 201-2] has defined specific requirements.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Component "}]},{"text":"See system component.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under information technology product "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information technology product "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under information technology product "}]},{"text":"See Authorization Boundary.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"See information system component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information technology product "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Component "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Technology Product "}]},{"text":"An entity with discrete structure, such as an assembly or software module, within a system considered at a particular level of analysis. Component refers to a part of a whole, such as a component of a software product, a component of a software identification tag, etc.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Component ","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"A hardware, software, firmware part or element of a larger PNT system with well-defined inputs and outputs and a specific function.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Component ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - Adapted"},{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf","note":" - Adapted"}]}]},{"text":"An element of a large system, such as an identity card, PIV Issuer, PIV Registrar, card reader, or identity verification support, within the PIV system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Component "}]}]},{"term":"information system component inventory","link":"https://csrc.nist.gov/glossary/term/information_system_component_inventory","definitions":[{"text":"A descriptive record of components within an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Component Inventory "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Information System Contingency Plan (ISCP)","link":"https://csrc.nist.gov/glossary/term/information_system_contingency_plan","abbrSyn":[{"text":"Contingency Planning","link":"https://csrc.nist.gov/glossary/term/contingency_planning"}],"definitions":[{"text":"See Information System Contingency Plan.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Contingency Planning "}]},{"text":"Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"information system life cycle","link":"https://csrc.nist.gov/glossary/term/information_system_life_cycle","definitions":[{"text":"The phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"information system owner (or program manager)","link":"https://csrc.nist.gov/glossary/term/information_system_owner","abbrSyn":[{"text":"ISO","link":"https://csrc.nist.gov/glossary/term/iso"}],"definitions":[{"text":"Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION SYSTEM OWNER ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Owner(or Program Manager) ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Owner(or Program Manager) "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Owner(or Program Manager) "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System Owner (or Program Manager) ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information System Owner (or Program Manager) ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Owner (or Program Manager) "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System Owner (or Program Manager) "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System Owner (or Program Manager) "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information System Owner (or Program Manager) ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information System Owner (or Program Manager) ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Owner (or Program Manager) "}]}]},{"term":"information system resilience","link":"https://csrc.nist.gov/glossary/term/information_system_resilience","abbrSyn":[{"text":"Resilience"}],"definitions":[{"text":"Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Resilience "}]},{"text":"The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Resilience "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Resilience "}]},{"text":"The ability of an information system to continue to operate while under attack, even if in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Resilience "}]},{"text":"The ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Resilience "}]},{"text":"See Information System Resilience.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Resilience "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Resilience "}]},{"text":"The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Resilience ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - Adapted"}]}]},{"text":"can also be defined as the adaptive capability of an organization in a complex and changing environment.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Resilience ","refSources":[{"text":"ASIS SPC.1-2009"}]}]},{"text":"The ability to reduce the magnitude and/or duration of disruptive events to critical infrastructure. The effectiveness of a resilient infrastructure or enterprise depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Resilience ","refSources":[{"text":"Critical Infrastructure Resilience Final Report and Recommendations","link":"https://www.dhs.gov/xlibrary/assets/niac/niac_critical_infrastructure_resilience.pdf"}]}]},{"text":"The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Resilience ","refSources":[{"text":"PPD-21","link":"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil"}]}]}]},{"term":"Information System Security Engineer","link":"https://csrc.nist.gov/glossary/term/information_system_security_engineer","definitions":[{"text":"Individual assigned responsibility for conducting information system security engineering activities.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]"}]}]},{"term":"Information System Security Engineering","link":"https://csrc.nist.gov/glossary/term/information_system_security_engineering","definitions":[{"text":"Process that captures and refines information security requirements and ensures that their integration into information technology component products and information systems through purposeful security design or configuration.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Process that captures and refines information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]"}]}]},{"term":"Information System Security Manager","link":"https://csrc.nist.gov/glossary/term/information_system_security_manager","abbrSyn":[{"text":"ISSM","link":"https://csrc.nist.gov/glossary/term/issm"}],"definitions":null},{"term":"information system security officer","link":"https://csrc.nist.gov/glossary/term/information_system_security_officer","abbrSyn":[{"text":"ISSO","link":"https://csrc.nist.gov/glossary/term/isso"},{"text":"system security officer","link":"https://csrc.nist.gov/glossary/term/system_security_officer"},{"text":"System Security Officer (SSO)"},{"text":"systems security officer (SSO)","link":"https://csrc.nist.gov/glossary/term/systems_security_officer"}],"definitions":[{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under system security officer ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system security officer "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System Security Officer (ISSO) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"See information systems security officer (ISSO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under systems security officer (SSO) ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"Person responsible to the designated approving authority for ensuring the security of an information system throughout its lifecycle, from design through disposal.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Information System Security Officer (ISSO) ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"See system security officer (SSO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information System Security Officer "}]},{"text":"Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program.\n[Note: ISSO responsibility may be assigned by the senior agency information security officer, authorizing official, management official, or information system owner.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Security Officer ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under System Security Officer (SSO) ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for a system or program.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under system security officer ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under system security officer ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]}],"seeAlso":[{"text":"information assurance officer (IAO)"}]},{"term":"information system security plan","link":"https://csrc.nist.gov/glossary/term/information_system_security_plan","abbrSyn":[{"text":"security plan","link":"https://csrc.nist.gov/glossary/term/security_plan"},{"text":"system security plan","link":"https://csrc.nist.gov/glossary/term/system_security_plan"}],"definitions":[{"text":"A document that describes how an organization meets or plans to meet the security requirements for a system. In particular, the system security plan describes the system boundary, the environment in which the system operates, how security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under system security plan "}]},{"text":"Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under security plan ","refSources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]}]},{"text":"A document that describes how an organization meets or plans to meet the security requirements for a system. In particular, the system security plan describes the system boundary, the environment in which the system operates, how the security requirements are satisfied, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","underTerm":" under system security plan "},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under system security plan "}]},{"text":"A formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"See System Security Plan.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security plan "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under security plan "}]},{"text":"See information system security plan.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under system security plan "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system security plan "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security plan "}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. \nSee system security plan or information security program plan.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"NIST SP 800-53A","link":"https://doi.org/10.6028/NIST.SP.800-53A"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]}]},{"text":"A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary; the environment in which the system operates; how the security requirements are implemented; and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under system security plan "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under system security plan "}]},{"text":"A formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. The system security plan describes the system components that are included within the system, the environment in which the system operates, how the security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security plan "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under security plan "}]},{"text":"See security plan.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under system security plan "},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under system security plan "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under system security plan "}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. The system security plan describes the system components that are included within the system, the environment in which the system operates, how the security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under security plan "}]},{"text":"A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary, the environment in which the system operates, how security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under system security plan "}]}]},{"term":"information system service","link":"https://csrc.nist.gov/glossary/term/information_system_service","definitions":[{"text":"A capability provided by an information system that facilitates information processing, storage, or transmission.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Service "}]}]},{"term":"Information System User","link":"https://csrc.nist.gov/glossary/term/information_system_user","abbrSyn":[{"text":"ISU","link":"https://csrc.nist.gov/glossary/term/isu"},{"text":"User"}],"definitions":[{"text":"A person, team, or organization that accesses or otherwise uses an OLIR.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under User "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under User "}]},{"text":"A person or entity with authorized access.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"Individual or (system) process authorized to access an information system.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under User ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system.\nSee Organizational User and Non-Organizational User.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system. \nSee Organizational User and Non-Organizational User.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"See Information System User","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under User "}]},{"text":"The term user refers to an individual, group, host, domain, trusted communication channel, network address/port, another netwoik, a remote system (e.g., operations system), or a process (e.g., service or program) that accesses the network, or is accessed by it, including any entity that accesses a network support entity to perform OAM&Prelated tasks. Regardless of their role, users must be required to successfully pass an identification and authentication (I&A) mechanism. For example, I&A would be required for a security or system administrator. For customers, I&A could be required for billing purposes.\nFor some services (e.g.. Emergency Services) a customer may not need to be authenticated by the system.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under User "}]},{"text":"An FCKMS role that utilizes the key-management services offered by an FCKMS service provider.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under User "}]},{"text":"See Entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under User "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under User "}]},{"text":"A human entity.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under User "}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system.\n[Note: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An individual (person). Also see Entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under User "}]},{"text":"Person who interacts with the product.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under User ","refSources":[{"text":"ISO 9241-11:1998"}]}]},{"text":"A person, organization, or other entity which requests access to and uses the resources of a computer system or network.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under User "}]},{"text":"The entity, human or machine, that is identified by the userID, authenticated prior to system access, the subject of all access control decisions, and held accountable via the audit reporting system.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under User "}]},{"text":"the set of people, both trusted (e.g., administrators) and untrusted, who use the system.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under User "}]},{"text":"A consumer of the services offered by an RP.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under User "}]},{"text":"A person, team, or organization that accesses or otherwise uses an Online Informative Reference.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under User "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under User "}]}]},{"term":"information system-related security risks","link":"https://csrc.nist.gov/glossary/term/information_system_related_security_risks","abbrSyn":[{"text":"Risk"}],"definitions":[{"text":"The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Risk ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Risk ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Risk ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk ","refSources":[{"text":"CNSSI 4009-2010"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Risk ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"Risk that arises through the loss of confidentiality, integrity, or availability of information or information systems considering impacts to organizational operations and assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System-Related Security Risk "}]},{"text":"Risk that arises through the loss of confidentiality, integrity, or availability of information or information systems considering impacts to organizational operations and assets, individuals, other organizations, and the Nation. A subset of information security risk. See risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Information system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. \nSee Risk.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System-related Security Risks "}]},{"text":"Risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation.See Risk.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System-Related Security Risks "}]},{"text":"Risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and that considers impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See Risk.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System-Related Security Risks "}]},{"text":"Information system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See Risk.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System-related Security Risks "}]},{"text":"Risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See Risk.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System-related Security Risks "}]}],"seeAlso":[{"text":"Risk"},{"text":"risk","link":"risk"},{"text":"Risk"}]},{"term":"Information Systems Audit and Control Association","link":"https://csrc.nist.gov/glossary/term/information_systems_audit_and_control_association","abbrSyn":[{"text":"ISACA","link":"https://csrc.nist.gov/glossary/term/isaca"}],"definitions":null},{"term":"information systems security (INFOSEC)","link":"https://csrc.nist.gov/glossary/term/information_systems_security","abbrSyn":[{"text":"INFOSEC","link":"https://csrc.nist.gov/glossary/term/infosec"}],"definitions":[{"text":"The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. See information assurance (IA).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"synonymous withIT Security.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Information Systems Security "}]}],"seeAlso":[{"text":"information assurance (IA)","link":"information_assurance"}]},{"term":"information systems security (INFOSEC) boundary","link":"https://csrc.nist.gov/glossary/term/information_systems_security_boundary","definitions":[{"text":"An imaginary definable perimeter encompassing all the critical functions in an INFOSEC product and separating them from all other functions within the product. \nNote: INFOSEC Boundary is in terms of a product assessment; not to be confused with authorization boundary.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA Information Assurance Security Requirements Directive (IASRD) dated October, 2012"}]}]}]},{"term":"information systems security manager (ISSM)","link":"https://csrc.nist.gov/glossary/term/information_systems_security_manager","abbrSyn":[{"text":"ISSM","link":"https://csrc.nist.gov/glossary/term/issm"}],"definitions":[{"text":"Individual responsible for the information assurance of a program, organization, system, or enclave.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"information assurance manager"}]},{"term":"Information Systems Security Program","link":"https://csrc.nist.gov/glossary/term/information_systems_security_program","definitions":[{"text":"synonymous withIT Security Program.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Information Systems Security Program Manager","link":"https://csrc.nist.gov/glossary/term/information_systems_security_program_manager","abbrSyn":[{"text":"ISSPM","link":"https://csrc.nist.gov/glossary/term/isspm"}],"definitions":null},{"term":"Information Technology Asset Management","link":"https://csrc.nist.gov/glossary/term/information_technology_asset_management","abbrSyn":[{"text":"ITAM","link":"https://csrc.nist.gov/glossary/term/itam"}],"definitions":null},{"term":"Information Technology Infrastructure Library","link":"https://csrc.nist.gov/glossary/term/information_technology_infrastructure_library","abbrSyn":[{"text":"ITIL","link":"https://csrc.nist.gov/glossary/term/itil"}],"definitions":null},{"term":"Information Technology Laboratory (of NIST)","link":"https://csrc.nist.gov/glossary/term/information_technology_laboratory","abbrSyn":[{"text":"ITL","link":"https://csrc.nist.gov/glossary/term/itl"}],"definitions":null},{"term":"Information Technology Operation and Support","link":"https://csrc.nist.gov/glossary/term/information_technology_operation_and_support","abbrSyn":[{"text":"ITOS","link":"https://csrc.nist.gov/glossary/term/itos"}],"definitions":null},{"term":"information technology product","link":"https://csrc.nist.gov/glossary/term/information_technology_product","abbrSyn":[{"text":"information system component","link":"https://csrc.nist.gov/glossary/term/information_system_component"},{"text":"Information System Component"},{"text":"system component","link":"https://csrc.nist.gov/glossary/term/system_component"}],"definitions":[{"text":"A discrete identifiable information or operational technology asset that represents a building block of a system and may include hardware, software, and firmware.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under system component "}]},{"text":"A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information system component ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software, and firmware.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under system component "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"A discrete identifiable IT asset that represents a building block of an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Component "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under information system component "}]},{"text":"A system, component, application, etc., that is based upon technology which is used to electronically process, store, or transmit information.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Technology Product "}]},{"text":"See system component.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"See Authorization Boundary.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"See information system component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Technology Product "}]},{"text":"Discrete identifiable information technology assets that represent a building block of a system and include hardware, software, firmware, and virtual machines.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"A discrete, identifiable information technology asset (hardware, software, firmware) that represents a building block of a system. System components include commercial information technology products.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under system component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]}]},{"term":"information technology security","link":"https://csrc.nist.gov/glossary/term/information_technology_security","abbrSyn":[{"text":"Computer Security"}],"definitions":[{"text":"the entire spectrum of information technology including application and support systems.","sources":[{"text":"NIST SP 800-14","link":"https://doi.org/10.6028/NIST.SP.800-14","note":" [Withdrawn]"}]}]},{"term":"information type","link":"https://csrc.nist.gov/glossary/term/information_type","definitions":[{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or, in some instances, by a specific law, Executive Order, directive, policy, or regulation.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under INFORMATION TYPE ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management) defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management) defined by an organization or in some instances, by a specific law, executive order, directive, policy, or regulation.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order (E.O.), directive, policy, or regulation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor-sensitive, security management) defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Type ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor-sensitive, security management) defined by an organization or in some instances, by a specific law, executive order, directive, policy, or regulation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]}]},{"term":"information value","link":"https://csrc.nist.gov/glossary/term/information_value","definitions":[{"text":"A qualitative measure of the importance of the information based upon factors such as the level of robustness of the information assurance (IA) controls allocated to the protection of information based upon: mission criticality, the sensitivity (e.g., classification and compartmentalization) of the information, releasability to other countries, perishability/longevity of the information (e.g., short life data versus long life intelligence source data), and potential impact of loss of confidentiality and integrity and/or availability of the information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"informational label","link":"https://csrc.nist.gov/glossary/term/informational_label","abbrSyn":[{"text":"descriptive label","link":"https://csrc.nist.gov/glossary/term/descriptive_label"}],"definitions":[{"text":"Provides facts about properties or features of a product without any grading or evaluation. Information may be displayed in a variety of ways, such as in tabular format or with icons or text.","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1","underTerm":" under descriptive label "}]}]},{"term":"Informative Reference Developer","link":"https://csrc.nist.gov/glossary/term/informative_reference_developer","abbrSyn":[{"text":"OLIR Developer","link":"https://csrc.nist.gov/glossary/term/olir_developer"}],"definitions":[{"text":"A person, team, or organization that creates an OLIR and submits it to the National OLIR Program.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under OLIR Developer "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under OLIR Developer "}]},{"text":"A person, team, or organization that creates an Informative Reference and submits it to the National OLIR Program.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"}]},{"text":"A person, team, or organization that creates an Informative Reference and submits it to the OLIR Program.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Informative References","link":"https://csrc.nist.gov/glossary/term/informative_references","abbrSyn":[{"text":"IR","link":"https://csrc.nist.gov/glossary/term/ir"},{"text":"Online Informative Reference"}],"definitions":[{"text":"Relationships between elements of two documents that are recorded in a NIST IR 8278A-compliant format and shared by the OLIR Catalog. There are three types of OLIRs: concept crosswalk, set theory relationship mapping, and supportive relationship mapping.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Online Informative Reference "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Online Informative Reference "}]},{"text":"Specific sections of standards, guidelines, and practices common among critical infrastructure sectors that illustrate a method to achieve the outcomes associated with each Subcategory in the Cybersecurity Framework.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]},{"text":"A relationship between a Reference Document and the NIST Cybersecurity Framework, using the OLIR Template.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204","underTerm":" under Informative Reference (Reference) "}]},{"text":"A specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Subcategory. An example of an Informative Reference is ISO/IEC 27001 Control A.10.8.3, which supports the “Data-in-transit is protected” Subcategory of the “Data Security” Category in the “Protect” function.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Informative Reference "}]},{"text":"A relationship between a Focal Document Element and a Reference Document Element.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under Informative Reference "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under Informative Reference "}]}]},{"term":"INFORMS","link":"https://csrc.nist.gov/glossary/term/informs","abbrSyn":[{"text":"Institute for Operations Research and the Management Sciences","link":"https://csrc.nist.gov/glossary/term/institute_for_operations_research_and_the_management_sciences"}],"definitions":null},{"term":"INFOSEC","link":"https://csrc.nist.gov/glossary/term/infosec","abbrSyn":[{"text":"Information Security"},{"text":"Information Systems Security"}],"definitions":[{"text":"The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3541","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3541"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"The term 'information security' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(1)","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"synonymous withIT Security.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Information Systems Security "}]}]},{"term":"Infra Red Data Association","link":"https://csrc.nist.gov/glossary/term/infra_red_data_association","abbrSyn":[{"text":"IrDA","link":"https://csrc.nist.gov/glossary/term/irda"}],"definitions":null},{"term":"Infrared","link":"https://csrc.nist.gov/glossary/term/infrared","abbrSyn":[{"text":"IR","link":"https://csrc.nist.gov/glossary/term/ir"}],"definitions":null},{"term":"Infrastructure as a Service (IaaS)","link":"https://csrc.nist.gov/glossary/term/infrastructure_as_a_service","abbrSyn":[{"text":"IaaS","link":"https://csrc.nist.gov/glossary/term/iaas"}],"definitions":[{"text":"The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"infrastructure as code","link":"https://csrc.nist.gov/glossary/term/infrastructure_as_code","abbrSyn":[{"text":"IaC"}],"definitions":[{"text":"The process of managing and provisioning an organization’s IT infrastructure using machine-readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"Ingress Filtering","link":"https://csrc.nist.gov/glossary/term/ingress_filtering","definitions":[{"text":"Filtering of incoming network traffic.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Ingress Protection","link":"https://csrc.nist.gov/glossary/term/ingress_protection","abbrSyn":[{"text":"IP","link":"https://csrc.nist.gov/glossary/term/ip"}],"definitions":null},{"term":"Inherent Risk","link":"https://csrc.nist.gov/glossary/term/inherent_risk","definitions":[{"text":"The risk to an entity in the absence of any direct or focused actions by management to alter its severity.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"COSO Enterprise Risk Management","link":"https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf"}]}]}]},{"term":"inheritance","link":"https://csrc.nist.gov/glossary/term/inheritance","abbrSyn":[{"text":"security control inheritance","link":"https://csrc.nist.gov/glossary/term/security_control_inheritance"}],"definitions":[{"text":"A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security control inheritance ","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]}]},{"text":"See security control inheritance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Initial Analysis","link":"https://csrc.nist.gov/glossary/term/initial_analysis","definitions":[{"text":"Internal phase within the NVD where an NVD Analyst begins to review a CVE and adds the appropriate metadata.","sources":[{"text":"NISTIR 8246","link":"https://doi.org/10.6028/NIST.IR.8246"}]}]},{"term":"Initial Attestation Key","link":"https://csrc.nist.gov/glossary/term/initial_attestation_key","abbrSyn":[{"text":"IAK","link":"https://csrc.nist.gov/glossary/term/iak"}],"definitions":null},{"term":"Initial Boot Block","link":"https://csrc.nist.gov/glossary/term/initial_boot_block","abbrSyn":[{"text":"IBB","link":"https://csrc.nist.gov/glossary/term/ibb"}],"definitions":null},{"term":"Initial Device Identity","link":"https://csrc.nist.gov/glossary/term/initial_device_identity","abbrSyn":[{"text":"IDevID","link":"https://csrc.nist.gov/glossary/term/idevid"}],"definitions":null},{"term":"Initial Privacy Assessment","link":"https://csrc.nist.gov/glossary/term/initial_privacy_assessment","abbrSyn":[{"text":"IPA","link":"https://csrc.nist.gov/glossary/term/ipa"}],"definitions":null},{"term":"Initial Program Load","link":"https://csrc.nist.gov/glossary/term/initial_program_load","abbrSyn":[{"text":"IPL","link":"https://csrc.nist.gov/glossary/term/ipl"}],"definitions":null},{"term":"Initialization Vector (IV)","link":"https://csrc.nist.gov/glossary/term/initialization_vector","abbrSyn":[{"text":"IV"}],"definitions":[{"text":"A bit string that is used as an initial value in computing the first iteration of the PRF in feedback mode. It may be an empty string.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under IV "}]},{"text":"A binary string that is used as an initial value in computing the first iteration in feedback mode. It may be an empty string.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under IV "}]},{"text":"A binary vector used as the input to initialize the algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment. The initialization vector need not be secret. Some of the Triple Data Encryption Algorithm Modes of Operation require 3 initialization vectors.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Initialization Vector "}]},{"text":"Initialization Vector","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under IV "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under IV "}]},{"text":"A data block that some modes of operation require as an additional initial input.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The initialization vector.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under IV "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under IV "}]},{"text":"A nonce that is associated with an invocation of authenticated encryption on a particular plaintext and AAD.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Initialization Vector "}]},{"text":"A vector used in defining the starting point of a cryptographic process.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Initialization vector (IV) "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Initialization vector (IV) "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Initialization vector (IV) "}]},{"text":"A vector used in defining the starting point of an encryption process within a cryptographic algorithm.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Initialization vector (IV) "}]},{"text":"A vector used in defining the starting point of a cryptographic process (e.g., encryption and key wrapping).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"INJ","link":"https://csrc.nist.gov/glossary/term/inj","abbrSyn":[{"text":"Injection","link":"https://csrc.nist.gov/glossary/term/injection"}],"definitions":null},{"term":"Injection","link":"https://csrc.nist.gov/glossary/term/injection","abbrSyn":[{"text":"INJ","link":"https://csrc.nist.gov/glossary/term/inj"}],"definitions":null},{"term":"INL","link":"https://csrc.nist.gov/glossary/term/inl","abbrSyn":[{"text":"Idaho National Laboratory","link":"https://csrc.nist.gov/glossary/term/idaho_national_laboratory"}],"definitions":null},{"term":"Input Block","link":"https://csrc.nist.gov/glossary/term/input_block","definitions":[{"text":"A data block that is an input to either the forward cipher function or the inverse cipher function of the block cipher algorithm.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Input/Output Operations Per Second","link":"https://csrc.nist.gov/glossary/term/input_output_operations_per_second","abbrSyn":[{"text":"IOPS","link":"https://csrc.nist.gov/glossary/term/iops"}],"definitions":null},{"term":"INR","link":"https://csrc.nist.gov/glossary/term/inr","abbrSyn":[{"text":"Internet Number Resource","link":"https://csrc.nist.gov/glossary/term/internet_number_resource"}],"definitions":null},{"term":"INS","link":"https://csrc.nist.gov/glossary/term/ins","abbrSyn":[{"text":"Inertial Navigation Systems","link":"https://csrc.nist.gov/glossary/term/inertial_navigation_systems"}],"definitions":null},{"term":"insider","link":"https://csrc.nist.gov/glossary/term/insider","definitions":[{"text":"Any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks, or systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"Any person with authorized access to any U.S. Government resource, to include personnel, facilities, information, equipment, networks, or systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider ","refSources":[{"text":"Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs","link":"https://obamawhitehouse.archives.gov/the-press-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimum-stand"}]}]},{"text":"An entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Insider ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Insider ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Insider ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Insider "}]},{"text":"Any person with authorized access to any organizational resource, to include personnel, facilities, information, equipment, networks, or systems.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"Any person with authorized access to business resources, including personnel, facilities, information, equipment, networks, or systems.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Insider ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - adapted"}]}]}]},{"term":"insider threat","link":"https://csrc.nist.gov/glossary/term/insider_threat","definitions":[{"text":"The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure, or through the loss or degradation of departmental resources or capabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"An entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service. ","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider Threat ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider Threat ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider Threat ","refSources":[{"text":"Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs","link":"https://obamawhitehouse.archives.gov/the-press-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimum-stand"}]}]},{"text":"An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Inside threat "}]},{"text":"The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of organizational operations and assets, individuals, other organizations, and the Nation. This threat can include damage through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of organizational resources or capabilities.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure, or through the loss or degradation of departmental resources or capabilities.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"insider threat program","link":"https://csrc.nist.gov/glossary/term/insider_threat_program","definitions":[{"text":"A coordinated collection of capabilities authorized by the Department/Agency (D/A) that is organized to deter, detect, and mitigate the unauthorized disclosure of sensitive information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"A coordinated group of capabilities under centralized management that is organized to detect and prevent the unauthorized disclosure of sensitive information. At a minimum,  for departments and agencies that handle classified information, an insider threat program shall consist of capabilities that provide access to information; centralized information integration, analysis, and response; employee insider threat awareness training; and the monitoring of user activity on government computers. For department and agencies that do not handle classified information, these can be employed effectively for safeguarding information that is unclassified but sensitive.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider Threat Program ","refSources":[{"text":"Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs","link":"https://obamawhitehouse.archives.gov/the-press-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimum-stand"}]}]},{"text":"A coordinated group of capabilities under centralized management that is organized to detect and prevent the unauthorized disclosure of sensitive information. At a minimum, for departments and agencies that handle classified information, an insider threat program shall consist of capabilities that provide access to information; centralized information integration, analysis, and response; employee insider threat awareness training; and the monitoring of user activity on government computers. For department and agencies that do not handle classified information, these can be employed effectively for safeguarding information that is unclassified but sensitive.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Insider Threat Program ","refSources":[{"text":"Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs","link":"https://obamawhitehouse.archives.gov/the-press-office/2012/11/21/presidential-memorandum-national-insider-threat-policy-and-minimum-stand"}]}]},{"text":"A coordinated collection of capabilities authorized by the organization and used to deter, detect, and mitigate the unauthorized disclosure of information.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"inspectable space","link":"https://csrc.nist.gov/glossary/term/inspectable_space","definitions":[{"text":"Three dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. Synonymous with zone of control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm","note":" - Adapted"}]}]}]},{"term":"Inspection","link":"https://csrc.nist.gov/glossary/term/inspection","definitions":[{"text":"Examination of an object of conformity assessment and determination of its conformity with detailed requirements or, on the basis of professional judgement, with general requirements.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"Inspector General","link":"https://csrc.nist.gov/glossary/term/inspector_general","abbrSyn":[{"text":"IG","link":"https://csrc.nist.gov/glossary/term/ig"}],"definitions":null},{"term":"Installation (as used herein)","link":"https://csrc.nist.gov/glossary/term/installation","definitions":[{"text":"Any of the following actions: - Executing an installer to load software. - Listing Software in the operating system software directory. - (Merely) placing executable software on a medium from which it can be executed, even if no installer software is run and there is no listing for it in the operating system software directory. - Any other action that allows an executable software file to be loaded into the CPU (e.g., browsing a website that downloads software; opening an e-mail (or attachment) that downloads software; etc.).","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"term":"Installation (of keying material)","link":"https://csrc.nist.gov/glossary/term/installation_of_keying_material","definitions":[{"text":"The process of making keying material available for establishing and maintaining cryptographic relationships.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Instant Messaging (IM)","link":"https://csrc.nist.gov/glossary/term/instant_messaging","abbrSyn":[{"text":"IM","link":"https://csrc.nist.gov/glossary/term/im"}],"definitions":[{"text":"A facility for exchanging messages in real-time with other people over the Internet and tracking the progress of a given conversation.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a facility for exchanging messages in real-time with other people over the Internet and tracking the progress of the conversation.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Instant Messaging "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Instant Messaging "}]}]},{"term":"Instantiation of an RBG","link":"https://csrc.nist.gov/glossary/term/instantiation_of_an_rbg","definitions":[{"text":"An instantiation of an RBG is a specific, logically independent, initialized RBG. One instantiation is distinguished from another by a “handle” (e.g., an identifying number).","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Institute for Defense Analyses","link":"https://csrc.nist.gov/glossary/term/institute_for_defense_analyses","abbrSyn":[{"text":"IDA","link":"https://csrc.nist.gov/glossary/term/ida"}],"definitions":null},{"term":"Institute for Information Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/institute_for_information_infrastructure_protection","abbrSyn":[{"text":"I3P","link":"https://csrc.nist.gov/glossary/term/i3p"}],"definitions":null},{"term":"Institute for Operations Research and the Management Sciences","link":"https://csrc.nist.gov/glossary/term/institute_for_operations_research_and_the_management_sciences","abbrSyn":[{"text":"INFORMS","link":"https://csrc.nist.gov/glossary/term/informs"}],"definitions":null},{"term":"Institute for Testing and Certification","link":"https://csrc.nist.gov/glossary/term/institute_for_testing_and_certification","abbrSyn":[{"text":"ITC","link":"https://csrc.nist.gov/glossary/term/itc"}],"definitions":null},{"term":"Institute of Electrical and Electronics Engineers","link":"https://csrc.nist.gov/glossary/term/institute_of_electrical_and_electronics_engineers","abbrSyn":[{"text":"IEEE","link":"https://csrc.nist.gov/glossary/term/ieee"}],"definitions":null},{"term":"Instruction Set Architecture","link":"https://csrc.nist.gov/glossary/term/instruction_set_architecture","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":null},{"term":"Instruction Set Extension","link":"https://csrc.nist.gov/glossary/term/instruction_set_extension","abbrSyn":[{"text":"ISE","link":"https://csrc.nist.gov/glossary/term/ise"}],"definitions":null},{"term":"Instructional System Methodology","link":"https://csrc.nist.gov/glossary/term/instructional_system_methodology","abbrSyn":[{"text":"ISD","link":"https://csrc.nist.gov/glossary/term/isd"}],"definitions":null},{"term":"INT-CTXT","link":"https://csrc.nist.gov/glossary/term/int_ctxt","abbrSyn":[{"text":"Integrity of Ciphertexts","link":"https://csrc.nist.gov/glossary/term/integrity_of_ciphertexts"}],"definitions":null},{"term":"Integer Factorization Cryptography","link":"https://csrc.nist.gov/glossary/term/integer_factorization_cryptography","abbrSyn":[{"text":"IFC","link":"https://csrc.nist.gov/glossary/term/ifc"}],"definitions":[{"text":"Integer factorization cryptography","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under IFC "}]},{"text":"Integer Factorization Cryptography.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under IFC "}]}]},{"term":"Integer Module Learning With Errors","link":"https://csrc.nist.gov/glossary/term/integer_module_learning_with_errors","abbrSyn":[{"text":"I-MLWE","link":"https://csrc.nist.gov/glossary/term/i_mlwe"}],"definitions":null},{"term":"Integer to Byte String conversion routine","link":"https://csrc.nist.gov/glossary/term/integer_to_byte_string_conversion_routine","abbrSyn":[{"text":"I2BS","link":"https://csrc.nist.gov/glossary/term/i2bs"}],"definitions":[{"text":"Integer to Byte String conversion routine.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under I2BS "}]}]},{"term":"Integrated Adaptive Cyber Defense","link":"https://csrc.nist.gov/glossary/term/integrated_adaptive_cyber_defense","abbrSyn":[{"text":"IACD","link":"https://csrc.nist.gov/glossary/term/iacd"}],"definitions":null},{"term":"integrated CCI (controlled cryptographic items) component","link":"https://csrc.nist.gov/glossary/term/integrated_cci_component","definitions":[{"text":"A CCI component that is designed to be incorporated into an otherwise unclassified communication or information processing equipment or system to form a CCI equipment or CCI system. \nNote: The integrated CCI component cannot perform any function by itself. It obtains power from the host equipment. An integrated CCI component may take a variety of forms (see paragraph 8 of the basic Instruction regarding the terminology for CCI component).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4001","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_card","abbrSyn":[{"text":"ICC","link":"https://csrc.nist.gov/glossary/term/icc"}],"definitions":null},{"term":"Integrated Circuit Card ID (ICCID)","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_card_id","definitions":[{"text":"The unique serial number assigned to, maintained within, and usually imprinted on the (U)SIM.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Integrated Circuit Card Identification","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_card_identification","abbrSyn":[{"text":"ICCID","link":"https://csrc.nist.gov/glossary/term/iccid"}],"definitions":[{"text":"a unique and immutable identifier maintained within the SIM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Integrated Circuit Chip","link":"https://csrc.nist.gov/glossary/term/integrated_circuit_chip","abbrSyn":[{"text":"ICC","link":"https://csrc.nist.gov/glossary/term/icc"}],"definitions":null},{"term":"Integrated Circuit(s) Card Device","link":"https://csrc.nist.gov/glossary/term/integrated_circuits_card_device","abbrSyn":[{"text":"ICCD","link":"https://csrc.nist.gov/glossary/term/iccd"}],"definitions":null},{"term":"Integrated Control and Safety Systems","link":"https://csrc.nist.gov/glossary/term/integrated_control_and_safety_systems","abbrSyn":[{"text":"icss","link":"https://csrc.nist.gov/glossary/term/icss"}],"definitions":null},{"term":"Integrated Development Environment","link":"https://csrc.nist.gov/glossary/term/integrated_development_environment","abbrSyn":[{"text":"IDE","link":"https://csrc.nist.gov/glossary/term/ide"}],"definitions":null},{"term":"Integrated Digital Enhanced Network (iDEN)","link":"https://csrc.nist.gov/glossary/term/integrated_digital_enhanced_network","abbrSyn":[{"text":"iDEN","link":"https://csrc.nist.gov/glossary/term/iden"}],"definitions":[{"text":"A proprietary mobile communications technology developed by Motorola that combines the capabilities of a digital cellular telephone with two-way radio.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a proprietary mobile communications technology developed by Motorola that combine the capabilities of a digital cellular telephone with two-way radio.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Integrated Digital Enhanced Network "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Integrated Digital Enhanced Network "}]}]},{"term":"Integrated Drive Electronics","link":"https://csrc.nist.gov/glossary/term/integrated_drive_electronics","abbrSyn":[{"text":"IDE","link":"https://csrc.nist.gov/glossary/term/ide"}],"definitions":null},{"term":"Integrated Risk Management","link":"https://csrc.nist.gov/glossary/term/integrated_risk_management","abbrSyn":[{"text":"IRM","link":"https://csrc.nist.gov/glossary/term/irm"}],"definitions":null},{"term":"Integrating Data for Analysis, Anonymization, and Sharing","link":"https://csrc.nist.gov/glossary/term/integrating_data_for_analysis_anonymization_and_sharing","abbrSyn":[{"text":"iDASH","link":"https://csrc.nist.gov/glossary/term/idash"}],"definitions":null},{"term":"Integrator","link":"https://csrc.nist.gov/glossary/term/integrator","definitions":[{"text":"An organization that customizes (e.g., combines, adds, optimizes) elements, processes, and systems. The integrator function can be performed by acquirer, integrator, or supplier organizations.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"}]},{"text":"A value-added engineering organization that focuses on industrial control and information systems, manufacturing execution systems, and plant automation, that has application knowledge and technical expertise, and provides an integrated solution to an engineering problem. This solution includes final project engineering, documentation, procurement of hardware, development of custom software, installation, testing, and commissioning.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"CSIA Guide to Control System Specification"},{"text":"CSIA","link":"https://www.controlsys.org/home"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"CSIA","link":"https://www.controlsys.org/home"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"CSIA","link":"https://www.controlsys.org/home"}]}]},{"text":"A value-added engineering organization that focuses on industrial control and information systems, manufacturing execution systems, and workcell automation, that has application knowledge and technical expertise, and provides an integrated solution to an engineering problem. This solution includes final project engineering, documentation, procurement of hardware, development of custom software, installation, testing, and commissioning.","sources":[{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"CSIA","link":"https://www.controlsys.org/home"}]}]}]},{"term":"Integrity authentication","link":"https://csrc.nist.gov/glossary/term/integrity_authentication","abbrSyn":[{"text":"Integrity protection","link":"https://csrc.nist.gov/glossary/term/integrity_protection"}],"definitions":[{"text":"A physical or cryptographic means of providing assurance that information has not been altered in an unauthorized manner since it was created, transmitted, or stored.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Integrity protection "}]},{"text":"The process of providing assurance that data has not been modified since an authentication code was created for that data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"See Integrity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Integrity protection "}]},{"text":"The process of providing assurance that data has not been modified since a message authentication code or digital signature was created for that data.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The process of determining the integrity of the data; also called data integrity authentication.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Integrity authentication (integrity verification) "}]},{"text":"The process of obtaining assurance that data has not been modified since an authentication code or digital signature was created for that data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The protection obtained for transmitted or stored data using an authentication code (e.g., MAC) or digital signature computed on that data. See Integrity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Integrity protection "}]}]},{"term":"integrity check value","link":"https://csrc.nist.gov/glossary/term/integrity_check_value","abbrSyn":[{"text":"ICV","link":"https://csrc.nist.gov/glossary/term/icv"}],"definitions":[{"text":"See checksum.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A fixed string that is prepended to the plaintext within the authenticated-encryption function of a key-wrap algorithm, in order to enable the verification of the integrity of the plaintext within the authenticated-decryption function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}],"seeAlso":[{"text":"checksum","link":"checksum"}]},{"term":"Integrity Impact","link":"https://csrc.nist.gov/glossary/term/integrity_impact","definitions":[{"text":"measures the potential impact to integrity of a successfully exploited misuse vulnerability. Integrity refers to the trustworthiness and guaranteed veracity of information.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Integrity Key","link":"https://csrc.nist.gov/glossary/term/integrity_key","abbrSyn":[{"text":"IK","link":"https://csrc.nist.gov/glossary/term/ik"}],"definitions":null},{"term":"Integrity Measurement Architecture","link":"https://csrc.nist.gov/glossary/term/integrity_measurement_architecture","abbrSyn":[{"text":"IMA","link":"https://csrc.nist.gov/glossary/term/ima"}],"definitions":null},{"term":"Integrity of Ciphertexts","link":"https://csrc.nist.gov/glossary/term/integrity_of_ciphertexts","abbrSyn":[{"text":"INT-CTXT","link":"https://csrc.nist.gov/glossary/term/int_ctxt"}],"definitions":null},{"term":"Integrity protection","link":"https://csrc.nist.gov/glossary/term/integrity_protection","abbrSyn":[{"text":"Integrity authentication","link":"https://csrc.nist.gov/glossary/term/integrity_authentication"}],"definitions":[{"text":"A physical or cryptographic means of providing assurance that information has not been altered in an unauthorized manner since it was created, transmitted, or stored.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The process of providing assurance that data has not been modified since an authentication code was created for that data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Integrity authentication "}]},{"text":"See Integrity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The process of providing assurance that data has not been modified since a message authentication code or digital signature was created for that data.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Integrity authentication "}]},{"text":"The process of obtaining assurance that data has not been modified since an authentication code or digital signature was created for that data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Integrity authentication "}]},{"text":"The protection obtained for transmitted or stored data using an authentication code (e.g., MAC) or digital signature computed on that data. See Integrity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"INTegrity under RUP","link":"https://csrc.nist.gov/glossary/term/integrity_under_rup","abbrSyn":[{"text":"INT-RUP","link":"https://csrc.nist.gov/glossary/term/int_rup"}],"definitions":null},{"term":"Integrity verification","link":"https://csrc.nist.gov/glossary/term/integrity_verification","definitions":[{"text":"Obtaining assurance that information has not been altered in an unauthorized manner since it was created, transmitted or stored.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Intel Advanced Encryption Standard New Instructions","link":"https://csrc.nist.gov/glossary/term/intel_advanced_encryption_standard_new_instructions","abbrSyn":[{"text":"Intel AES-NI","link":"https://csrc.nist.gov/glossary/term/intel_aes_ni"}],"definitions":null},{"term":"Intel AES-NI","link":"https://csrc.nist.gov/glossary/term/intel_aes_ni","abbrSyn":[{"text":"Intel Advanced Encryption Standard New Instructions","link":"https://csrc.nist.gov/glossary/term/intel_advanced_encryption_standard_new_instructions"}],"definitions":null},{"term":"Intel CET","link":"https://csrc.nist.gov/glossary/term/inet_cet","abbrSyn":[{"text":"Intel Control-Flow Enforcement Technology","link":"https://csrc.nist.gov/glossary/term/intel_control_flow_enforcement_technology"}],"definitions":null},{"term":"Intel CIT","link":"https://csrc.nist.gov/glossary/term/intel_cit","abbrSyn":[{"text":"Intel Cloud Integrity Technology","link":"https://csrc.nist.gov/glossary/term/intel_cloud_integrity_technology"}],"definitions":null},{"term":"Intel Cloud Integrity Technology","link":"https://csrc.nist.gov/glossary/term/intel_cloud_integrity_technology","abbrSyn":[{"text":"Intel CIT","link":"https://csrc.nist.gov/glossary/term/intel_cit"}],"definitions":null},{"term":"Intel Control-Flow Enforcement Technology","link":"https://csrc.nist.gov/glossary/term/intel_control_flow_enforcement_technology","abbrSyn":[{"text":"Intel CET","link":"https://csrc.nist.gov/glossary/term/inet_cet"}],"definitions":null},{"term":"Intel MKTME","link":"https://csrc.nist.gov/glossary/term/intel_mktme","abbrSyn":[{"text":"Intel Multi-Key Total Memory Encryption","link":"https://csrc.nist.gov/glossary/term/intel_multi_key_total_memory_encryption"}],"definitions":null},{"term":"Intel Multi-Key Total Memory Encryption","link":"https://csrc.nist.gov/glossary/term/intel_multi_key_total_memory_encryption","abbrSyn":[{"text":"Intel MKTME","link":"https://csrc.nist.gov/glossary/term/intel_mktme"}],"definitions":null},{"term":"Intel Security Libraries","link":"https://csrc.nist.gov/glossary/term/intel_security_libraries","abbrSyn":[{"text":"ISecL","link":"https://csrc.nist.gov/glossary/term/isecl"}],"definitions":null},{"term":"Intel Security Libraries for Data Center","link":"https://csrc.nist.gov/glossary/term/intel_security_libraries_for_data_center","abbrSyn":[{"text":"ISecL-DC","link":"https://csrc.nist.gov/glossary/term/isecl_dc"}],"definitions":null},{"term":"Intel TDX","link":"https://csrc.nist.gov/glossary/term/intel_tdx","abbrSyn":[{"text":"Intel Trust Domain Extensions","link":"https://csrc.nist.gov/glossary/term/intel_trust_domain_extensions"}],"definitions":null},{"term":"Intel TME","link":"https://csrc.nist.gov/glossary/term/intel_tme","abbrSyn":[{"text":"Intel Total Memory Encryption","link":"https://csrc.nist.gov/glossary/term/intel_total_memory_encryption"}],"definitions":null},{"term":"Intel Total Memory Encryption","link":"https://csrc.nist.gov/glossary/term/intel_total_memory_encryption","abbrSyn":[{"text":"Intel TME","link":"https://csrc.nist.gov/glossary/term/intel_tme"}],"definitions":null},{"term":"Intel TPM","link":"https://csrc.nist.gov/glossary/term/intel_tpm","abbrSyn":[{"text":"Intel Trusted Platform Module","link":"https://csrc.nist.gov/glossary/term/intel_trusted_platform_module"}],"definitions":null},{"term":"Intel Transparent Supply Chain","link":"https://csrc.nist.gov/glossary/term/intel_transparent_supply_chain","abbrSyn":[{"text":"Intel TSC","link":"https://csrc.nist.gov/glossary/term/intel_tsc"}],"definitions":null},{"term":"Intel Trust Domain Extensions","link":"https://csrc.nist.gov/glossary/term/intel_trust_domain_extensions","abbrSyn":[{"text":"Intel TDX","link":"https://csrc.nist.gov/glossary/term/intel_tdx"}],"definitions":null},{"term":"Intel Trusted Execution Technology","link":"https://csrc.nist.gov/glossary/term/intel_trusted_execution_technology","abbrSyn":[{"text":"Intel TXT","link":"https://csrc.nist.gov/glossary/term/intel_txt"}],"definitions":null},{"term":"Intel Trusted Platform Module","link":"https://csrc.nist.gov/glossary/term/intel_trusted_platform_module","abbrSyn":[{"text":"Intel TPM","link":"https://csrc.nist.gov/glossary/term/intel_tpm"}],"definitions":null},{"term":"Intel TSC","link":"https://csrc.nist.gov/glossary/term/intel_tsc","abbrSyn":[{"text":"Intel Transparent Supply Chain","link":"https://csrc.nist.gov/glossary/term/intel_transparent_supply_chain"}],"definitions":null},{"term":"Intel TXT","link":"https://csrc.nist.gov/glossary/term/intel_txt","abbrSyn":[{"text":"Intel Trusted Execution Technology","link":"https://csrc.nist.gov/glossary/term/intel_trusted_execution_technology"}],"definitions":null},{"term":"Intel Virtualization Technology","link":"https://csrc.nist.gov/glossary/term/intel_virtualization_technology","abbrSyn":[{"text":"Intel VT","link":"https://csrc.nist.gov/glossary/term/intel_vt"},{"text":"Intel VT-x","link":"https://csrc.nist.gov/glossary/term/intel_vt_x"}],"definitions":null},{"term":"Intel Virtualization Technology for Directed I/O","link":"https://csrc.nist.gov/glossary/term/intel_virtualization_technology_for_directed_i_o","abbrSyn":[{"text":"Intel VT-d","link":"https://csrc.nist.gov/glossary/term/intel_vt_d"}],"definitions":null},{"term":"Intel VT","link":"https://csrc.nist.gov/glossary/term/intel_vt","abbrSyn":[{"text":"Intel Virtualization Technology","link":"https://csrc.nist.gov/glossary/term/intel_virtualization_technology"}],"definitions":null},{"term":"Intel VT-d","link":"https://csrc.nist.gov/glossary/term/intel_vt_d","abbrSyn":[{"text":"Intel Virtualization Technology for Directed I/O","link":"https://csrc.nist.gov/glossary/term/intel_virtualization_technology_for_directed_i_o"}],"definitions":null},{"term":"Intel VT-x","link":"https://csrc.nist.gov/glossary/term/intel_vt_x","abbrSyn":[{"text":"Intel Virtualization Technology","link":"https://csrc.nist.gov/glossary/term/intel_virtualization_technology"}],"definitions":null},{"term":"intellectual property","link":"https://csrc.nist.gov/glossary/term/intellectual_property","abbrSyn":[{"text":"IP","link":"https://csrc.nist.gov/glossary/term/ip"}],"definitions":[{"text":"Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Intellectual Property "}]}]},{"term":"intelligence","link":"https://csrc.nist.gov/glossary/term/intelligence","abbrSyn":[{"text":"all-source intelligence","link":"https://csrc.nist.gov/glossary/term/all_source_intelligence"}],"definitions":[{"text":"In intelligence collection, a phrase that indicates that in the satisfaction of intelligence requirements, all collection, processing, exploitation, and reporting systems and resources are identified for possible use and those most capable are tasked."},{"text":"2. The term 'intelligence' includes foreign intelligence and counterintelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"50 U.S.C., Sec. 3003","link":"https://www.govinfo.gov/app/details/USCODE-2013-title50/USCODE-2013-title50-chap44-sec3003"}]}]},{"text":"Intelligence products and/or organizations and activities that incorporate all sources of information, most frequently human resources intelligence, imagery intelligence, measurement and signature intelligence, signals intelligence, and open source data in the production of finished intelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under all-source intelligence ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/","note":" - Adapted"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The term 'intelligence' means (1) the product resulting from the collection, processing, integration, analysis, evaluation, and interpretation of available information concerning foreign\ncountries or areas; or (2) information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding. The term 'intelligence' includes foreign intelligence and counterintelligence.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Intelligence ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"},{"text":"50 U.S.C., Ch 15","link":"https://uscode.house.gov/view.xhtml?path=/prelim@title50/chapter15&edition=prelim"}]}]},{"text":"1\na. The product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations. \nb. The activities that result in the product. \nc. The organizations engaged in such activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"JP 2-0","link":"https://www.jcs.mil/Doctrine/Joint-Doctrine-Pubs/2-0-Intelligence-Series/"}]}]},{"text":"(i) the product resulting from the collection, processing, integration, analysis, evaluation, and interpretation of available information concerning foreign countries or areas; or\n(ii) information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding. The term 'intelligence' includes foreign intelligence and counterintelligence.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Intelligence "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Intelligence "}]},{"text":"Intelligence products and/or organizations and activities that incorporate all sources of information, most frequently including human resources intelligence, imagery intelligence, measurement and signature intelligence, signals intelligence, and open-source data in the production of finished intelligence.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under all-source intelligence ","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"intelligence activities","link":"https://csrc.nist.gov/glossary/term/intelligence_activities","definitions":[{"text":"All activities that agencies within the Intelligence Community are authorized to conduct pursuant to Executive Order (E.O.) 12333, United States Intelligence Activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 12333","link":"https://www.archives.gov/federal-register/codification/executive-order/12333.html"}]}]},{"text":"The term 'intelligence activities' includes all activities that agencies within the Intelligence Community are authorized to conduct pursuant to Executive Order 12333, United States Intelligence Activities.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Intelligence Activities ","refSources":[{"text":"E.O. 12333","link":"https://www.archives.gov/federal-register/codification/executive-order/12333.html"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Intelligence Activities "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Intelligence Activities "}]}]},{"term":"Intelligence Advanced Research Projects Activity","link":"https://csrc.nist.gov/glossary/term/intelligence_advanced_research_projects_activity","abbrSyn":[{"text":"IARPA","link":"https://csrc.nist.gov/glossary/term/iarpa"}],"definitions":null},{"term":"intelligence community (IC)","link":"https://csrc.nist.gov/glossary/term/intelligence_community","abbrSyn":[{"text":"IC","link":"https://csrc.nist.gov/glossary/term/ic"}],"definitions":[{"text":"Intelligence Community and elements of the Intelligence Community refers to: \n(1) The Office of the Director of National Intelligence; \n(2) The Central Intelligence Agency; \n(3) The National Security Agency; \n(4) The Defense Intelligence Agency; \n(5) The National Geospatial-Intelligence Agency; \n(6) The National Reconnaissance Office; \n(7) The other offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs; \n(8) The intelligence and counterintelligence elements of the Army, the Navy, the Air Force, and the Marine Corps; \n(9) The intelligence elements of the Federal Bureau of Investigation; \n(10) The Office of National Security Intelligence of the Drug Enforcement Administration; \n(11) The Office of Intelligence and Counterintelligence of the Department of Energy; \n(12) The Bureau of Intelligence and Research of the Department of State; \n(13) The Office of Intelligence and Analysis of the Department of the Treasury; \n(14) The Office of Intelligence and Analysis of the Department of Homeland Security; \n(15) The intelligence and counterintelligence elements of the Coast Guard; and \n(16) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director and the head of the department or agency concerned, as an element of the Intelligence Community.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 12333 (As amended by E.O.s 13284 (2003), 13355 (2004) and 13470 (2008))","link":"https://fas.org/irp/offdocs/eo/eo-12333-2008.pdf"}]}]},{"text":"The term 'intelligence community' refers to the following agencies or organizations:\n(1) The Central Intelligence Agency (CIA);\n(2) The National Security Agency (NSA);\n(3) The Defense Intelligence Agency (DIA);\n(4) The offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs;\n(5) The Bureau of Intelligence and Research of the Department of State;\n(6) The int elligence elements of the Army, Navy, Air Force, and Marine Corps, the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Department of Energy; and\n(7) The staff elements of the Director of Central Intelligence.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Intelligence Community ","refSources":[{"text":"E.O. 12333","link":"https://www.archives.gov/federal-register/codification/executive-order/12333.html"}]}]},{"text":"The term 'intelligence community' refers to the following agencies or organizations:\n(i) The Central Intelligence Agency (CIA);\n(ii)The National Security Agency (NSA);\n(iii) The Defense Intelligence Agency (DIA);\n(iv) The offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs;\n(v) The Bureau of Intelligence and Research of the Department of State;\n(vi) The intelligence elements of the Army, Navy, Air Force, and Marine Corps, the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Department of Energy; and\n(vii) The staff elements of the Director of Central Intelligence.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Intelligence Community "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Intelligence Community "}]}]},{"term":"Intelligence Community Directive","link":"https://csrc.nist.gov/glossary/term/intelligence_community_directive","abbrSyn":[{"text":"ICD","link":"https://csrc.nist.gov/glossary/term/icd"}],"definitions":null},{"term":"Intelligence Community Standard","link":"https://csrc.nist.gov/glossary/term/intelligence_community_standard","abbrSyn":[{"text":"ICS","link":"https://csrc.nist.gov/glossary/term/ics"}],"definitions":null},{"term":"Intelligent Transportation System Joint Program Office","link":"https://csrc.nist.gov/glossary/term/intelligent_transportation_system_joint_program_office","abbrSyn":[{"text":"ITS JPO","link":"https://csrc.nist.gov/glossary/term/its_jpo"}],"definitions":null},{"term":"Intelligent Virtual Assistant","link":"https://csrc.nist.gov/glossary/term/intelligent_virtual_assistant","abbrSyn":[{"text":"IVA","link":"https://csrc.nist.gov/glossary/term/iva"}],"definitions":null},{"term":"Intended owner","link":"https://csrc.nist.gov/glossary/term/intended_owner","definitions":[{"text":"An entity that intends to act as a signatory but has not yet obtained a private key that will be used to generate digital signatures.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Intended signatory","link":"https://csrc.nist.gov/glossary/term/intended_signatory","definitions":[{"text":"An entity that intends to generate digital signatures in the future.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Inter Switch Link","link":"https://csrc.nist.gov/glossary/term/inter_switch_link","abbrSyn":[{"text":"ISL","link":"https://csrc.nist.gov/glossary/term/isl"}],"definitions":null},{"term":"interactive application security testing","link":"https://csrc.nist.gov/glossary/term/interactive_application_security_testing","abbrSyn":[{"text":"IAST","link":"https://csrc.nist.gov/glossary/term/iast"}],"definitions":null},{"term":"Interactive User","link":"https://csrc.nist.gov/glossary/term/interactive_user","definitions":[{"text":"A person who uses an SSH client to access one or more SSH servers, typically to perform administrative operations, transfer data, or access applications.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Interagency Council on Standards Policy","link":"https://csrc.nist.gov/glossary/term/interagency_council_on_standards_policy","abbrSyn":[{"text":"ICSP","link":"https://csrc.nist.gov/glossary/term/icsp"}],"definitions":null},{"term":"Interagency Council on Statistical Policy","link":"https://csrc.nist.gov/glossary/term/interagency_council_on_statistical_policy","abbrSyn":[{"text":"ICSP","link":"https://csrc.nist.gov/glossary/term/icsp"}],"definitions":null},{"term":"Interagency International Cybersecurity Standardization Working Group","link":"https://csrc.nist.gov/glossary/term/interagency_international_cybersecurity_standardization_working_group","abbrSyn":[{"text":"IICS WG","link":"https://csrc.nist.gov/glossary/term/iics_wg"},{"text":"IICSWG","link":"https://csrc.nist.gov/glossary/term/iicswg"}],"definitions":null},{"term":"Interagency Working Group","link":"https://csrc.nist.gov/glossary/term/interagency_working_group","abbrSyn":[{"text":"IWG","link":"https://csrc.nist.gov/glossary/term/iwg"}],"definitions":null},{"term":"interchangeable","link":"https://csrc.nist.gov/glossary/term/interchangeable","definitions":[{"text":"The ability to combine signals from multiple PNT data sources into a single PNT solution, as well as the ability to provide a solution from an alternative source when a primary source is not available.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"interconnection","link":"https://csrc.nist.gov/glossary/term/interconnection","definitions":[{"text":"See system interconnection.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"interconnection security agreement (ISA)","link":"https://csrc.nist.gov/glossary/term/interconnection_security_agreement","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":[{"text":"A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a cross-domain connection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"In this guide, an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Interconnection Security Agreement (ISA) "}]},{"text":"A document specifying information security requirements for system interconnections, including the security requirements expected for the impact level of the information being exchanged for all participating systems.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1","underTerm":" under interconnection security agreement "}]}]},{"term":"Interconnection Service Agreement","link":"https://csrc.nist.gov/glossary/term/interconnection_service_agreement","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":null},{"term":"Inter-control Center Communications Protocol","link":"https://csrc.nist.gov/glossary/term/inter_control_center_communications_protocol","abbrSyn":[{"text":"ICCP","link":"https://csrc.nist.gov/glossary/term/iccp"}],"definitions":null},{"term":"Inter-Enterprise Subsystem","link":"https://csrc.nist.gov/glossary/term/inter_enterprise_subsystem","definitions":[{"text":"The portion of the RFID system that connects multiple enterprise subsystems together. The inter-enterprise subsystem consists of network infrastructure, a naming service, and possibly a discovery service. Inter-enterprise subsystems are most commonly associated with supply chain applications.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"interface","link":"https://csrc.nist.gov/glossary/term/interface","definitions":[{"text":"A boundary between the IoT device and entities where interactions take place. There are two types of interfaces: network and local.","sources":[{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Interface ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"Wherever two or more logical, physical, or both system elements or software system elements meet and act on or communicate with each other.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"In a service-oriented architecture, a specification of the operations that a service offers its clients. In WSDL 2.0 an interface component describes sequences of messages that a service sends or receives. In WSDL 1.1 an interface is specified in a portType element.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Interface ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"Common boundary between independent systems or modules where interactions take place.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A boundary between the IoT device and entities where interactio","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","underTerm":" under Interface ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Derived"}]}]}]},{"term":"Interface Capabilities","link":"https://csrc.nist.gov/glossary/term/interface_capabilities","definitions":[{"text":"Capabilities which enable interactions involving IoT devices (e.g., device-to-device communications, human-to-device communications). The types of interface capabilities are application, human user, and network.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Interface Configuration Utility","link":"https://csrc.nist.gov/glossary/term/interface_configuration_utility","abbrSyn":[{"text":"ICU","link":"https://csrc.nist.gov/glossary/term/icu"}],"definitions":null},{"term":"interference detection and mitigation","link":"https://csrc.nist.gov/glossary/term/interference_detection_and_mitigation","abbrSyn":[{"text":"IDM","link":"https://csrc.nist.gov/glossary/term/idm"}],"definitions":null},{"term":"Interim Approval to Operate","link":"https://csrc.nist.gov/glossary/term/interim_approval_to_operate","abbrSyn":[{"text":"IATO","link":"https://csrc.nist.gov/glossary/term/iato"}],"definitions":[{"text":"Temporary authorization granted by principal accrediting authority (PAA) or authorizing official (AO) for an information system to process information based on preliminary results of a security evaluation of the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under interim approval to operate "}]},{"text":"Interim Authorization to Operate; issued by a DAO to an issuer who is not satisfactorily performing PIV Card and/or Derived PIV Credential specified services (e.g., identity proofing/registration (if applicable)), card/token production, activation/issuance and maintenance).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under IATO "}]}]},{"term":"interim authorization to test (IATT)","link":"https://csrc.nist.gov/glossary/term/interim_authorization_to_test","abbrSyn":[{"text":"IATT","link":"https://csrc.nist.gov/glossary/term/iatt"}],"definitions":[{"text":"Temporary authorization to test an information system in a specified operational information environment within the timeframe and under the conditions or constraints enumerated in the written authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Inter-Integrated Circuit","link":"https://csrc.nist.gov/glossary/term/inter_integrated_circuit","abbrSyn":[{"text":"I2C","link":"https://csrc.nist.gov/glossary/term/i2c"}],"definitions":null},{"term":"Interior Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/interior_border_gateway_protocol","abbrSyn":[{"text":"iBGP","link":"https://csrc.nist.gov/glossary/term/ibgp"}],"definitions":null},{"term":"Interior Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/interior_gateway_protocol","abbrSyn":[{"text":"IGP","link":"https://csrc.nist.gov/glossary/term/igp"}],"definitions":null},{"term":"Intermediary Service","link":"https://csrc.nist.gov/glossary/term/intermediary_service","definitions":[{"text":"A component that lies between the Service Client (subscriber) and the Service Provider (publisher). It intercepts the request from the Service Client, provides the service (functionality), and forwards the request to the Service Provider. Similarly, it intercepts the response from the Service Provider and forwards it to the Service Client.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Irani, Romin, Web Services Intermediaries: Adding Value to Web Services"}]}]}]},{"term":"Intermediate Certification Authority (CA)","link":"https://csrc.nist.gov/glossary/term/intermediate_certification_authority","definitions":[{"text":"A CA that is signed by a superior CA (e.g., a Root CA or another Intermediate CA) and signs CAs (e.g., another Intermediate or Subordinate CA). The Intermediate CA exists in the middle of a trust chain between the Trust Anchor, or Root, and the subscriber certificate issuing Subordinate CAs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A CA that is subordinate to another CA, and has a CA subordinate to itself.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Intermediate CA "}]}]},{"term":"Intermediate Link Key","link":"https://csrc.nist.gov/glossary/term/intermediate_link_key","abbrSyn":[{"text":"ILK","link":"https://csrc.nist.gov/glossary/term/ilk"}],"definitions":null},{"term":"Intermediate Long Term Key","link":"https://csrc.nist.gov/glossary/term/intermediate_long_term_key","abbrSyn":[{"text":"ILTK","link":"https://csrc.nist.gov/glossary/term/iltk"}],"definitions":null},{"term":"intermittent ad-hoc connection","link":"https://csrc.nist.gov/glossary/term/intermittent_ad_hoc_connection","definitions":[{"text":"A needs-based connection initiated for a specific time or purpose after which the connection is terminated. Intermittent connections are most often made via virtual connection.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"internal assessment engagement","link":"https://csrc.nist.gov/glossary/term/internal_assessment_engagement","definitions":[{"text":"Formal engagement led by a team within the organization that determines element judgments.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"},{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Internal BGP","link":"https://csrc.nist.gov/glossary/term/internal_bgp","abbrSyn":[{"text":"iBGP","link":"https://csrc.nist.gov/glossary/term/ibgp"}],"definitions":null},{"term":"Internal Border Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/internal_border_gateway_protocol","abbrSyn":[{"text":"IBGP"}],"definitions":[{"text":"A BGP operation communicating routing information within an AS.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54","underTerm":" under IBGP "}]}]},{"term":"Internal Control","link":"https://csrc.nist.gov/glossary/term/internal_control","definitions":[{"text":"An overarching mechanism that an enterprise uses to achieve and monitor enterprise objectives.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Internal Gateway Protocol","link":"https://csrc.nist.gov/glossary/term/internal_gateway_protocol","abbrSyn":[{"text":"IGP","link":"https://csrc.nist.gov/glossary/term/igp"}],"definitions":null},{"term":"internal network","link":"https://csrc.nist.gov/glossary/term/internal_network","definitions":[{"text":"A network in which the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors or in which the cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (with regard to confidentiality and integrity). An internal network is typically organization-owned yet may be organization-controlled while not being organization-owned.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A network where establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or the cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints, provides the same effect (with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints, provides the same effect (at least with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Internal Network "}]},{"text":"A network where the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors. Cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (at least regarding confidentiality and integrity). An internal network is typically organization-owned yet may be organization-controlled while not being organization-owned.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A network where the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors, or the cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (with regard to confidentiality and integrity). An internal network is typically organization-owned yet may be organization-controlled while not being organization-owned.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"internal security controls","link":"https://csrc.nist.gov/glossary/term/internal_security_controls","definitions":[{"text":"Hardware, firmware, or software features within an information system that restrict access to resources to only authorized subjects.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Internal Security Testing","link":"https://csrc.nist.gov/glossary/term/internal_security_testing","definitions":[{"text":"Security testing conducted from inside the organization’s security perimeter.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Internal State","link":"https://csrc.nist.gov/glossary/term/internal_state","definitions":[{"text":"The collection of stored information about a DRBG instantiation. This can include both secret and non-secret information. Compare to working state.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Internal Trusted Storage","link":"https://csrc.nist.gov/glossary/term/internal_trusted_storage","abbrSyn":[{"text":"ITS","link":"https://csrc.nist.gov/glossary/term/its"}],"definitions":null},{"term":"International Association for Automation and Robotics in Construction","link":"https://csrc.nist.gov/glossary/term/intl_assoc_for_automation_and_robotics_in_construction","abbrSyn":[{"text":"IAARC","link":"https://csrc.nist.gov/glossary/term/iaarc"}],"definitions":null},{"term":"International Association of Computer Investigative Specialists","link":"https://csrc.nist.gov/glossary/term/international_association_of_computer_investigative_specialists","abbrSyn":[{"text":"IACIS","link":"https://csrc.nist.gov/glossary/term/iacis"}],"definitions":null},{"term":"International Association of Privacy Professionals","link":"https://csrc.nist.gov/glossary/term/international_association_of_privacy_professionals","abbrSyn":[{"text":"IAPP","link":"https://csrc.nist.gov/glossary/term/iapp"}],"definitions":null},{"term":"International Atomic Energy Agency","link":"https://csrc.nist.gov/glossary/term/international_atomic_energy_agency","abbrSyn":[{"text":"IAEA","link":"https://csrc.nist.gov/glossary/term/iaea"}],"definitions":null},{"term":"International Atomic Time","link":"https://csrc.nist.gov/glossary/term/international_atomic_time","abbrSyn":[{"text":"TAI","link":"https://csrc.nist.gov/glossary/term/tai"}],"definitions":null},{"term":"International Civil Aviation Organization","link":"https://csrc.nist.gov/glossary/term/international_civil_aviation_organization","abbrSyn":[{"text":"ICAO","link":"https://csrc.nist.gov/glossary/term/icao"}],"definitions":null},{"term":"InterNational Committee for Information Technology Standards","link":"https://csrc.nist.gov/glossary/term/international_committee_for_information_technology_standards","abbrSyn":[{"text":"INCITS","link":"https://csrc.nist.gov/glossary/term/incits"}],"definitions":null},{"term":"International Council on Large Electric Systems","link":"https://csrc.nist.gov/glossary/term/international_council_on_large_electric_systems","abbrSyn":[{"text":"CIGRE","link":"https://csrc.nist.gov/glossary/term/cigre"}],"definitions":null},{"term":"International Council on Systems Engineering","link":"https://csrc.nist.gov/glossary/term/international_council_on_systems_engineering","abbrSyn":[{"text":"INCOSE","link":"https://csrc.nist.gov/glossary/term/incose"}],"definitions":null},{"term":"International Criminal Police Organization","link":"https://csrc.nist.gov/glossary/term/international_criminal_police_organization","abbrSyn":[{"text":"INTERPOL","link":"https://csrc.nist.gov/glossary/term/interpol"}],"definitions":null},{"term":"International Cryptographic Module Conference","link":"https://csrc.nist.gov/glossary/term/international_cryptographic_module_conference","abbrSyn":[{"text":"ICMC","link":"https://csrc.nist.gov/glossary/term/icmc"}],"definitions":null},{"term":"International Earth Rotation and Reference Systems Service","link":"https://csrc.nist.gov/glossary/term/international_earth_rotation_and_reference_systems_service","abbrSyn":[{"text":"IERS","link":"https://csrc.nist.gov/glossary/term/iers"}],"definitions":null},{"term":"International Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/international_electrotechnical_commission","abbrSyn":[{"text":"IEC","link":"https://csrc.nist.gov/glossary/term/iec"}],"definitions":null},{"term":"International Federation for Information Processing","link":"https://csrc.nist.gov/glossary/term/international_federation_for_information_processing","abbrSyn":[{"text":"IFIP","link":"https://csrc.nist.gov/glossary/term/ifip"}],"definitions":null},{"term":"International Household Survey Network","link":"https://csrc.nist.gov/glossary/term/international_household_survey_network","abbrSyn":[{"text":"IHSN","link":"https://csrc.nist.gov/glossary/term/ihsn"}],"definitions":null},{"term":"International Maritime Organization","link":"https://csrc.nist.gov/glossary/term/international_maritime_organization","abbrSyn":[{"text":"IMO","link":"https://csrc.nist.gov/glossary/term/imo"}],"definitions":null},{"term":"International Mobile Equipment Identifier","link":"https://csrc.nist.gov/glossary/term/international_mobile_equipment_identifier","abbrSyn":[{"text":"IMEI","link":"https://csrc.nist.gov/glossary/term/imei"}],"definitions":null},{"term":"International Mobile Equipment Identity (IMEI)","link":"https://csrc.nist.gov/glossary/term/international_mobile_equipment_identity","abbrSyn":[{"text":"IMEI","link":"https://csrc.nist.gov/glossary/term/imei"}],"definitions":[{"text":"A unique identification number programmed into GSM and UMTS mobile devices.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a unique number programmed into GSM and UMTS mobile phones.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under International Mobile Equipment Identity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under International Mobile Equipment Identity "}]}]},{"term":"International Mobile Subscriber Identity (IMSI)","link":"https://csrc.nist.gov/glossary/term/international_mobile_subscriber_identity","abbrSyn":[{"text":"IMSI","link":"https://csrc.nist.gov/glossary/term/imsi"}],"definitions":[{"text":"A unique number associated with every GSM mobile phone subscriber, which is maintained on a (U)SIM.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a unique number associated with every GSM mobile phone user.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under International Mobile Subscriber Identity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under International Mobile Subscriber Identity "}]}]},{"term":"International Organization for Standardization","link":"https://csrc.nist.gov/glossary/term/international_organization_for_standardization","abbrSyn":[{"text":"ISO","link":"https://csrc.nist.gov/glossary/term/iso"}],"definitions":null},{"term":"International Organization for Standardization/International Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/international_organization_for_standardization_international_electrotechnical_commission","abbrSyn":[{"text":"IEC/ISO"},{"text":"ISO/IEC","link":"https://csrc.nist.gov/glossary/term/iso_iec"},{"text":"ISO/ITU-T","link":"https://csrc.nist.gov/glossary/term/iso_itu_t"}],"definitions":null},{"term":"International Society of Automation","link":"https://csrc.nist.gov/glossary/term/international_society_of_automation","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":null},{"term":"International Systems Security Engineering Association","link":"https://csrc.nist.gov/glossary/term/international_systems_security_engineering_association","abbrSyn":[{"text":"ISSEA","link":"https://csrc.nist.gov/glossary/term/issea"}],"definitions":null},{"term":"International Telecommunication Union - Telecommunication","link":"https://csrc.nist.gov/glossary/term/international_telecommunication_union_telecommunication","abbrSyn":[{"text":"ITU-T","link":"https://csrc.nist.gov/glossary/term/itu_t"}],"definitions":null},{"term":"International Terrestrial Reference Frame","link":"https://csrc.nist.gov/glossary/term/international_terrestrial_reference_frame","abbrSyn":[{"text":"ITRF","link":"https://csrc.nist.gov/glossary/term/itrf"}],"definitions":null},{"term":"International Terrestrial Reference System","link":"https://csrc.nist.gov/glossary/term/international_terrestrial_reference_system","abbrSyn":[{"text":"ITRS","link":"https://csrc.nist.gov/glossary/term/itrs"}],"definitions":null},{"term":"International Traffic in Arms Regulation","link":"https://csrc.nist.gov/glossary/term/international_traffic_in_arms_regulation","abbrSyn":[{"text":"ITAR","link":"https://csrc.nist.gov/glossary/term/itar"}],"definitions":null},{"term":"Internet Architecture Board","link":"https://csrc.nist.gov/glossary/term/internet_architecture_board","abbrSyn":[{"text":"IAB","link":"https://csrc.nist.gov/glossary/term/iab"}],"definitions":null},{"term":"Internet Assigned Number Authority","link":"https://csrc.nist.gov/glossary/term/internet_assigned_number_authority","abbrSyn":[{"text":"IANA","link":"https://csrc.nist.gov/glossary/term/iana"}],"definitions":null},{"term":"Internet Assigned Numbers Authority","link":"https://csrc.nist.gov/glossary/term/internet_assigned_numbers_authority","abbrSyn":[{"text":"IANA","link":"https://csrc.nist.gov/glossary/term/iana"}],"definitions":null},{"term":"Internet Control Message Protocol","link":"https://csrc.nist.gov/glossary/term/internet_control_message_protocol","abbrSyn":[{"text":"ICMP","link":"https://csrc.nist.gov/glossary/term/icmp"}],"definitions":null},{"term":"Internet Corporation for Assigned Names and Numbers","link":"https://csrc.nist.gov/glossary/term/internet_corporation_for_assigned_names_and_numbers","abbrSyn":[{"text":"ICANN","link":"https://csrc.nist.gov/glossary/term/icann"}],"definitions":null},{"term":"Internet Engineering Task Force (IETF)","link":"https://csrc.nist.gov/glossary/term/internet_engineering_task_force_ietf","abbrSyn":[{"text":"IETF","link":"https://csrc.nist.gov/glossary/term/ietf"}],"definitions":[{"text":"The Internet Engineering Task Force is the premier Internet standards body that develops open Internet standards.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Internet Engineering Task Force "}]},{"text":"The internet standards organization made up of network designers, operators, vendors, and researchers that defines protocol standards (e.g., IP, TCP, DNS) through process of collaboration and consensus.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Engineering Task Force "}]}]},{"term":"Internet Exchange Point","link":"https://csrc.nist.gov/glossary/term/internet_exchange_point","abbrSyn":[{"text":"IXP","link":"https://csrc.nist.gov/glossary/term/ixp"}],"definitions":null},{"term":"Internet Fibre-Channel Protocol","link":"https://csrc.nist.gov/glossary/term/internet_fibre_channel_protocol","abbrSyn":[{"text":"iFCP","link":"https://csrc.nist.gov/glossary/term/ifcp"}],"definitions":null},{"term":"Internet Group Management Protocol","link":"https://csrc.nist.gov/glossary/term/internet_group_management_protocol","abbrSyn":[{"text":"IGMP","link":"https://csrc.nist.gov/glossary/term/igmp"}],"definitions":null},{"term":"Internet Information Server","link":"https://csrc.nist.gov/glossary/term/internet_information_server","abbrSyn":[{"text":"IIS","link":"https://csrc.nist.gov/glossary/term/iis"}],"definitions":null},{"term":"Internet Information Services","link":"https://csrc.nist.gov/glossary/term/internet_information_services","abbrSyn":[{"text":"IIS","link":"https://csrc.nist.gov/glossary/term/iis"}],"definitions":null},{"term":"Internet Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/internet_infrastructure_protection","abbrSyn":[{"text":"IIP","link":"https://csrc.nist.gov/glossary/term/iip"}],"definitions":null},{"term":"Internet Key Exchange","link":"https://csrc.nist.gov/glossary/term/internet_key_exchange","abbrSyn":[{"text":"IKE","link":"https://csrc.nist.gov/glossary/term/ike"}],"definitions":null},{"term":"Internet Key Exchange (IKE)","link":"https://csrc.nist.gov/glossary/term/internet_key_exchange_ike","definitions":[{"text":"The Internet Engineering Task Force (IETF) protocol (RFC 5996) that is used to set up a security association in the Internet Protocol Security (IPsec) protocol suite.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A protocol used to negotiate, create, and manage its own (IKE) and IPsec security associations.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Internet Message Access Protocol (IMAP)","link":"https://csrc.nist.gov/glossary/term/internet_message_access_protocol","abbrSyn":[{"text":"IMAP","link":"https://csrc.nist.gov/glossary/term/imap"}],"definitions":[{"text":"A mailbox access protocol defined by IETF RFC 3501. IMAP is one of the most commonly used mailbox access protocols. IMAP offers a much wider command set than POP.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]},{"text":"a method of communication used to read electronic mail stored in a remote server.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Message Access Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Internet Message Access Protocol "}]},{"text":"A method of communication used to read electronic messages stored in a remote server.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Internet Message Access Protocol "}]}]},{"term":"Internet Number Resource","link":"https://csrc.nist.gov/glossary/term/internet_number_resource","abbrSyn":[{"text":"INR","link":"https://csrc.nist.gov/glossary/term/inr"}],"definitions":null},{"term":"Internet of Medical Things","link":"https://csrc.nist.gov/glossary/term/internet_of_medical_things","abbrSyn":[{"text":"IoMT","link":"https://csrc.nist.gov/glossary/term/iomt"}],"definitions":null},{"term":"internet of things","link":"https://csrc.nist.gov/glossary/term/internet_of_things","abbrSyn":[{"text":"IoT","link":"https://csrc.nist.gov/glossary/term/iot"}],"definitions":[{"text":"As used in this publication, user or industrial devices that are connected to the internet. IoT devices include sensors, controllers, and household appliances.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet of Things (IoT) "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet of Things (IoT) "}]},{"text":"The network of devices that contain the hardware, software, firmware, and actuators which allow the devices to connect, interact, and freely exchange data and information.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"Internet Protocol","link":"https://csrc.nist.gov/glossary/term/internet_protocol","abbrSyn":[{"text":"IP","link":"https://csrc.nist.gov/glossary/term/ip"}],"definitions":[{"text":"Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under internet protocol "}]},{"text":"The Internet Protocol, as defined in IETF RFC 6864, which is the principal communications protocol in the IETF Internet protocol suite for specifying system address information when relaying datagrams across network boundaries.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Internet Protocol (IP) addresses","link":"https://csrc.nist.gov/glossary/term/internet_protocol_ip_addresses","definitions":[{"text":"Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.","sources":[{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]}]},{"term":"Internet Protocol Security","link":"https://csrc.nist.gov/glossary/term/internet_protocol_security","abbrSyn":[{"text":"IPsec","link":"https://csrc.nist.gov/glossary/term/ipsec"},{"text":"IPSEC"}],"definitions":[{"text":"An OSI Network layer security protocol that provides authentication and encryption over IP networks.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]"}]},{"text":"A protocol that adds security features to the standard IP protocol to provide confidentiality and integrity services.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Internet Protocol version","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version","abbrSyn":[{"text":"IPv","link":"https://csrc.nist.gov/glossary/term/ipv"}],"definitions":null},{"term":"Internet Protocol version 4","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version_4","abbrSyn":[{"text":"IPv4","link":"https://csrc.nist.gov/glossary/term/ipv4"}],"definitions":null},{"term":"Internet Protocol version 6","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version_6","abbrSyn":[{"text":"IPv6","link":"https://csrc.nist.gov/glossary/term/ipv6"}],"definitions":null},{"term":"Internet Relay Chat","link":"https://csrc.nist.gov/glossary/term/internet_relay_chat","abbrSyn":[{"text":"IRC","link":"https://csrc.nist.gov/glossary/term/irc"}],"definitions":null},{"term":"Internet Research Task Force","link":"https://csrc.nist.gov/glossary/term/internet_research_task_force","abbrSyn":[{"text":"IRTF","link":"https://csrc.nist.gov/glossary/term/irtf"}],"definitions":null},{"term":"Internet Router Discover Protocol","link":"https://csrc.nist.gov/glossary/term/internet_router_discover_protocol","abbrSyn":[{"text":"IRDP","link":"https://csrc.nist.gov/glossary/term/irdp"}],"definitions":null},{"term":"Internet Routing Registry","link":"https://csrc.nist.gov/glossary/term/internet_routing_registry","abbrSyn":[{"text":"IRR","link":"https://csrc.nist.gov/glossary/term/irr"}],"definitions":null},{"term":"Internet Security Association and Key Management Protocol","link":"https://csrc.nist.gov/glossary/term/internet_security_association_and_key_management_protocol","abbrSyn":[{"text":"ISAKMP","link":"https://csrc.nist.gov/glossary/term/isakmp"}],"definitions":null},{"term":"Internet Server Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/internet_server_application_programming_interface","abbrSyn":[{"text":"ISAPI","link":"https://csrc.nist.gov/glossary/term/isapi"}],"definitions":null},{"term":"Internet Service Provider","link":"https://csrc.nist.gov/glossary/term/internet_service_provider","abbrSyn":[{"text":"ISP","link":"https://csrc.nist.gov/glossary/term/isp"}],"definitions":null},{"term":"Internet Small Computer Systems Interface","link":"https://csrc.nist.gov/glossary/term/internet_small_computer_systems_interface","note":"(IP version of SCSI)","abbrSyn":[{"text":"iSCSI","link":"https://csrc.nist.gov/glossary/term/iscsi"}],"definitions":null},{"term":"Internet Storage Name Service","link":"https://csrc.nist.gov/glossary/term/internet_storage_name_service","abbrSyn":[{"text":"iSNS","link":"https://csrc.nist.gov/glossary/term/isns"}],"definitions":null},{"term":"Internet Systems Consortium","link":"https://csrc.nist.gov/glossary/term/internet_systems_consortium","abbrSyn":[{"text":"ISC","link":"https://csrc.nist.gov/glossary/term/isc"}],"definitions":null},{"term":"Internetwork Operating System","link":"https://csrc.nist.gov/glossary/term/internetwork_operating_system","abbrSyn":[{"text":"IOS","link":"https://csrc.nist.gov/glossary/term/cisco_ios"}],"definitions":null},{"term":"Internetwork Packet Exchange","link":"https://csrc.nist.gov/glossary/term/internetwork_packet_exchange","abbrSyn":[{"text":"IPX","link":"https://csrc.nist.gov/glossary/term/ipx"}],"definitions":null},{"term":"Interoperability","link":"https://csrc.nist.gov/glossary/term/interoperability","definitions":[{"text":"The ability of one entity to communicate with another entity.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"For the purposes of this standard, interoperability allows any government facility or information system, regardless of the PIV Issuer, to verify a cardholder’s identity using the credentials on the PIV Card.","sources":[{"text":"FIPS 201","note":" [version unknown]"}]}]},{"term":"Interoperability Test","link":"https://csrc.nist.gov/glossary/term/interoperability_test","definitions":[{"text":"Interoperability tests measure the performance associated with the use of standardized biometric data records in a multiple vendor environment. It involves the production of the templates by N enrollment products and authentication of these against images processed by M others.","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"interoperating system","link":"https://csrc.nist.gov/glossary/term/interoperating_system","definitions":[{"text":"System that exchanges information with the system of interest and uses the information that has been exchanged.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"InterPlanetary File System","link":"https://csrc.nist.gov/glossary/term/interplanetary_file_system","abbrSyn":[{"text":"IPFS","link":"https://csrc.nist.gov/glossary/term/ipfs"}],"definitions":null},{"term":"INTERPOL","link":"https://csrc.nist.gov/glossary/term/interpol","abbrSyn":[{"text":"International Criminal Police Organization","link":"https://csrc.nist.gov/glossary/term/international_criminal_police_organization"}],"definitions":null},{"term":"Interpreter","link":"https://csrc.nist.gov/glossary/term/interpreter","definitions":[{"text":"A program that processes a script or other program expression and carries out the requested action, in accordance with the language definition.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]}]},{"term":"Inter-process Communication","link":"https://csrc.nist.gov/glossary/term/inter_process_communication","abbrSyn":[{"text":"IPC","link":"https://csrc.nist.gov/glossary/term/ipc"}],"definitions":null},{"term":"Inter-range Instrumentation Group Time Code","link":"https://csrc.nist.gov/glossary/term/inter_range_instrumentation_group_time_code","abbrSyn":[{"text":"IRIG","link":"https://csrc.nist.gov/glossary/term/irig"}],"definitions":null},{"term":"Inter-range Instrumentation Group Time Code B","link":"https://csrc.nist.gov/glossary/term/inter_range_instrumentation_group_time_code_b","abbrSyn":[{"text":"IRIG-B","link":"https://csrc.nist.gov/glossary/term/irig_b"}],"definitions":null},{"term":"Interrupt Request Line","link":"https://csrc.nist.gov/glossary/term/interrupt_request_line","abbrSyn":[{"text":"IRQ","link":"https://csrc.nist.gov/glossary/term/irq"}],"definitions":null},{"term":"interview","link":"https://csrc.nist.gov/glossary/term/interview","definitions":[{"text":"A type of assessment method that is characterized by the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead to the location of evidence, the results of which are used to support the determination of security control effectiveness over time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Interview ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"A type of assessment method that is characterized by the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead to the location of evidence, the results of which are used to support the determination of security control and privacy control effectiveness over time.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Interview "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Interview "}]}]},{"term":"Intra-site Automatic Tunnel Addressing Protocol","link":"https://csrc.nist.gov/glossary/term/intra_site_automatic_tunnel_addressing_protocol","abbrSyn":[{"text":"ISATAP","link":"https://csrc.nist.gov/glossary/term/isatap"}],"definitions":null},{"term":"INT-RUP","link":"https://csrc.nist.gov/glossary/term/int_rup","abbrSyn":[{"text":"Integrity security under the RUP"},{"text":"INTegrity under RUP","link":"https://csrc.nist.gov/glossary/term/integrity_under_rup"}],"definitions":null},{"term":"intrusion","link":"https://csrc.nist.gov/glossary/term/intrusion","abbrSyn":[{"text":"penetration","link":"https://csrc.nist.gov/glossary/term/penetration"}],"definitions":[{"text":"A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having authorization to do so.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"See intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under penetration "}]},{"text":"any set of actions that attempts to compromise the integrity, confidentiality, or availability of a resource","sources":[{"text":"NIST SP 800-35","link":"https://doi.org/10.6028/NIST.SP.800-35","underTerm":" under Intrusion "}]}],"seeAlso":[{"text":"cyber incident","link":"cyber_incident"},{"text":"cyberspace incident"}]},{"term":"intrusion detection","link":"https://csrc.nist.gov/glossary/term/intrusion_detection","definitions":[{"text":"The process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]}]},{"term":"Intrusion Detection Message Exchange Format","link":"https://csrc.nist.gov/glossary/term/intrusion_detection_message_exchange_format","abbrSyn":[{"text":"IDMEF","link":"https://csrc.nist.gov/glossary/term/idmef"}],"definitions":null},{"term":"intrusion detection system (IDS)","link":"https://csrc.nist.gov/glossary/term/intrusion_detection_system","abbrSyn":[{"text":"IDS","link":"https://csrc.nist.gov/glossary/term/ids"}],"definitions":[{"text":"A security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under intrusion detection system ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under intrusion detection systems (IDS), (network-based) ","refSources":[{"text":"NIST SP 800-36","link":"https://doi.org/10.6028/NIST.SP.800-36"}]}]},{"text":"Software that automates the intrusion detection process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Intrusion Detection System (IDS) ","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]},{"text":"A security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Intrusion Detection System (IDS) ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"A software application that can be implemented on host operating systems or as network devices to monitor activity that is associated with intrusions or insider misuse, or both.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Intrusion Detection System (IDS) "}]},{"text":"IDSs which operate on information collected from within an individual computer system. This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System. Furthermore, unlike network-based IDSs, host- based IDSs can more readily “see” the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under intrusion detection system (IDS), (host-based) ","refSources":[{"text":"NIST SP 800-36","link":"https://doi.org/10.6028/NIST.SP.800-36"}]}]},{"text":"Software that looks for suspicious activity and alerts administrators.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Intrusion Detection System "}]}]},{"term":"intrusion prevention","link":"https://csrc.nist.gov/glossary/term/intrusion_prevention","definitions":[{"text":"The process of monitoring the events occurring in a computer system or network, analyzing them for signs of possible incidents, and attempting to stop detected possible incidents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]}]},{"term":"intrusion prevention system (IPS)","link":"https://csrc.nist.gov/glossary/term/intrusion_prevention_system","abbrSyn":[{"text":"IPS","link":"https://csrc.nist.gov/glossary/term/ips"}],"definitions":[{"text":"A system that can detect an intrusive activity and also attempt to stop the activity, ideally before it reaches its targets.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under intrusion prevention system "}]},{"text":"Intrusion Prevention System: Software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]},{"text":"A system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Intrusion Prevention System (IPS) "}]},{"text":"System which can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Intrusion Prevention System "}]}]},{"term":"Invalidate","link":"https://csrc.nist.gov/glossary/term/invalidate","definitions":[{"text":"To render a credential or authenticator incapable of being used for authentication by causing its authenticator output to no longer be accepted by relying parties.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"inventory","link":"https://csrc.nist.gov/glossary/term/inventory","definitions":[{"text":"(b) A listing of each item of material charged to a COMSEC account.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"(a) The physical or virtual verification of the presence of each item of COMSEC material charged to a COMSEC account.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A listing of items including identification and location information.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Inventory "}]}]},{"term":"Inventory management","link":"https://csrc.nist.gov/glossary/term/inventory_management","definitions":[{"text":"As used in this Recommendation, the management of keys and/or certificates to monitor their status (e.g., expiration dates and whether compromised); assign and track their owners or sponsors (who/what they are and where they are located or how to contact them); and report the status to the appropriate official for remedial action, when required.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"inverse","link":"https://csrc.nist.gov/glossary/term/inverse","definitions":[{"text":"For some group element \\(x\\), the unique element \\(y\\) for which \\(x+y\\) is the identity element relative to the binary group operator \\(+\\) (\\(y\\) is usually denoted as \\(-x\\)).","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Inverse Cipher Function (Inverse Cipher Operation)","link":"https://csrc.nist.gov/glossary/term/inverse_cipher_function","definitions":[{"text":"The function that reverses the transformation of the forward cipher function when the same cryptographic key is used.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]},{"text":"The inverse function of the forward cipher function for a given block cipher key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Inverse Cipher Function "}]},{"text":"The inverse function of the forward cipher function for a given cryptographic key.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Inverse Cipher Function "}]},{"text":"The function that is the inverse of the forward cipher function for a given key.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Inverse Cipher Function "}]}]},{"term":"Inverse Cipher Operation/Inverse Transformation","link":"https://csrc.nist.gov/glossary/term/inverse_cipher_operation_inverse_transformation","definitions":[{"text":"The block cipher algorithm function that is the inverse of the forward cipher function. The term “inverse cipher operation” is used for TDEA, while the term “inverse transformation” is used for DEA.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]}]},{"term":"inverse transformation","link":"https://csrc.nist.gov/glossary/term/inverse_transformation","definitions":[{"text":"The inverse of the permutation of blocks that is determined by the choice of a block cipher and a key.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Investment Review Board","link":"https://csrc.nist.gov/glossary/term/investment_review_board","abbrSyn":[{"text":"IRB","link":"https://csrc.nist.gov/glossary/term/irb"}],"definitions":null},{"term":"Invisible Internet Project","link":"https://csrc.nist.gov/glossary/term/invisible_internet_project","abbrSyn":[{"text":"I2P","link":"https://csrc.nist.gov/glossary/term/i2p"}],"definitions":null},{"term":"Invocation Field","link":"https://csrc.nist.gov/glossary/term/invocation_field","definitions":[{"text":"In the deterministic construction of IVs, the field that identifies the sets of inputs to the authenticated encryption function in a particular device or context.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"IO","link":"https://csrc.nist.gov/glossary/term/io","abbrSyn":[{"text":"Information Operations"},{"text":"Input/Output"}],"definitions":[{"text":"A general term for the equipment that is used to communicate with a computer as well as the data involved in the communications.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Input/Output ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"IoC","link":"https://csrc.nist.gov/glossary/term/ioc","abbrSyn":[{"text":"Indicator of Compromise","link":"https://csrc.nist.gov/glossary/term/indicator_of_compromise"},{"text":"Indicators of Compromise"}],"definitions":null},{"term":"IODEF","link":"https://csrc.nist.gov/glossary/term/iodef","abbrSyn":[{"text":"Incident Object Description Exchange Format","link":"https://csrc.nist.gov/glossary/term/incident_object_description_exchange_format"}],"definitions":null},{"term":"IoMT","link":"https://csrc.nist.gov/glossary/term/iomt","abbrSyn":[{"text":"Internet of Medical Things","link":"https://csrc.nist.gov/glossary/term/internet_of_medical_things"}],"definitions":null},{"term":"IOPS","link":"https://csrc.nist.gov/glossary/term/iops","abbrSyn":[{"text":"Input/Output Operations Per Second","link":"https://csrc.nist.gov/glossary/term/input_output_operations_per_second"}],"definitions":null},{"term":"iOS","link":"https://csrc.nist.gov/glossary/term/ios","abbrSyn":[{"text":"iPhone Operating System","link":"https://csrc.nist.gov/glossary/term/iphone_operating_system"}],"definitions":null},{"term":"IOS","link":"https://csrc.nist.gov/glossary/term/cisco_ios","abbrSyn":[{"text":"Cisco’s Internetwork Operating System","link":"https://csrc.nist.gov/glossary/term/cisco_internetwork_operating_system"},{"text":"Internetwork Operating System","link":"https://csrc.nist.gov/glossary/term/internetwork_operating_system"}],"definitions":null},{"term":"IoT","link":"https://csrc.nist.gov/glossary/term/iot","abbrSyn":[{"text":"Internet of Things"}],"definitions":null},{"term":"IoT device","link":"https://csrc.nist.gov/glossary/term/iot_device","definitions":[{"text":"Devices that have at least one transducer (sensor or actuator) for interacting directly with the physical world and at least one network interface (e.g., Ethernet, Wi-Fi, Bluetooth) for interfacing with the digital world.","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425"}]}]},{"term":"IoT Platform","link":"https://csrc.nist.gov/glossary/term/iot_platform","definitions":[{"text":"A piece of IoT device hardware with supporting software already installed and configured for a manufacturer’s use as the basis of a new IoT device. An IoT platform might also offer third-party services or applications, or a software development kit to help expedite IoT application development.","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"}]},{"text":"An IoT platform is typically a third-party vendor provided/hosted SaaS-based tool that is used to support IoT device and endpoint management, connectivity and network management, data management, processing and analysis, application development, cybersecurity, access control, monitoring, event processing, and interfacing/integration. Documentation about such a third party can provide important information about supply chain cybersecurity practices and vulnerabilities to allow for the IoT user to more accurately determine risks related to the use of an IoT platform.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"}]}]},{"term":"IoT Product","link":"https://csrc.nist.gov/glossary/term/iot_product","definitions":[{"text":"An IoT device and any other product components necessary to use the IoT device.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]},{"text":"An IoT device or IoT devices and any additional product components (e.g., backend, mobile app) that are necessary to use the IoT device beyond basic operational features.","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425","underTerm":" under IoT product "}]}]},{"term":"IoT Product Component","link":"https://csrc.nist.gov/glossary/term/iot_product_component","definitions":[{"text":"Equipment (i.e., hardware and software) other than the primary device that can be hosted remotely, locally, or on other equipment (e.g., a mobile app on the customer’s smartphone) that supports the IoT device in its functionality.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]},{"text":"An IoT device or other digital equipment or service (e.g., backend, mobile app) used to create IoT products.","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425","underTerm":" under IoT product component "}]}]},{"term":"IoT Product Developer","link":"https://csrc.nist.gov/glossary/term/iot_product_developer","definitions":[{"text":"The entity that creates an assembled final IoT product. Some cybersecurity outcomes may be supported by the IoT product developer’s suppliers or other contracted third-parties with support responsibilities related to the IoT product or its components.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"IP","link":"https://csrc.nist.gov/glossary/term/ip","abbrSyn":[{"text":"Identity Provider"},{"text":"Individual Privacy","link":"https://csrc.nist.gov/glossary/term/individual_privacy"},{"text":"Ingress Protection","link":"https://csrc.nist.gov/glossary/term/ingress_protection"},{"text":"Intellectual Property"},{"text":"Internet Protocol","link":"https://csrc.nist.gov/glossary/term/internet_protocol"},{"text":"Internet Protocol/Intellectual Property","link":"https://csrc.nist.gov/glossary/term/internet_protocol_intellectual_property"}],"definitions":[{"text":"Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Intellectual Property "}]},{"text":"The Internet Protocol, as defined in IETF RFC 6864, which is the principal communications protocol in the IETF Internet protocol suite for specifying system address information when relaying datagrams across network boundaries.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Protocol "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Protocol "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Internet Protocol "}]}]},{"term":"IP Multimedia Subsystem","link":"https://csrc.nist.gov/glossary/term/ip_multimedia_subsystem","abbrSyn":[{"text":"IMS","link":"https://csrc.nist.gov/glossary/term/ims"}],"definitions":null},{"term":"IP Payload Compression Protocol","link":"https://csrc.nist.gov/glossary/term/ip_payload_compression_protocol","abbrSyn":[{"text":"IPComp","link":"https://csrc.nist.gov/glossary/term/ipcomp"},{"text":"PCP","link":"https://csrc.nist.gov/glossary/term/pcp"}],"definitions":[{"text":"Protocol used to perform lossless compression for packet payloads.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"A protocol used to perform lossless compression for packet payloads.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"IP Security","link":"https://csrc.nist.gov/glossary/term/ip_security","abbrSyn":[{"text":"IPsec","link":"https://csrc.nist.gov/glossary/term/ipsec"}],"definitions":[{"text":"Provide(s) interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, detection and rejection of replays (a form of partial sequence integrity), confidentiality (via encryption), and limited traffic flow confidentiality.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4301","link":"https://tools.ietf.org/html/rfc4301"}]}]}]},{"term":"IPA","link":"https://csrc.nist.gov/glossary/term/ipa","abbrSyn":[{"text":"Initial Privacy Assessment","link":"https://csrc.nist.gov/glossary/term/initial_privacy_assessment"}],"definitions":null},{"term":"IPC","link":"https://csrc.nist.gov/glossary/term/ipc","abbrSyn":[{"text":"Industrial Personal Computer","link":"https://csrc.nist.gov/glossary/term/industrial_personal_computer"},{"text":"Inter-process Communication","link":"https://csrc.nist.gov/glossary/term/inter_process_communication"}],"definitions":null},{"term":"IPComp","link":"https://csrc.nist.gov/glossary/term/ipcomp","abbrSyn":[{"text":"IP Payload Compression Protocol","link":"https://csrc.nist.gov/glossary/term/ip_payload_compression_protocol"}],"definitions":[{"text":"Protocol used to perform lossless compression for packet payloads.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under IP Payload Compression Protocol "}]},{"text":"A protocol used to perform lossless compression for packet payloads.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1","underTerm":" under IP Payload Compression Protocol "}]}]},{"term":"IPFS","link":"https://csrc.nist.gov/glossary/term/ipfs","abbrSyn":[{"text":"InterPlanetary File System","link":"https://csrc.nist.gov/glossary/term/interplanetary_file_system"}],"definitions":null},{"term":"iPhone Operating System","link":"https://csrc.nist.gov/glossary/term/iphone_operating_system","abbrSyn":[{"text":"iOS","link":"https://csrc.nist.gov/glossary/term/ios"}],"definitions":null},{"term":"IPL","link":"https://csrc.nist.gov/glossary/term/ipl","abbrSyn":[{"text":"Initial Program Load","link":"https://csrc.nist.gov/glossary/term/initial_program_load"}],"definitions":null},{"term":"IPS","link":"https://csrc.nist.gov/glossary/term/ips","abbrSyn":[{"text":"Intrusion Prevention System"}],"definitions":[{"text":"System which can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Intrusion Prevention System "}]}]},{"term":"IPsec","link":"https://csrc.nist.gov/glossary/term/ipsec","abbrSyn":[{"text":"Internet Protocol Security","link":"https://csrc.nist.gov/glossary/term/internet_protocol_security"},{"text":"IP Security","link":"https://csrc.nist.gov/glossary/term/ip_security"}],"definitions":[{"text":"An OSI Network layer security protocol that provides authentication and encryption over IP networks.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Internet Protocol Security "}]},{"text":"Provide(s) interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, detection and rejection of replays (a form of partial sequence integrity), confidentiality (via encryption), and limited traffic flow confidentiality.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under IP Security ","refSources":[{"text":"IETF RFC 4301","link":"https://tools.ietf.org/html/rfc4301"}]}]},{"text":"A protocol that adds security features to the standard IP protocol to provide confidentiality and integrity services.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Internet Protocol Security "}]}]},{"term":"IPv","link":"https://csrc.nist.gov/glossary/term/ipv","abbrSyn":[{"text":"Internet Protocol version","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version"}],"definitions":null},{"term":"IPv4","link":"https://csrc.nist.gov/glossary/term/ipv4","abbrSyn":[{"text":"Internet Protocol version 4","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version_4"},{"text":"Internet Protocol Version 4"}],"definitions":null},{"term":"IPv6","link":"https://csrc.nist.gov/glossary/term/ipv6","abbrSyn":[{"text":"Internet Protocol version 6","link":"https://csrc.nist.gov/glossary/term/internet_protocol_version_6"},{"text":"Internet Protocol Version 6"}],"definitions":null},{"term":"IPv6 over Low-Power Wireless Personal Area Networks","link":"https://csrc.nist.gov/glossary/term/ipv6_over_low_power_wireless_personal_area_networks","abbrSyn":[{"text":"6LowPANs","link":"https://csrc.nist.gov/glossary/term/6lowpans"}],"definitions":null},{"term":"IPX","link":"https://csrc.nist.gov/glossary/term/ipx","abbrSyn":[{"text":"Internet Packet Exchange","link":"https://csrc.nist.gov/glossary/term/internet_packet_exchange"},{"text":"Internetwork Packet Exchange","link":"https://csrc.nist.gov/glossary/term/internetwork_packet_exchange"}],"definitions":null},{"term":"IR","link":"https://csrc.nist.gov/glossary/term/ir","abbrSyn":[{"text":"Identity Root","link":"https://csrc.nist.gov/glossary/term/identity_root"},{"text":"incident response","link":"https://csrc.nist.gov/glossary/term/incident_response"},{"text":"Incident Response"},{"text":"Informative Reference"},{"text":"Infrared","link":"https://csrc.nist.gov/glossary/term/infrared"},{"text":"Interagency or Internal Report"},{"text":"Interagency Report"},{"text":"Interagency Report or Internal Report"},{"text":"Internal Report"},{"text":"NIST Interagency or Internal Report","link":"https://csrc.nist.gov/glossary/term/nist_interagency_or_internal_report"}],"definitions":[{"text":"See incident handling.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident response "}]},{"text":"See “incident handling.”","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident Response "}]},{"text":"A specific section of standards, guidelines, and practices common among critical infrastructure sectors that illustrates a method to achieve the outcomes associated with each Subcategory. An example of an Informative Reference is ISO/IEC 27001 Control A.10.8.3, which supports the “Data-in-transit is protected” Subcategory of the “Data Security” Category in the “Protect” function.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Informative Reference "}]},{"text":"A relationship between a Focal Document Element and a Reference Document Element.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under Informative Reference "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under Informative Reference "}]}]},{"term":"IRB","link":"https://csrc.nist.gov/glossary/term/irb","abbrSyn":[{"text":"Institutional Review Board","link":"https://csrc.nist.gov/glossary/term/institutional_review_board"},{"text":"Investment Review Board","link":"https://csrc.nist.gov/glossary/term/investment_review_board"}],"definitions":null},{"term":"IRC","link":"https://csrc.nist.gov/glossary/term/irc","abbrSyn":[{"text":"Internet Relay Chat","link":"https://csrc.nist.gov/glossary/term/internet_relay_chat"}],"definitions":null},{"term":"IrDA","link":"https://csrc.nist.gov/glossary/term/irda","abbrSyn":[{"text":"Infra Red Data Association","link":"https://csrc.nist.gov/glossary/term/infra_red_data_association"}],"definitions":null},{"term":"IRDP","link":"https://csrc.nist.gov/glossary/term/irdp","abbrSyn":[{"text":"Internet Router Discover Protocol","link":"https://csrc.nist.gov/glossary/term/internet_router_discover_protocol"}],"definitions":null},{"term":"IREX","link":"https://csrc.nist.gov/glossary/term/irex","definitions":[{"text":"Iris Exchange – the NIST program supporting iris-based biometrics","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"IRIG","link":"https://csrc.nist.gov/glossary/term/irig","abbrSyn":[{"text":"Inter-range Instrumentation Group Time Code","link":"https://csrc.nist.gov/glossary/term/inter_range_instrumentation_group_time_code"}],"definitions":null},{"term":"IRIG-B","link":"https://csrc.nist.gov/glossary/term/irig_b","abbrSyn":[{"text":"Inter-range Instrumentation Group Time Code B","link":"https://csrc.nist.gov/glossary/term/inter_range_instrumentation_group_time_code_b"}],"definitions":null},{"term":"Iris segmentation","link":"https://csrc.nist.gov/glossary/term/iris_segmentation","definitions":[{"text":"Segmentation is the automated (and possibly manually reviewed) detection of the iris-sclera and iris-pupil boundaries. This localizes the iris texture that is used for actual recognition.","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"IRK","link":"https://csrc.nist.gov/glossary/term/irk","abbrSyn":[{"text":"Identity Resolving Key","link":"https://csrc.nist.gov/glossary/term/identity_resolving_key"}],"definitions":null},{"term":"IRM","link":"https://csrc.nist.gov/glossary/term/irm","abbrSyn":[{"text":"Information Resource Management","link":"https://csrc.nist.gov/glossary/term/information_resource_management"},{"text":"Information Resources Management"},{"text":"Integrated Risk Management","link":"https://csrc.nist.gov/glossary/term/integrated_risk_management"}],"definitions":null},{"term":"IRP","link":"https://csrc.nist.gov/glossary/term/irp","abbrSyn":[{"text":"incident response plan","link":"https://csrc.nist.gov/glossary/term/incident_response_plan"}],"definitions":[{"text":"The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems(s).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident response plan ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]}]},{"term":"IRQ","link":"https://csrc.nist.gov/glossary/term/irq","abbrSyn":[{"text":"Interrupt Request Line","link":"https://csrc.nist.gov/glossary/term/interrupt_request_line"}],"definitions":null},{"term":"IRR","link":"https://csrc.nist.gov/glossary/term/irr","abbrSyn":[{"text":"Internet Routing Registry","link":"https://csrc.nist.gov/glossary/term/internet_routing_registry"}],"definitions":null},{"term":"IRS","link":"https://csrc.nist.gov/glossary/term/irs","abbrSyn":[{"text":"Internal Revenue Service","link":"https://csrc.nist.gov/glossary/term/internal_revenue_service"},{"text":"Internal Review Service"}],"definitions":null},{"term":"IRTF","link":"https://csrc.nist.gov/glossary/term/irtf","abbrSyn":[{"text":"Internet Research Task Force","link":"https://csrc.nist.gov/glossary/term/internet_research_task_force"}],"definitions":null},{"term":"IS","link":"https://csrc.nist.gov/glossary/term/is","abbrSyn":[{"text":"Information Security"},{"text":"Information System"}],"definitions":[{"text":"The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Information Security ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3541","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3541"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information Security ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"},{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"A discrete set of resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"The term 'information system' means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502 (8)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"The term 'information security' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Security ","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(1)","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System "}]},{"text":"A computer-based system used by an issuer to perform the functions necessary for PIV Card or Derived PIV Credential issuance as per [FIPS 201-2].","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Information System "}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"},{"text":"OMB Circular A-130, Appendix III"}]},{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]},{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Information System ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.\n[Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.\nNote: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"An information system is a discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Information systems also include specialized systems such as industrial/process controls systems, telephone switching/private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Information System ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. [Note: Information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.]","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information System ","refSources":[{"text":"44 U.S.C., Sec. 3502","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]}]},{"term":"ISA","link":"https://csrc.nist.gov/glossary/term/isa","abbrSyn":[{"text":"Information Sharing Architecture","link":"https://csrc.nist.gov/glossary/term/information_sharing_architecture"},{"text":"Information System Administrator","link":"https://csrc.nist.gov/glossary/term/information_system_administrator"},{"text":"Instruction Set Architecture","link":"https://csrc.nist.gov/glossary/term/instruction_set_architecture"},{"text":"Interconnection Security Agreement"},{"text":"Interconnection Service Agreement","link":"https://csrc.nist.gov/glossary/term/interconnection_service_agreement"},{"text":"International Society of Automation","link":"https://csrc.nist.gov/glossary/term/international_society_of_automation"},{"text":"The International Society of Automation","link":"https://csrc.nist.gov/glossary/term/the_international_society_of_automation"}],"definitions":[{"text":"Individual who implements approved secure baseline configurations, incorporates secure configuration settings for IT products, and conducts/assists with configuration monitoring activities as needed.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Administrator "}]}]},{"term":"ISAC","link":"https://csrc.nist.gov/glossary/term/isac","abbrSyn":[{"text":"Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/information_sharing_and_analysis_center"},{"text":"Information Sharing and Analysis Centers"}],"definitions":null},{"term":"ISACA","link":"https://csrc.nist.gov/glossary/term/isaca","abbrSyn":[{"text":"Information Systems Audit and Control Association","link":"https://csrc.nist.gov/glossary/term/information_systems_audit_and_control_association"}],"definitions":null},{"term":"ISAKMP","link":"https://csrc.nist.gov/glossary/term/isakmp","abbrSyn":[{"text":"Internet Security Association and Key Management Protocol","link":"https://csrc.nist.gov/glossary/term/internet_security_association_and_key_management_protocol"}],"definitions":null},{"term":"ISAO","link":"https://csrc.nist.gov/glossary/term/isao","abbrSyn":[{"text":"Information Sharing and Analysis Organization","link":"https://csrc.nist.gov/glossary/term/information_sharing_and_analysis_organization"},{"text":"Information Sharing and Analysis Organizations"}],"definitions":[{"text":"An ISAO is any entity or collaboration created or employed by public- or private sector organizations, for purposes of gathering and analyzing critical cyber and related information in order to better understand security problems and interdependencies related to cyber systems, so as to ensure their availability, integrity, and reliability.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Information Sharing and Analysis Organization ","refSources":[{"text":"Information Sharing and Analysis Organization Standards Organization Product Outline v0.2 "}]}]}]},{"term":"ISAPI","link":"https://csrc.nist.gov/glossary/term/isapi","abbrSyn":[{"text":"Internet Server Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/internet_server_application_programming_interface"}],"definitions":null},{"term":"ISATAP","link":"https://csrc.nist.gov/glossary/term/isatap","abbrSyn":[{"text":"Intra-site Automatic Tunnel Addressing Protocol","link":"https://csrc.nist.gov/glossary/term/intra_site_automatic_tunnel_addressing_protocol"}],"definitions":null},{"term":"ISC","link":"https://csrc.nist.gov/glossary/term/isc","abbrSyn":[{"text":"Information System Component"},{"text":"Internet Systems Consortium","link":"https://csrc.nist.gov/glossary/term/internet_systems_consortium"}],"definitions":[{"text":"A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial information technology products.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"A discrete identifiable IT asset that represents a building block of an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Component "}]},{"text":"See Authorization Boundary.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Component ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]}]},{"term":"ISCM","link":"https://csrc.nist.gov/glossary/term/iscm","abbrSyn":[{"text":"Information Security Continuous Monitoring"}],"definitions":null},{"term":"ISCM Capability","link":"https://csrc.nist.gov/glossary/term/iscm_capability","abbrSyn":[{"text":"Capability, ISCM","link":"https://csrc.nist.gov/glossary/term/capability_iscm"}],"definitions":[{"text":"See ISCM Capability.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, ISCM "}]},{"text":"A security capability with the following additional traits: \n• The purpose (desired result) of each capability is to address specific kind(s) of attack scenarios or exploits. \n• Each capability focuses on attacks towards specific assessment objects. \n• There is a viable way to automate ISCM on the security capability. \n• The capability provides protection against current attack scenarios.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"ISCM Dashboard","link":"https://csrc.nist.gov/glossary/term/iscm_dashboard","definitions":[{"text":"A hierarchy of dashboards to facilitate reporting of appropriate security-related information at multiple organizational levels.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"ISCM program assessment","link":"https://csrc.nist.gov/glossary/term/iscm_program_assessment","abbrSyn":[{"text":"ISCMA","link":"https://csrc.nist.gov/glossary/term/iscma"}],"definitions":null},{"term":"ISCMA","link":"https://csrc.nist.gov/glossary/term/iscma","abbrSyn":[{"text":"ISCM program assessment","link":"https://csrc.nist.gov/glossary/term/iscm_program_assessment"}],"definitions":null},{"term":"ISCMA tool","link":"https://csrc.nist.gov/glossary/term/iscma_tool","abbrSyn":[{"text":"ISCMAx","link":"https://csrc.nist.gov/glossary/term/iscmax"}],"definitions":null},{"term":"ISCMAx","link":"https://csrc.nist.gov/glossary/term/iscmax","abbrSyn":[{"text":"ISCMA tool","link":"https://csrc.nist.gov/glossary/term/iscma_tool"}],"definitions":null},{"term":"ISCM-TN","link":"https://csrc.nist.gov/glossary/term/iscm_tn","abbrSyn":[{"text":"Information Security Continuous Monitoring Target Network","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring_target_network"}],"definitions":null},{"term":"iSCSI","link":"https://csrc.nist.gov/glossary/term/iscsi","abbrSyn":[{"text":"Internet Small Computer Systems Interface","link":"https://csrc.nist.gov/glossary/term/internet_small_computer_systems_interface"}],"definitions":null},{"term":"ISD","link":"https://csrc.nist.gov/glossary/term/isd","abbrSyn":[{"text":"Instructional System Design","link":"https://csrc.nist.gov/glossary/term/instructional_system_design"},{"text":"Instructional System Methodology","link":"https://csrc.nist.gov/glossary/term/instructional_system_methodology"}],"definitions":null},{"term":"ISDN","link":"https://csrc.nist.gov/glossary/term/isdn","abbrSyn":[{"text":"Integrated Service Digital Network"},{"text":"Integrated Services Digital Network"}],"definitions":null},{"term":"ISE","link":"https://csrc.nist.gov/glossary/term/ise","abbrSyn":[{"text":"Identity Services Engine","link":"https://csrc.nist.gov/glossary/term/identity_services_engine"},{"text":"Information Sharing Environment"},{"text":"Instruction Set Extension","link":"https://csrc.nist.gov/glossary/term/instruction_set_extension"}],"definitions":null},{"term":"ISecL","link":"https://csrc.nist.gov/glossary/term/isecl","abbrSyn":[{"text":"Intel Security Libraries","link":"https://csrc.nist.gov/glossary/term/intel_security_libraries"}],"definitions":null},{"term":"ISecL-DC","link":"https://csrc.nist.gov/glossary/term/isecl_dc","abbrSyn":[{"text":"Intel Security Libraries for Data Center","link":"https://csrc.nist.gov/glossary/term/intel_security_libraries_for_data_center"}],"definitions":null},{"term":"Ishai-Sahai-Wagner","link":"https://csrc.nist.gov/glossary/term/ishai_sahai_wagner","abbrSyn":[{"text":"ISW","link":"https://csrc.nist.gov/glossary/term/isw"}],"definitions":null},{"term":"ISL","link":"https://csrc.nist.gov/glossary/term/isl","abbrSyn":[{"text":"Inter Switch Link","link":"https://csrc.nist.gov/glossary/term/inter_switch_link"}],"definitions":null},{"term":"Island of Security","link":"https://csrc.nist.gov/glossary/term/island_of_security","definitions":[{"text":"A signed, delegated zone that does not have an authentication chain from its delegating parent. That is, there is no DS RR containing a hash of a DNSKEY RR for the island in its delegating parent zone. An island of security is served by DNSSEC-aware name servers and may provide authentication chains to any delegated child zones. Responses from an island of security or its descendents can be authenticated only if its authentication keys can be authenticated by some trusted means out of band from the DNS protocol.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"ISM","link":"https://csrc.nist.gov/glossary/term/ism","abbrSyn":[{"text":"Industrial, scientific and medical"},{"text":"Industrial, Scientific, and Medical","link":"https://csrc.nist.gov/glossary/term/industrial_scientific_and_medical"},{"text":"Information Security Marketing","link":"https://csrc.nist.gov/glossary/term/information_security_marketing"}],"definitions":null},{"term":"ISMS","link":"https://csrc.nist.gov/glossary/term/isms","abbrSyn":[{"text":"Information Security Management Systems","link":"https://csrc.nist.gov/glossary/term/information_security_management_systems"}],"definitions":null},{"term":"iSNS","link":"https://csrc.nist.gov/glossary/term/isns","abbrSyn":[{"text":"Internet Storage Name Service","link":"https://csrc.nist.gov/glossary/term/internet_storage_name_service"}],"definitions":null},{"term":"ISO","link":"https://csrc.nist.gov/glossary/term/iso","abbrSyn":[{"text":"Information Security Continuous Monitoring (ISCM)"},{"text":"Information Security Officer"},{"text":"Information System Owner"},{"text":"International Organization for Standardization","link":"https://csrc.nist.gov/glossary/term/international_organization_for_standardization"},{"text":"International Standards Organization"}],"definitions":[{"text":"Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. \n[Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Security Continuous Monitoring (ISCM) "}]}]},{"term":"ISO Technical Standard","link":"https://csrc.nist.gov/glossary/term/iso_technical_standard","abbrSyn":[{"text":"ISO/TS","link":"https://csrc.nist.gov/glossary/term/iso_ts"}],"definitions":null},{"term":"ISO/IEC","link":"https://csrc.nist.gov/glossary/term/iso_iec","abbrSyn":[{"text":"International Electrotechnical Commission/International Organization for Standardization"},{"text":"International Organization for Standardization/International"},{"text":"International Organization for Standardization/International Electrotechnical Commission","link":"https://csrc.nist.gov/glossary/term/international_organization_for_standardization_international_electrotechnical_commission"}],"definitions":null},{"term":"ISO/ITU-T","link":"https://csrc.nist.gov/glossary/term/iso_itu_t","abbrSyn":[{"text":"International Organization for Standardization/International Telecommunication Union − Telecommunication"}],"definitions":null},{"term":"ISO/TS","link":"https://csrc.nist.gov/glossary/term/iso_ts","abbrSyn":[{"text":"ISO Technical Standard","link":"https://csrc.nist.gov/glossary/term/iso_technical_standard"}],"definitions":null},{"term":"isogeny","link":"https://csrc.nist.gov/glossary/term/isogeny","definitions":[{"text":"A (non-constant) mapping from an elliptic curve to a second elliptic curve, which preserves point addition and fixes the identity point.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Isolation","link":"https://csrc.nist.gov/glossary/term/isolation","definitions":[{"text":"The ability to keep multiple instances of software separated so that each instance only sees and can affect itself.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"isomorphism (of elliptic curves)","link":"https://csrc.nist.gov/glossary/term/isomorphism_of_elliptic_curves","definitions":[{"text":"A bijective mapping from one elliptic curve to another, which maps addition (on the first curve) to addition (on the image curve).","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"ISOO","link":"https://csrc.nist.gov/glossary/term/isoo","abbrSyn":[{"text":"Information Security Oversight Office","link":"https://csrc.nist.gov/glossary/term/information_security_oversight_office"}],"definitions":null},{"term":"ISP","link":"https://csrc.nist.gov/glossary/term/isp","abbrSyn":[{"text":"Internet Service Provider","link":"https://csrc.nist.gov/glossary/term/internet_service_provider"}],"definitions":null},{"term":"ISPAB","link":"https://csrc.nist.gov/glossary/term/ispab","abbrSyn":[{"text":"Information Security and Privacy Advisory Board","link":"https://csrc.nist.gov/glossary/term/information_security_and_privacy_advisory_board"}],"definitions":null},{"term":"ISRM","link":"https://csrc.nist.gov/glossary/term/isrm","abbrSyn":[{"text":"Information Security Risk Management","link":"https://csrc.nist.gov/glossary/term/information_security_risk_management"}],"definitions":null},{"term":"ISSE","link":"https://csrc.nist.gov/glossary/term/isse","abbrSyn":[{"text":"Information Systems Security Engineer/Engineering"}],"definitions":null},{"term":"ISSEA","link":"https://csrc.nist.gov/glossary/term/issea","abbrSyn":[{"text":"International Systems Security Engineering Association","link":"https://csrc.nist.gov/glossary/term/international_systems_security_engineering_association"}],"definitions":null},{"term":"ISSM","link":"https://csrc.nist.gov/glossary/term/issm","abbrSyn":[{"text":"Information System Security Manager","link":"https://csrc.nist.gov/glossary/term/information_system_security_manager"},{"text":"Information Systems Security Manager"}],"definitions":null},{"term":"ISSO","link":"https://csrc.nist.gov/glossary/term/isso","abbrSyn":[{"text":"Information System Security Officer"},{"text":"Information Systems Security Officer"}],"definitions":[{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"See system security officer (SSO).","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information System Security Officer "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring that the appropriate operational security posture is maintained for an information system or program.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information System Security Officer ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information System Security Officer "}]},{"text":"Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program.\n[Note: ISSO responsibility may be assigned by the senior agency information security officer, authorizing official, management official, or information system owner.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System Security Officer ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]}]},{"term":"ISSPM","link":"https://csrc.nist.gov/glossary/term/isspm","abbrSyn":[{"text":"Information Systems Security Program Manager","link":"https://csrc.nist.gov/glossary/term/information_systems_security_program_manager"}],"definitions":null},{"term":"Issuance","link":"https://csrc.nist.gov/glossary/term/issuance","definitions":[{"text":"Agreeing on the type of token that will be used for future authentication","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"term":"issuer","link":"https://csrc.nist.gov/glossary/term/issuer","definitions":[{"text":"The organization that is issuing the PIV Card to an applicant. Typically, this is an organization for which the applicant is working.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Issuer "}]},{"text":"An entity that performs functions required to produce, issue, and maintain PIV Cards or Derived PIV Credentials for an organization","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Issuer "}]},{"text":"The organization that is issuing the PIV Card (or DPC) to an applicant. Typically, this is an organization for which the applicant is working.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"The organization that is issuing the PIV Card to an Applicant. Typically this is an organization for which the Applicant is working.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Issuer "}]}]},{"term":"Issuing Facility","link":"https://csrc.nist.gov/glossary/term/issuing_facility","definitions":[{"text":"A physical site or location—including all equipment, staff, and documentation—that is responsible for carrying out one or more of the following PIV functions: identity proofing and registration; card and token production; activation and issuance; post-issuance binding of derived PIV credentials; and maintenance.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A physical site or location–including all equipment, staff, and documentation–that is responsible for carrying out one or more of the PIV functions.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"Issuing Source","link":"https://csrc.nist.gov/glossary/term/issuing_source","definitions":[{"text":"An authority responsible for the generation of data, digital evidence (such as assertions), or physical documents that can be used as identity evidence.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"ISU","link":"https://csrc.nist.gov/glossary/term/isu","abbrSyn":[{"text":"Information System User","link":"https://csrc.nist.gov/glossary/term/information_system_user"}],"definitions":[{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system.\n[Note: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System User ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"ISW","link":"https://csrc.nist.gov/glossary/term/isw","abbrSyn":[{"text":"Ishai-Sahai-Wagner","link":"https://csrc.nist.gov/glossary/term/ishai_sahai_wagner"}],"definitions":null},{"term":"IT","link":"https://csrc.nist.gov/glossary/term/it","abbrSyn":[{"text":"information technology"},{"text":"Information Technology"}],"definitions":[{"text":"Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency.","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Information Technology ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"(A) with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use— (i) of that equipment; or (ii) of that equipment to a significant extent in the performance of a service or the furnishing of a product; (B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but (C) does not include any equipment acquired by a federal contractor incidental to a federal contract.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 11101","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap111-sec11101"}]}]},{"text":"The term 'information technology', with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which (i) requires the use of such equipment, or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term ''information technology'' includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. The term ''information technology'' does not include any equipment that is acquired by a Federal contractor incidental to a Federal contract.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 11101 (6)","link":"https://www.govinfo.gov/app/details/USCODE-2011-title40/USCODE-2011-title40-subtitleIII-chap111-sec11101"}]}]},{"text":"Any services, equipment, or interconnected system(s) or subsystem(s) of equipment, that are used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency. For purposes of this definition, such services or equipment if used by the agency directly or is used by a contractor under a contract with the agency that requires its use; or to a significant extent, its use in the performance of a service or the furnishing of a product. Information technology includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including cloud computing and help-desk services or other professional services which support any point of the life cycle of the equipment or service), and related resources. Information technology does not include any equipment that is acquired by a contractor incidental to a contract which does not require its use.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under information technology ","refSources":[{"text":"40 U.S.C., Sec. 11101","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap111-sec11101"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under information technology ","refSources":[{"text":"40 U.S.C., Sec. 11101","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap111-sec11101"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under information technology ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Information Technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under information technology ","refSources":[{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information technology ","refSources":[{"text":"40 U.S.C., Sec. 11101","link":"https://www.govinfo.gov/app/details/USCODE-2018-title40/USCODE-2018-title40-subtitleIII-chap111-sec11101","note":" - adapted"},{"text":"40 U.S.C., Sec. 1401","link":"https://www.govinfo.gov/app/details/USCODE-1998-title40/USCODE-1998-title40-chap25-sec1401","note":" - adapted"}]}]},{"text":"The art and applied sciences that deal with data and information. Examples are capture, representation, processing, security, transfer, interchange, presentation, management, organization, storage, and retrieval of data and information.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Information Technology ","refSources":[{"text":"ANSDIT","link":"https://www.incits.org/html/ext/ANSDIT/Ansdit.htm"}]}]}],"seeAlso":[{"text":"Internal Report"}]},{"term":"IT security awareness and training program","link":"https://csrc.nist.gov/glossary/term/it_security_awareness_and_training_program","definitions":[{"text":"Explains proper rules of behavior for the use of agency information systems and information. The program communicates information technology (IT) security policies and procedures that need to be followed. (i.e., NSTISSD 501, NIST SP 800-50)","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"IT Security Basics","link":"https://csrc.nist.gov/glossary/term/it_security_basics","definitions":[{"text":"a core set of generic IT security terms and concepts for all federalemployees as a baseline for further, role-based learning.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"IT Security Body of Knowledge Topics and Concepts","link":"https://csrc.nist.gov/glossary/term/it_security_body_of_knowledge_topics_and_concepts","definitions":[{"text":"a set of 12 high-level topicsand concepts intended to incorporate the overall body of knowledge required for training in IT security.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"IT Security Literacy","link":"https://csrc.nist.gov/glossary/term/it_security_literacy","definitions":[{"text":"the first solid step of the IT security training level where theknowledge obtained through training can be directly related to the individual’s role in his or her specific organization.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"IT security objective","link":"https://csrc.nist.gov/glossary/term/it_security_objective","abbrSyn":[{"text":"Security objective"}],"definitions":[{"text":"See “Security objective”.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]}]},{"term":"IT Security Program","link":"https://csrc.nist.gov/glossary/term/it_security_program","definitions":[{"text":"a program established, implemented, and maintained to assure thatadequate IT security is provided for all organizational information collected, processed, transmitted, stored, or disseminated in its information technology systems. Synonymous with Automated Information System Security Program, Computer Security Program, and Information Systems Security Program.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"IT System","link":"https://csrc.nist.gov/glossary/term/it_system","abbrSyn":[{"text":"System"}],"definitions":[{"text":"Any organized assembly of resources and procedures united and regulated by interaction or interdependence to accomplish a set of specific functions. \nNote: Systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under System ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"A combination of interacting elements organized to achieve one or more stated purposes.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288:2008"}]}]},{"text":"a collection of computing and/or communications components and otherresources that support one or more functional objectives of an organization. IT system resources include any IT component plus associated manual procedures and physical facilities that are used in the acquisition, storage, manipulation, display, and/or movement of data or to direct or monitor operating procedures. An IT system may consist of one or more computers and their related resources of any size. The resources that comprise a system do not have to be physically connected.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]},{"text":"See information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under System "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under System "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under System "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under System "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under System "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under System "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under System "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under System "}]},{"text":"A discrete set of resources that are organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under System "}]},{"text":"Combination of interacting elements organized to achieve one or more stated purposes.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under System ","refSources":[{"text":"ISO/IEC 15288"}]}]},{"text":"A specific IT installation, with a particular purpose and operational environment.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under System ","refSources":[{"text":"ITSEC Ver. 1.2"}]}]},{"text":"A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under System "}]},{"text":"See Information System","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under System "}]},{"text":"A discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under System ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]}],"seeAlso":[{"text":"Information Technology (IT)"}]},{"term":"ITAM","link":"https://csrc.nist.gov/glossary/term/itam","abbrSyn":[{"text":"Information Technology Asset Management","link":"https://csrc.nist.gov/glossary/term/information_technology_asset_management"}],"definitions":null},{"term":"Itanium Architecture","link":"https://csrc.nist.gov/glossary/term/itanium_architecture","note":"(Intel)","abbrSyn":[{"text":"IA","link":"https://csrc.nist.gov/glossary/term/ia"}],"definitions":null},{"term":"ITAR","link":"https://csrc.nist.gov/glossary/term/itar","abbrSyn":[{"text":"International Traffic in Arms Regulation","link":"https://csrc.nist.gov/glossary/term/international_traffic_in_arms_regulation"}],"definitions":null},{"term":"ITC","link":"https://csrc.nist.gov/glossary/term/itc","abbrSyn":[{"text":"Institute for Testing and Certification","link":"https://csrc.nist.gov/glossary/term/institute_for_testing_and_certification"}],"definitions":null},{"term":"Item","link":"https://csrc.nist.gov/glossary/term/item","definitions":[{"text":"A named constituent of a benchmark. The three types of items are groups, rules, and values.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"item accounting","link":"https://csrc.nist.gov/glossary/term/item_accounting","definitions":[{"text":"Accounting for all the accountable components of a COMSEC equipment configuration by a single short title.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Iterated Block Cipher","link":"https://csrc.nist.gov/glossary/term/iterated_block_cipher","abbrSyn":[{"text":"IBC","link":"https://csrc.nist.gov/glossary/term/ibc"}],"definitions":null},{"term":"ITIL","link":"https://csrc.nist.gov/glossary/term/itil","abbrSyn":[{"text":"Information Technology Infrastructure Library","link":"https://csrc.nist.gov/glossary/term/information_technology_infrastructure_library"}],"definitions":null},{"term":"ITL","link":"https://csrc.nist.gov/glossary/term/itl","abbrSyn":[{"text":"Information Technology Lab"},{"text":"Information Technology Laboratory"},{"text":"Information Technology Laboratory (NIST)","link":"https://csrc.nist.gov/glossary/term/information_technology_laboratory_nist"},{"text":"Information Technology Laboratory (of NIST)","link":"https://csrc.nist.gov/glossary/term/information_technology_laboratory"}],"definitions":null},{"term":"ITL Advanced Network Technologies Division","link":"https://csrc.nist.gov/glossary/term/itl_advanced_network_technologies_division","abbrSyn":[{"text":"ANTD","link":"https://csrc.nist.gov/glossary/term/antd"}],"definitions":null},{"term":"ITL Applied Cybersecurity Division","link":"https://csrc.nist.gov/glossary/term/itl_applied_cybersecurity_division","abbrSyn":[{"text":"ACD","link":"https://csrc.nist.gov/glossary/term/acd"}],"definitions":null},{"term":"ITL Computer Security Division","link":"https://csrc.nist.gov/glossary/term/itl_computer_security_division","abbrSyn":[{"text":"CSD","link":"https://csrc.nist.gov/glossary/term/csd"}],"definitions":null},{"term":"ITL Information Access Division","link":"https://csrc.nist.gov/glossary/term/itl_information_access_division","abbrSyn":[{"text":"IAD","link":"https://csrc.nist.gov/glossary/term/iad"}],"definitions":null},{"term":"ITL Software and Systems Division","link":"https://csrc.nist.gov/glossary/term/itl_software_and_systems_division","abbrSyn":[{"text":"SSD","link":"https://csrc.nist.gov/glossary/term/ssd"}],"definitions":[{"text":"A Solid State Drive (SSD) is a storage device that uses solid state memory to store persistent data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under SSD "}]}]},{"term":"ITOS","link":"https://csrc.nist.gov/glossary/term/itos","abbrSyn":[{"text":"Information Technology Operation and Support","link":"https://csrc.nist.gov/glossary/term/information_technology_operation_and_support"}],"definitions":null},{"term":"ITRF","link":"https://csrc.nist.gov/glossary/term/itrf","abbrSyn":[{"text":"International Terrestrial Reference Frame","link":"https://csrc.nist.gov/glossary/term/international_terrestrial_reference_frame"}],"definitions":null},{"term":"ITRS","link":"https://csrc.nist.gov/glossary/term/itrs","abbrSyn":[{"text":"International Terrestrial Reference System","link":"https://csrc.nist.gov/glossary/term/international_terrestrial_reference_system"}],"definitions":null},{"term":"ITS","link":"https://csrc.nist.gov/glossary/term/its","abbrSyn":[{"text":"Internal Trusted Storage","link":"https://csrc.nist.gov/glossary/term/internal_trusted_storage"}],"definitions":null},{"term":"ITS JPO","link":"https://csrc.nist.gov/glossary/term/its_jpo","abbrSyn":[{"text":"Intelligent Transportation System Joint Program Office","link":"https://csrc.nist.gov/glossary/term/intelligent_transportation_system_joint_program_office"}],"definitions":null},{"term":"ITU","link":"https://csrc.nist.gov/glossary/term/itu","abbrSyn":[{"text":"International Telecommunication Union"},{"text":"International Telecommunications Union","link":"https://csrc.nist.gov/glossary/term/international_telecommunications_union"}],"definitions":null},{"term":"ITU - Telecommunication Standardization Sector","link":"https://csrc.nist.gov/glossary/term/itu_telecommunication_standardization_sector","abbrSyn":[{"text":"ITU-T","link":"https://csrc.nist.gov/glossary/term/itu_t"}],"definitions":null},{"term":"ITU-T","link":"https://csrc.nist.gov/glossary/term/itu_t","abbrSyn":[{"text":"International Telecommunication Union - Telecommunication","link":"https://csrc.nist.gov/glossary/term/international_telecommunication_union_telecommunication"},{"text":"International Telecommunication Union International Telecommunications Standardization Sector"},{"text":"International Telecommunications Union – Telecommunications Sector","link":"https://csrc.nist.gov/glossary/term/international_telecommunications_union_telecommunications_sector"},{"text":"ITU - Telecommunication Standardization Sector","link":"https://csrc.nist.gov/glossary/term/itu_telecommunication_standardization_sector"}],"definitions":null},{"term":"IUT","link":"https://csrc.nist.gov/glossary/term/iut","abbrSyn":[{"text":"Implementation Under Test","link":"https://csrc.nist.gov/glossary/term/implementation_under_test"}],"definitions":[{"text":"Implementation Under Test","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"IV&V","link":"https://csrc.nist.gov/glossary/term/ivandv","abbrSyn":[{"text":"Independent Verification and Validation"}],"definitions":null},{"term":"IVA","link":"https://csrc.nist.gov/glossary/term/iva","abbrSyn":[{"text":"Independent Validation Authority"},{"text":"Intelligent Virtual Assistant","link":"https://csrc.nist.gov/glossary/term/intelligent_virtual_assistant"}],"definitions":null},{"term":"Ivn","link":"https://csrc.nist.gov/glossary/term/ivn","definitions":[{"text":"Block of data representing IV n","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"IWG","link":"https://csrc.nist.gov/glossary/term/iwg","abbrSyn":[{"text":"Interagency Working Group","link":"https://csrc.nist.gov/glossary/term/interagency_working_group"}],"definitions":null},{"term":"IXP","link":"https://csrc.nist.gov/glossary/term/ixp","abbrSyn":[{"text":"Internet Exchange Point","link":"https://csrc.nist.gov/glossary/term/internet_exchange_point"}],"definitions":null},{"term":"jamming","link":"https://csrc.nist.gov/glossary/term/jamming","definitions":[{"text":"A deliberate communications disruption meant to degrade the operational performance of the RF subsystem. Jamming is achieved by interjecting electromagnetic waves on the same frequency that the reader to tag uses for communication.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"text":"The deliberate radiation, reradiation, or reflection of electromagnetic energy for the purpose of preventing or reducing the effective use of a signal.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]}]},{"text":"An attack that attempts to interfere with the reception of broadcast communications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable.","sources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]","underTerm":" under Jamming "}]},{"text":"A deliberate communications disruption meant to degrade the operational performance of the RF subsystem. Jamming is achieved by interjecting electromagnetic waves on the same frequency that the reader to tag uses for communication.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Jamming "}]},{"text":"The deliberate radiation, reradiation, or reflection of electromagnetic energy for the purpose of preventing or reducing the effective use of a signal.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Jamming (electromagnetic) ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]}]}]},{"term":"Java API for XML Registries","link":"https://csrc.nist.gov/glossary/term/java_api_for_xml_registries","abbrSyn":[{"text":"JAXR","link":"https://csrc.nist.gov/glossary/term/jaxr"}],"definitions":null},{"term":"Java Cryptography Extension","link":"https://csrc.nist.gov/glossary/term/java_cryptography_extension","abbrSyn":[{"text":"JCE","link":"https://csrc.nist.gov/glossary/term/jce"}],"definitions":null},{"term":"Java Development Kit","link":"https://csrc.nist.gov/glossary/term/java_development_kit","abbrSyn":[{"text":"JDK","link":"https://csrc.nist.gov/glossary/term/jdk"}],"definitions":null},{"term":"Java EE","link":"https://csrc.nist.gov/glossary/term/java_ee","abbrSyn":[{"text":"Java Enterprise Edition","link":"https://csrc.nist.gov/glossary/term/java_enterprise_edition"},{"text":"Java Platform, Enterprise Edition","link":"https://csrc.nist.gov/glossary/term/java_platform_enterprise_edition"}],"definitions":null},{"term":"Java Enterprise Edition","link":"https://csrc.nist.gov/glossary/term/java_enterprise_edition","abbrSyn":[{"text":"Java EE","link":"https://csrc.nist.gov/glossary/term/java_ee"}],"definitions":null},{"term":"Java Keystore","link":"https://csrc.nist.gov/glossary/term/java_keystore","abbrSyn":[{"text":"JKS","link":"https://csrc.nist.gov/glossary/term/jks"}],"definitions":null},{"term":"Java Platform, Enterprise Edition","link":"https://csrc.nist.gov/glossary/term/java_platform_enterprise_edition","abbrSyn":[{"text":"Java EE","link":"https://csrc.nist.gov/glossary/term/java_ee"}],"definitions":null},{"term":"Java Runtime Environment","link":"https://csrc.nist.gov/glossary/term/java_runtime_environment","abbrSyn":[{"text":"JRE","link":"https://csrc.nist.gov/glossary/term/jre"}],"definitions":null},{"term":"Java Security Manager","link":"https://csrc.nist.gov/glossary/term/java_security_manager","abbrSyn":[{"text":"JSM","link":"https://csrc.nist.gov/glossary/term/jsm"}],"definitions":null},{"term":"Java Server Pages","link":"https://csrc.nist.gov/glossary/term/java_server_pages","abbrSyn":[{"text":"JSP","link":"https://csrc.nist.gov/glossary/term/jsp"}],"definitions":null},{"term":"Java Tool Kit","link":"https://csrc.nist.gov/glossary/term/java_tool_kit","abbrSyn":[{"text":"JTK","link":"https://csrc.nist.gov/glossary/term/jtk"}],"definitions":null},{"term":"Java Virtual Machine","link":"https://csrc.nist.gov/glossary/term/java_virtual_machine","abbrSyn":[{"text":"JVM","link":"https://csrc.nist.gov/glossary/term/jvm"}],"definitions":null},{"term":"JavaScript Object Notation","link":"https://csrc.nist.gov/glossary/term/javascript_object_notation","abbrSyn":[{"text":"JSON","link":"https://csrc.nist.gov/glossary/term/json"}],"definitions":null},{"term":"JAXR","link":"https://csrc.nist.gov/glossary/term/jaxr","abbrSyn":[{"text":"Java API for XML Registries","link":"https://csrc.nist.gov/glossary/term/java_api_for_xml_registries"}],"definitions":null},{"term":"JCE","link":"https://csrc.nist.gov/glossary/term/jce","abbrSyn":[{"text":"Java Cryptography Extension","link":"https://csrc.nist.gov/glossary/term/java_cryptography_extension"}],"definitions":null},{"term":"JDK","link":"https://csrc.nist.gov/glossary/term/jdk","abbrSyn":[{"text":"Java Development Kit","link":"https://csrc.nist.gov/glossary/term/java_development_kit"}],"definitions":null},{"term":"JFFS2","link":"https://csrc.nist.gov/glossary/term/jffs2","abbrSyn":[{"text":"Journaling Flash File System, Version 2","link":"https://csrc.nist.gov/glossary/term/journaling_flash_file_system_version_2"}],"definitions":null},{"term":"JIT","link":"https://csrc.nist.gov/glossary/term/jit","abbrSyn":[{"text":"Just-in-time","link":"https://csrc.nist.gov/glossary/term/just_in_time"},{"text":"Just-in-Time"}],"definitions":null},{"term":"jitter","link":"https://csrc.nist.gov/glossary/term/jitter","definitions":[{"text":"As it relates to queuing, the difference in latency of packets.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]"}]},{"text":"non-uniform delays that can cause packets to arrive and be processed out of sequence","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]},{"text":"The time or phase difference between the data signal and the ideal clock.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"The short-term variations of the significant instants of a timing signal from their ideal positions in time (where short-term implies that these variations are of frequency greater than or equal to 10 Hz).","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"ITU-T G.810","link":"https://www.itu.int/rec/T-REC-G.810/en"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"ITU-T G.810","link":"https://www.itu.int/rec/T-REC-G.810/en"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"ITU-T G.810","link":"https://www.itu.int/rec/T-REC-G.810/en"}]}]}]},{"term":"JKS","link":"https://csrc.nist.gov/glossary/term/jks","abbrSyn":[{"text":"Java Keystore","link":"https://csrc.nist.gov/glossary/term/java_keystore"}],"definitions":null},{"term":"Job Function","link":"https://csrc.nist.gov/glossary/term/job_function","definitions":[{"text":"the roles and responsibilities specific to an individual, not a job title.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"joint authorization","link":"https://csrc.nist.gov/glossary/term/joint_authorization","definitions":[{"text":"Security authorization involving multiple authorizing officials.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Joint Authorization "}]},{"text":"Authorization involving multiple authorizing officials.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Joint Photographic Experts Group","link":"https://csrc.nist.gov/glossary/term/joint_photographic_experts_group","abbrSyn":[{"text":"JPEG","link":"https://csrc.nist.gov/glossary/term/jpeg"}],"definitions":[{"text":"A standardized image compression function originally established by the Joint Photographic Experts Group.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under JPEG "}]}]},{"term":"Joint Publication","link":"https://csrc.nist.gov/glossary/term/joint_publication","abbrSyn":[{"text":"JP","link":"https://csrc.nist.gov/glossary/term/jp"}],"definitions":null},{"term":"Joint Task Force","link":"https://csrc.nist.gov/glossary/term/joint_task_force","abbrSyn":[{"text":"JTF","link":"https://csrc.nist.gov/glossary/term/jtf"},{"text":"JTFTI"}],"definitions":null},{"term":"Joint Technical Committee","link":"https://csrc.nist.gov/glossary/term/joint_technical_committee","abbrSyn":[{"text":"JTC","link":"https://csrc.nist.gov/glossary/term/jtc"}],"definitions":null},{"term":"Joint Technical Committee 1","link":"https://csrc.nist.gov/glossary/term/joint_technical_committee_1","abbrSyn":[{"text":"JTC 1","link":"https://csrc.nist.gov/glossary/term/jtc_1"}],"definitions":null},{"term":"Joint Test Action Group","link":"https://csrc.nist.gov/glossary/term/joint_test_action_group","abbrSyn":[{"text":"JTAG","link":"https://csrc.nist.gov/glossary/term/jtag"}],"definitions":null},{"term":"JOP","link":"https://csrc.nist.gov/glossary/term/jop","abbrSyn":[{"text":"Jump Oriented Programming","link":"https://csrc.nist.gov/glossary/term/jump_oriented_programming"}],"definitions":null},{"term":"JOSE","link":"https://csrc.nist.gov/glossary/term/jose","abbrSyn":[{"text":"JSON Object Signing and Encryption","link":"https://csrc.nist.gov/glossary/term/json_object_signing_and_encryption"}],"definitions":null},{"term":"Journaling Flash File System, Version 2","link":"https://csrc.nist.gov/glossary/term/journaling_flash_file_system_version_2","abbrSyn":[{"text":"JFFS2","link":"https://csrc.nist.gov/glossary/term/jffs2"}],"definitions":null},{"term":"JP","link":"https://csrc.nist.gov/glossary/term/jp","abbrSyn":[{"text":"Joint Publication","link":"https://csrc.nist.gov/glossary/term/joint_publication"}],"definitions":null},{"term":"JPEG","link":"https://csrc.nist.gov/glossary/term/jpeg","abbrSyn":[{"text":"Joint Photographic Experts Group","link":"https://csrc.nist.gov/glossary/term/joint_photographic_experts_group"}],"definitions":[{"text":"A standardized image compression function originally established by the Joint Photographic Experts Group.","sources":[{"text":"FIPS 201","note":" [version unknown]"}]}]},{"term":"JRE","link":"https://csrc.nist.gov/glossary/term/jre","abbrSyn":[{"text":"Java Runtime Environment","link":"https://csrc.nist.gov/glossary/term/java_runtime_environment"}],"definitions":null},{"term":"JSM","link":"https://csrc.nist.gov/glossary/term/jsm","abbrSyn":[{"text":"Java Security Manager","link":"https://csrc.nist.gov/glossary/term/java_security_manager"}],"definitions":null},{"term":"JSON","link":"https://csrc.nist.gov/glossary/term/json","abbrSyn":[{"text":"JavaScript Object Notation","link":"https://csrc.nist.gov/glossary/term/javascript_object_notation"}],"definitions":null},{"term":"JSON Object Signing and Encryption","link":"https://csrc.nist.gov/glossary/term/json_object_signing_and_encryption","abbrSyn":[{"text":"JOSE","link":"https://csrc.nist.gov/glossary/term/jose"}],"definitions":null},{"term":"JSON Web Encryption","link":"https://csrc.nist.gov/glossary/term/json_web_encryption","abbrSyn":[{"text":"JWE","link":"https://csrc.nist.gov/glossary/term/jwe"}],"definitions":null},{"term":"JSON Web Token","link":"https://csrc.nist.gov/glossary/term/json_web_token","abbrSyn":[{"text":"JWT","link":"https://csrc.nist.gov/glossary/term/jwt"}],"definitions":[{"text":"A data exchange format made of a header, payload, and signature where the header and the payload take the form of JSON objects. They are encoded and concatenated with the aggregate being signed to generate a signature.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"RFC 7519","link":"https://doi.org/10.17487/RFC7519","note":" - Adapted"}]}]}]},{"term":"JSP","link":"https://csrc.nist.gov/glossary/term/jsp","abbrSyn":[{"text":"Java Server Pages","link":"https://csrc.nist.gov/glossary/term/java_server_pages"}],"definitions":null},{"term":"JSS","link":"https://csrc.nist.gov/glossary/term/jss","abbrSyn":[{"text":"JWT Signing Service","link":"https://csrc.nist.gov/glossary/term/jwt_signing_service"}],"definitions":null},{"term":"JTAG","link":"https://csrc.nist.gov/glossary/term/jtag","abbrSyn":[{"text":"Joint Test Action Group","link":"https://csrc.nist.gov/glossary/term/joint_test_action_group"}],"definitions":null},{"term":"JTC","link":"https://csrc.nist.gov/glossary/term/jtc","abbrSyn":[{"text":"Joint Technical Committee","link":"https://csrc.nist.gov/glossary/term/joint_technical_committee"}],"definitions":null},{"term":"JTC 1","link":"https://csrc.nist.gov/glossary/term/jtc_1","abbrSyn":[{"text":"Joint Technical Committee 1","link":"https://csrc.nist.gov/glossary/term/joint_technical_committee_1"}],"definitions":null},{"term":"JTF","link":"https://csrc.nist.gov/glossary/term/jtf","abbrSyn":[{"text":"Joint Task Force","link":"https://csrc.nist.gov/glossary/term/joint_task_force"},{"text":"Joint Task Force Transformation Initiative"}],"definitions":null},{"term":"JTK","link":"https://csrc.nist.gov/glossary/term/jtk","abbrSyn":[{"text":"Java Tool Kit","link":"https://csrc.nist.gov/glossary/term/java_tool_kit"}],"definitions":null},{"term":"judgment","link":"https://csrc.nist.gov/glossary/term/judgment","definitions":[{"text":"The association of one of the preconfigured evaluation choices with an element from the context of a specific organizational level.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]},{"text":"The association of an evaluation choice with an element, from the context of a specific risk management level.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"judgment value","link":"https://csrc.nist.gov/glossary/term/judgment_value","definitions":[{"text":"Predefined values that represent the possible choices that an assessor makes in judging whether or how well the gathered information satisfies an assessment element.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"Jump Oriented Programming","link":"https://csrc.nist.gov/glossary/term/jump_oriented_programming","abbrSyn":[{"text":"JOP","link":"https://csrc.nist.gov/glossary/term/jop"}],"definitions":null},{"term":"Juniper Operating System","link":"https://csrc.nist.gov/glossary/term/juniper_operating_system","abbrSyn":[{"text":"JUNOS","link":"https://csrc.nist.gov/glossary/term/junos"}],"definitions":null},{"term":"JUNOS","link":"https://csrc.nist.gov/glossary/term/junos","abbrSyn":[{"text":"Juniper Operating System","link":"https://csrc.nist.gov/glossary/term/juniper_operating_system"}],"definitions":null},{"term":"Just-in-time","link":"https://csrc.nist.gov/glossary/term/just_in_time","abbrSyn":[{"text":"JIT","link":"https://csrc.nist.gov/glossary/term/jit"}],"definitions":null},{"term":"JVM","link":"https://csrc.nist.gov/glossary/term/jvm","abbrSyn":[{"text":"Java Virtual Machine","link":"https://csrc.nist.gov/glossary/term/java_virtual_machine"}],"definitions":null},{"term":"JWE","link":"https://csrc.nist.gov/glossary/term/jwe","abbrSyn":[{"text":"JSON Web Encryption","link":"https://csrc.nist.gov/glossary/term/json_web_encryption"}],"definitions":null},{"term":"JWT","link":"https://csrc.nist.gov/glossary/term/jwt","abbrSyn":[{"text":"JSON Web Token","link":"https://csrc.nist.gov/glossary/term/json_web_token"}],"definitions":[{"text":"A data exchange format made of a header, payload, and signature where the header and the payload take the form of JSON objects. They are encoded and concatenated with the aggregate being signed to generate a signature.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under JSON Web Token ","refSources":[{"text":"RFC 7519","link":"https://doi.org/10.17487/RFC7519","note":" - Adapted"}]}]}]},{"term":"JWT Signing Service","link":"https://csrc.nist.gov/glossary/term/jwt_signing_service","abbrSyn":[{"text":"JSS","link":"https://csrc.nist.gov/glossary/term/jss"}],"definitions":null},{"term":"K&S","link":"https://csrc.nist.gov/glossary/term/k_and_s","abbrSyn":[{"text":"Knowledge and Skill statement","link":"https://csrc.nist.gov/glossary/term/knowledge_and_skill_statement"}],"definitions":null},{"term":"KAK","link":"https://csrc.nist.gov/glossary/term/kak","abbrSyn":[{"text":"Key-Auto-Key"}],"definitions":null},{"term":"KAS","link":"https://csrc.nist.gov/glossary/term/kas","abbrSyn":[{"text":"Key-Agreement Scheme","link":"https://csrc.nist.gov/glossary/term/key_agreement_scheme"}],"definitions":null},{"term":"KAS1-basic","link":"https://csrc.nist.gov/glossary/term/kas1_basic","definitions":[{"text":"The basic form of Key-Agreement Scheme 1.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAS1-Party_V-confirmation","link":"https://csrc.nist.gov/glossary/term/kas1_party_v_confirmation","definitions":[{"text":"Key-Agreement Scheme 1 with confirmation by party V. Previously known as KAS1-responder-confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAS2-basic","link":"https://csrc.nist.gov/glossary/term/kas2_basic","definitions":[{"text":"The basic form of Key-Agreement Scheme 2.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAS2-bilateral-confirmation","link":"https://csrc.nist.gov/glossary/term/kas2_bilateral_confirmation","definitions":[{"text":"Key-Agreement Scheme 2 with bilateral confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAS2-Party_U-confirmation","link":"https://csrc.nist.gov/glossary/term/kas2_party_u_confirmation","definitions":[{"text":"Key-Agreement Scheme 2 with confirmation by party U. Previously known as KAS2-initiator-confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAS2-Party_V-confirmation","link":"https://csrc.nist.gov/glossary/term/kas2_party_v_confirmation","definitions":[{"text":"Key-Agreement Scheme 2 with confirmation by party V. Previously known as KAS2-responder-confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KAT","link":"https://csrc.nist.gov/glossary/term/kat","abbrSyn":[{"text":"known answer test","link":"https://csrc.nist.gov/glossary/term/known_answer_test"}],"definitions":null},{"term":"KB","link":"https://csrc.nist.gov/glossary/term/kb","abbrSyn":[{"text":"Kilobyte","link":"https://csrc.nist.gov/glossary/term/kilobyte"}],"definitions":null},{"term":"KBA","link":"https://csrc.nist.gov/glossary/term/kba","abbrSyn":[{"text":"Knowledge-based authentication"},{"text":"Knowledge-Based Authentication","link":"https://csrc.nist.gov/glossary/term/knowledge_based_authentication"}],"definitions":null},{"term":"KBits","link":"https://csrc.nist.gov/glossary/term/kbits","definitions":[{"text":"The bit length of the secret keying material.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"KBKDF","link":"https://csrc.nist.gov/glossary/term/kbkdf","abbrSyn":[{"text":"Key-Based Key Derivation Functions","link":"https://csrc.nist.gov/glossary/term/key_based_key_derivation_functions"}],"definitions":null},{"term":"Kbps","link":"https://csrc.nist.gov/glossary/term/kbps","abbrSyn":[{"text":"Kilobit per second"},{"text":"Kilobits / second"},{"text":"Kilobits per second","link":"https://csrc.nist.gov/glossary/term/kilobits_per_second"}],"definitions":[{"text":"Length in bits of the keying material.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Kbits "}]}]},{"term":"KBV","link":"https://csrc.nist.gov/glossary/term/kbv","abbrSyn":[{"text":"Knowledge-Based Verification"}],"definitions":null},{"term":"KC","link":"https://csrc.nist.gov/glossary/term/kc","abbrSyn":[{"text":"Key Confirmation"},{"text":"Key-Confirmation"}],"definitions":null},{"term":"KDC","link":"https://csrc.nist.gov/glossary/term/kdc","abbrSyn":[{"text":"key distribution center"},{"text":"Key Distribution Center"}],"definitions":null},{"term":"KDF","link":"https://csrc.nist.gov/glossary/term/kdf","abbrSyn":[{"text":"Key Derivation Function"},{"text":"Key Derivation Functions"},{"text":"Key-Derivation Function"}],"definitions":[{"text":"Key Derivation Function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]}]},{"term":"KDK","link":"https://csrc.nist.gov/glossary/term/kdk_1","abbrSyn":[{"text":"Key-derivation function","link":"https://csrc.nist.gov/glossary/term/key_derivation_function"},{"text":"key-derivation key"},{"text":"Key-Derivation Key"}],"definitions":[{"text":"A key used as an input to a key-derivation function to derive additional keying material.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under key-derivation key "}]},{"text":"As used in this Recommendation, either a one-step key-derivation method or a key-derivation function based on a pseudorandom function as specified in [SP 800-108].","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Key-derivation function "}]},{"text":"A function by which keying material is derived from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key-derivation function "}]},{"text":"A function that, with the input of a cryptographic key or shared secret, and possibly other data, generates a binary string, called keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key-derivation function "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key-derivation function "}]},{"text":"As used in this Recommendation, a function used to derive secret keying material from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key-derivation function "}]},{"text":"A function that − with the input of a cryptographic key or shared secret and possibly other data − generates a binary string, called keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key-derivation function "}]},{"text":"As used in this Recommendation, either a one-step key-derivation method or a key-derivation function based on a pseudorandom function as specified in SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key-derivation function "}]},{"text":"A function used to derive keying material from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key-derivation function "}]}]},{"term":"KDM","link":"https://csrc.nist.gov/glossary/term/kdm","abbrSyn":[{"text":"Key-Derivation Method"},{"text":"Key-Deviation Method"}],"definitions":null},{"term":"KE","link":"https://csrc.nist.gov/glossary/term/ke","abbrSyn":[{"text":"Key Exchange"}],"definitions":[{"text":"The process of exchanging public keys in order to establish secure communications.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Key Exchange "}]}]},{"term":"KECCAK","link":"https://csrc.nist.gov/glossary/term/keccak","definitions":[{"text":"The family of all sponge functions with a KECCAK-f permutation as the underlyinng function and multi-rate padding as the padding rule. KECCAK was originally specified in [G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, The KECCAK reference, version 3.0], and standardized in FIPS 202.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"KECCAK Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/keccak_message_authentication_code","abbrSyn":[{"text":"KMAC","link":"https://csrc.nist.gov/glossary/term/kmac"}],"definitions":[{"text":"KECCAK Message Authentication Code.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under KMAC "}]}]},{"term":"KEK","link":"https://csrc.nist.gov/glossary/term/kek","abbrSyn":[{"text":"Key Encryption Key"},{"text":"Key Exchange Key","link":"https://csrc.nist.gov/glossary/term/key_exchange_key"},{"text":"key-encryption key"}],"definitions":[{"text":"The key for the underlying block cipher of KW, KWP, or TKW. May be called a key-wrapping key in other documents.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under key-encryption key "}]}]},{"term":"KEM","link":"https://csrc.nist.gov/glossary/term/kem","abbrSyn":[{"text":"Key-Encapsulation Mechanism","link":"https://csrc.nist.gov/glossary/term/key_encapsulation_mechanism"},{"text":"key-establishment mechanism","link":"https://csrc.nist.gov/glossary/term/key_establishment_mechanism"}],"definitions":null},{"term":"Kerberos","link":"https://csrc.nist.gov/glossary/term/kerberos","definitions":[{"text":"An authentication system developed at the Massachusetts Institute of Technology (MIT). Kerberos is designed to enable two parties to exchange private information across a public network.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]"},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]},{"text":"A widely used authentication protocol developed at MIT. In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user (Alice) who wishes to communicate with another user (Bob) authenticates to the KDC and the KDC furnishes a “ticket” to use to authenticate with Bob.\nSee SP 800-63C Section 11.2 for more information.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A network authentication protocol that is designed to provide strong authentication for client/server applications by using symmetric-key cryptography.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A means of verifying the identities of principals on an open network. Kerberos accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. Kerberos uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"IETF RFC 1501","link":"https://tools.ietf.org/html/rfc1501"}]}]},{"text":"A widely used authentication protocol developed at MIT. In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a “ticket” by the KDC to use to authenticate with Bob.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Kernel-Based Virtual Machine","link":"https://csrc.nist.gov/glossary/term/kernel_based_virtual_machine","abbrSyn":[{"text":"KVM","link":"https://csrc.nist.gov/glossary/term/kvm"}],"definitions":null},{"term":"key","link":"https://csrc.nist.gov/glossary/term/key","abbrSyn":[{"text":"cryptographic key","link":"https://csrc.nist.gov/glossary/term/cryptographic_key"},{"text":"Cryptographic key"},{"text":"Cryptographic Key"}],"definitions":[{"text":"A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Cryptographic Key "}]},{"text":"A bit string used as a secret parameter by a cryptographic algorithm. In this Recommendation, a cryptographic key is either a random bit string of a length specified by the cryptographic algorithm or a pseudorandom bit string of the required length that is computationally indistinguishable from one selected uniformly at random from the set of all bit strings of that length.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under cryptographic key "}]},{"text":"A parameter used with a cryptographic algorithm that determines its operation.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Cryptographic key "}]},{"text":"The parameter of a block cipher that determines the selection of a permutation from the block cipher family.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under cryptographic key "}]},{"text":"A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Usually a sequence of random or pseudorandom bits used initially to set up and periodically change the operations performed in cryptographic equipment for the purpose of encrypting or decrypting electronic signals, or for determining electronic counter-countermeasures (ECCM) patterns, or for producing other key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation. \nExamples applicable to this Standard include: \n1. The computation of a digital signature from data, and \n2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Key ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples applicable to this Recommendation include: 1. The computation of a digital signature from data, and 2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Key "}]},{"text":"A parameter used with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples applicable to this Recommendation include:\n1. The computation of a keyed-hash message authentication code.\n2. The verification of a keyed-hash message authentication code.\n3. The generation of a digital signature on a message.\n4. The verification of a digital signature.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Key "}]},{"text":"A  binary  string  used  as  a  secret  parameter  by  a  cryptographic algorithm. In this Recommendation, a cryptographic key shall be either a truly random binary string of a length specified by the cryptographic algorithm or a pseudorandom binary string of the specified length that is computationally indistinguishable from one selected uniformly at random from the set of all binary strings of that length.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Cryptographic key "}]},{"text":"A cryptographic key that can be directly used by a cryptographic algorithm to perform a cryptographic operation.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key (plaintext) "}]},{"text":"A parameter that determines the transformation from plaintext to ciphertext and vice versa. (A DEA key is a 64-bit parameter consisting of 56 independent bits and 8 parity bits). Multiple (1, 2 or 3) keys may be used in the Triple Data Encryption Algorithm.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Cryptographic key "}]},{"text":"A parameter used in the block cipher algorithm that determines the forward cipher operation and the inverse cipher operation.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Cryptographic Key "}]},{"text":"The parameter of the block cipher that determines the selection of the forward cipher function from the family of permutations.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Key (Block Cipher Key) "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Key "}]},{"text":"A parameter used in the block cipher algorithm that determines the forward cipher function.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Cryptographic Key "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. For the purposes of these guidelines, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1.\nSee also Asymmetric Keys, Symmetric Key.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Cryptographic Key "}]},{"text":"A parameter that determines the transformation using DEA and TDEA forward and inverse operations.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Cryptographic Key "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Cryptographic Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce the operation, while an entity without knowledge of the key cannot. Examples of the use of a key that are applicable to this Recommendation include: 1. The computation of a digital signature from data, and 2. The verification of a digital signature.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Key "}]},{"text":"See cryptographic key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Key "},{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Key "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the correct key can reproduce or reverse the operation, while an entity without knowledge of the key cannot. Examples of cryptographic operations requiring the use of cryptographic keys include: 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of an authentication code from data, 6. The verification of an authentication code from data and a received authentication code, 7. The computation of a shared secret that is used to derive keying material. 8. The derivation of additional keying material from a keyderivation key (i.e., a pre-shared key).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Cryptographic key "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. For the purposes of these guidelines, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1. \nSee also Asymmetric Keys, Symmetric Key.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Cryptographic Key "}]},{"text":"A parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce or reverse the operation while an entity without knowledge of the key cannot. Examples include 1. The transformation of plaintext data into ciphertext data, 2. The transformation of ciphertext data into plaintext data, 3. The computation of a digital signature from data, 4. The verification of a digital signature, 5. The computation of a message authentication code (MAC) from data, 6. The verification of a MAC received with data, 7. The computation of a shared secret that is used to derive keying material.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Cryptographic key "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Cryptographic Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"A cryptographic key. In this document, keys generally refer to public key cryptography key pairs used for authentication of users and/or machines (using digital signatures). Examples include identity key and authorized keys. The SSH protocol also uses host keys that are used for authenticating SSH servers to SSH clients connecting them.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966","underTerm":" under Key "}]},{"text":"See “Cryptographic Key”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Key "}]},{"text":"A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification. For the purposes of this document, key requirements shall meet the minimum requirements stated in Table 2 of NIST SP 800-57 Part 1. \nSee also Asymmetric keys, Symmetric key.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Cryptographic Key "}]}]},{"term":"Key (or key pair) owner","link":"https://csrc.nist.gov/glossary/term/key_or_key_pair_owner","definitions":[{"text":"One or more entities that are authorized to use a symmetric key or the private key of an asymmetric key pair.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"key administration","link":"https://csrc.nist.gov/glossary/term/key_administration","definitions":[{"text":"Functions of loading, storing, copying, and distributing the keys and producing the necessary audit information to support those functions. (System Unique).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSI No. 3006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"key agreement","link":"https://csrc.nist.gov/glossary/term/key_agreement","definitions":[{"text":"A key-establishment procedure where resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material independently of the other party’s contribution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants, so that neither party can predetermine the value of the secret keying material independently from the contributions of the other party. Contrast with key transport.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key agreement "}]},{"text":"A key-establishment procedure where the resultant keying material is a function of information contributed by two or more participants, so that an entity cannot predetermine the resulting value of the keying material independently of any other entity’s contribution.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants, so that neither party can predetermine the value of the secret keying material independently from the contributions of the other party. Contrast with key-transport.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key agreement "}]},{"text":"A key-establishment procedure where resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material independently of any other party’s contribution.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants so that neither party can predetermine the value of the secret keying material independently from the contributions of the other party. Key agreement includes the creation (i.e., generation) of keying material by the key-agreement participants. A separate distribution of the generated keying material is not performed. Contrast with Key transport.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure where the resultant secret keying material is a function of information contributed by two participants so that no party can predetermine the value of the secret keying material independently from the contributions of the other party. Contrast with key-transport.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants, so that neither party can predetermine the value of the secret keying material independently of the contributions of the other party. Contrast with key transport.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure where secret keying material is generated from information contributed by two participants so that no party can predetermine the value of the secret keying material independently from the contributions of the other party. Contrast with key-transport.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key agreement "}]},{"text":"A key-establishment procedure where keying material is generated from information contributed by two or more participants so that no party can predetermine the value of the keying material independently of any other party’s contribution.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants so that neither party can predetermine the value of the secret keying material independently of the contributions of the other party; contrast with key transport.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key agreement "}]},{"text":"A (pair-wise) key-establishment procedure where the resultant secret keying material is a function of information contributed by two participants, so that no party can predetermine the value of the secret keying material independently from the contributions of the other party. Contrast with key-transport.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key agreement "}]}],"seeAlso":[{"text":"Key transport"},{"text":"key-transport"}]},{"term":"Key agreement primitive","link":"https://csrc.nist.gov/glossary/term/key_agreement_primitive","definitions":[{"text":"A primitive algorithm used in a key-agreement scheme specified in [NIST SP 800-56A], or in [NIST SP 800-56B].","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key-agreement primitive "}]},{"text":"A DLC primitive specified in [SP 800-56A] or an RSA Secret Value Encapsulation (RSASVE) operation specified in [NIST SP 800-56B].","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]},{"text":"A primitive algorithm used in a key-agreement scheme specified in SP 800-56A, 3 or in SP 800-56B.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key-agreement primitive "}]},{"text":"A primitive algorithm used in a key-agreement scheme specified in SP 800-56A or SP 800-56B.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key-agreement primitive "}]}]},{"term":"Key and metadata management functions","link":"https://csrc.nist.gov/glossary/term/key_and_metadata_management_functions","definitions":[{"text":"Functions performed by a CKMS or FCKMS in order to manage keys and metadata.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Key Bundle","link":"https://csrc.nist.gov/glossary/term/key_bundle","definitions":[{"text":"The three DEA cryptographic keys (Key1, Key2, Key3) that are used with a TDEA mode.","sources":[{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2"}]},{"text":"The three cryptographic keys (Key1, Key2, Key3) that are used with a TDEA mode.","sources":[{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]"}]}]},{"term":"Key center","link":"https://csrc.nist.gov/glossary/term/key_center","definitions":[{"text":"A common central source of the keys or key components that are necessary to support cryptographically protected exchanges within one or more communicating groups.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key certification","link":"https://csrc.nist.gov/glossary/term/key_certification","definitions":[{"text":"In a Public Key Infrastructure (PKI), a process that permits keys or key components to be unambiguously associated with their certificate sources (e.g., using digital signatures to associate public-key certificates with the certification authorities that issued them).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key Chords","link":"https://csrc.nist.gov/glossary/term/key_chords","definitions":[{"text":"Specific hardware keys pressed in a particular sequence on a mobile device.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Key component","link":"https://csrc.nist.gov/glossary/term/key_component","abbrSyn":[{"text":"Cryptographic key component","link":"https://csrc.nist.gov/glossary/term/cryptographic_key_component"}],"definitions":[{"text":"See Cryptographic key component.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"One of at least two parameters that have the same security properties (e.g., randomness) as a cryptographic key; parameters are combined using an approved cryptographic function to form a plaintext cryptographic key before use.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key custodian","link":"https://csrc.nist.gov/glossary/term/key_custodian","definitions":[{"text":"An FCKMS role that is responsible for distributing keys or key splits and/or entering them into a cryptographic module.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Key de-registration","link":"https://csrc.nist.gov/glossary/term/key_de_registration","definitions":[{"text":"A function in the lifecycle of keying material; the marking of all keying material records and associations to indicate that the key is no longer in use.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A stage in the lifecycle of keying material; the removal of all records of keying material that was registered by a registration authority.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A function in the lifecycle of a cryptographic key; the marking of a key or the information associated with it (e.g., metadata) to indicate that the key is no longer in use.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key derivation","link":"https://csrc.nist.gov/glossary/term/key_derivation","definitions":[{"text":"The process by which keying material is derived from 1) either a cryptographic key or a shared secret produced during a key-agreement scheme and 2) other data. This Recommendation specifies key derivation from an existing cryptographic key and other data.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under key derivation "}]},{"text":"The process that derives keying material from a key.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"1. A process by which one or more keys are derived from a shared secret and other information during a key agreement transaction.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"2. A process that derives new keying material from a key (i.e., a key-derivation key) that is currently available.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"The process of deriving a key in a non-reversible manner from shared information, some of which is secret.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A process that derives keying material from a key or a shared secret.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"The process by which one or more keys are derived from either a pre-shared key or a shared secret (from a key-agreement scheme), along with other information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"As used in this Recommendation, a method of deriving keying material from a pre-shared key and possibly other information. See NIST SP 800-108.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A process by which one or more keys are derived from a shared secret and other information during a key-agreement transaction.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A process that derives new keying material from a key (i.e., a key-derivation key) that is currently available.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"The process by which keying material is derived from either a pre-shared key or a shared secret produced during a key-agreement scheme along with other information.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"The process by which keying material is derived from either a pre-shared key or a shared secret (from a key-agreement scheme), along with other information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A function in the lifecycle of keying material; the process by which one or more keys are derived from either a pre-shared key, or a shared secret and other information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Key destruction","link":"https://csrc.nist.gov/glossary/term/key_destruction","definitions":[{"text":"To remove all traces of keying material so that it cannot be recovered by either physical or electronic means.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"To remove all traces of a cryptographic key so that it cannot be recovered by either physical or electronic means.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key Device Cybersecurity Requirement","link":"https://csrc.nist.gov/glossary/term/key_device_cybersecurity_requirement","definitions":[{"text":"A device cybersecurity requirement that if lacking from an IoT device (in the case of a device cybersecurity capability) or manufacturer or supporting entity (in the case of a non-technical supporting capability) will result in unacceptable risk to the organization.","sources":[{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"key distribution","link":"https://csrc.nist.gov/glossary/term/key_distribution","abbrSyn":[{"text":"Distribution","link":"https://csrc.nist.gov/glossary/term/distribution"},{"text":"Key transport"}],"definitions":[{"text":"The transport of a key and other keying material from an entity that either owns or generates the key to another entity that is intended to use the key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key distribution "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver) using an asymmetric algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"See Key transport.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key distribution "}]},{"text":"A manual or automated key-establishment procedure whereby one entity (the sender) selects and distributes the key to another entity (the receiver).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key transport "}]},{"text":"A (pair-wise) key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver). Contrast with key agreement.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver). Contrast with key agreement.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key transport "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"The transport of a key and other keying material from an entity that either owns the key or generates the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"Secure transport of cryptographic keys from one cryptographic module to another module. When used in conjunction with a public key (asymmetric) algorithm, keying material is encrypted using a public key and subsequently decrypted using a private key. When used in conjunction with a symmetric algorithm, key transport is known as key wrapping.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"See Key distribution.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Distribution "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Distribution "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Distribution "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Distribution "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Distribution "}]},{"text":"The transport of key information from one entity (the sender) to one or more other entities (the receivers). The sender may have generated the key information or acquired it from another source as part of a separate process. The key information may be distributed manually or using automated key transport mechanisms.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key distribution "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key transport "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts (or wraps) the keying material and then distributes the material to another party (the receiver). \nWhen used in conjunction with a public-key (asymmetric) algorithm, the keying material is encrypted using the public key of the receiver and subsequently decrypted using the private key of the receiver. \nWhen used in conjunction with a symmetric algorithm, the keying material is encrypted with a key-wrapping key shared by the two parties.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"The transport of a key and other keying material from an entity that either owns, generates or otherwise acquires the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key distribution "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts (or wraps) the key and then distributes it to another party (the receiver). When used in conjunction with a public-key (asymmetric) algorithm, the key is encrypted using the public key of the receiver and subsequently decrypted using the receiver’s private key. When used in conjunction with a symmetric algorithm, the key is encrypted with a key-wrapping key shared by the sending and receiving parties and decrypted using the same key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). When used in conjunction with a public-key (asymmetric) algorithm, the keying material is encrypted using the public key of the receiver and subsequently decrypted using the private key of the receiver. When used in conjunction with a symmetric algorithm, the keying material is encrypted with a key-encrypting key shared by the two parties.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key transport "}]}]},{"term":"key distribution center (KDC)","link":"https://csrc.nist.gov/glossary/term/key_distribution_center","abbrSyn":[{"text":"KDC","link":"https://csrc.nist.gov/glossary/term/kdc"}],"definitions":[{"text":"COMSEC facility generating and distributing key in electronic form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A key center that generates keys for distribution to subscriber entities.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key Distribution Center (KDC) "}]}]},{"term":"key encryption key (KEK)","link":"https://csrc.nist.gov/glossary/term/key_encrypting_key","abbrSyn":[{"text":"KEK","link":"https://csrc.nist.gov/glossary/term/kek"}],"definitions":[{"text":"A key that encrypts other key (typically traffic encryption keys (TEKs)) for transmission or storage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A key derived from the authorization key that is used to encrypt traffic encryption keys (TEK) during the TEK exchange.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Key encryption key (KEK) "}]},{"text":"A cryptographic key that is used for the encryption or decryption of other keys.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key encrypting key "}]}]},{"term":"key escrow","link":"https://csrc.nist.gov/glossary/term/key_escrow","definitions":[{"text":"A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Key Escrow ","refSources":[{"text":"ABADSG","note":" - Adapted from \"Commercial key escrow service\""}]}]},{"text":"The retention of the private component of the key pair associated with a subscriber’s encryption certificate to support key recovery.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"key escrow system","link":"https://csrc.nist.gov/glossary/term/key_escrow_system","definitions":[{"text":"The system responsible for storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates, which are necessary for the recovery of encrypted data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"key establishment","link":"https://csrc.nist.gov/glossary/term/key_establishment","definitions":[{"text":"A procedure conducted by two or more participants, after which the resultant keying material is shared by all participants.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"The procedure that results in keying material that is shared among different parties.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"A function in the lifecycle of keying material; the process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key-transport and/or key-agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key establishment "}]},{"text":"A procedure, conducted by two or more participants, after which the resultant keying material is shared by all participants.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Key-establishment "}]},{"text":"A procedure that results in secret keying material that is shared among different parties.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key establishment "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key establishment "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key establishment "},{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Key establishment "}]},{"text":"The process that results in the sharing of a key between two or more entities, either by transporting a key from one entity to another (key transport) or generating a key from information shared by the entities (key agreement).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key establishment "}]},{"text":"The procedure that results in keying material that is shared among different parties.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key establishment "}]},{"text":"A procedure that results in generating shared keying material among different parties.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Key establishment "}]},{"text":"A procedure that results in establishing secret keying material that is shared among different parties.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key establishment "}]},{"text":"The process that results in the sharing of a key between two or more entities, either by manual distribution, using automated key transport or key agreement mechanisms or by using key derivation that employs an already-shared key between or among those entities. Key establishment may include the creation of a key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key establishment "}]},{"text":"A function in the lifecycle of keying material; the process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key-transport and/or key-agreement protocols), or a combination of automated and manual methods.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key establishment "}]},{"text":"A stage in the lifecycle of keying material; the process by which cryptographic keys are securely distributed among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key establishment "}]},{"text":"The procedure that results in keying material that is shared among different entities.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key establishment "}]},{"text":"A function in the lifecycle of a cryptographic key; the process by which cryptographic keys are securely established among entities using manual transport methods (e.g., key loaders), automated methods (e.g., key-transport and/or key-agreement protocols), or a combination of automated and manual methods.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key establishment "}]},{"text":"The procedure that results in keying material that is shared between the participating parties in a key-establishment transaction.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key establishment "}]}]},{"term":"Key Exchange Key","link":"https://csrc.nist.gov/glossary/term/key_exchange_key","abbrSyn":[{"text":"KEK","link":"https://csrc.nist.gov/glossary/term/kek"}],"definitions":null},{"term":"Key expansion","link":"https://csrc.nist.gov/glossary/term/key_expansion","definitions":[{"text":"The second step in the key-derivation procedure specified in this Recommendation in which a key-derivation key is used to derive secret keying material having the desired length.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"The second step in the key derivation procedure specified in this Recommendation to derive keying material with the desired length.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"The second step in the key-derivation procedure in which a key-derivation key is used to derive secret keying material having the desired length(s). The first step in the procedure is randomness extraction.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Key extraction","link":"https://csrc.nist.gov/glossary/term/key_extraction","definitions":[{"text":"See Randomness extraction.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Key format","link":"https://csrc.nist.gov/glossary/term/key_format","definitions":[{"text":"The data structure of a cryptographic key.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Key generation","link":"https://csrc.nist.gov/glossary/term/key_generation","definitions":[{"text":"The process of generating keys for cryptography.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"The generation of a cryptographic key either as a single process using a random bit generator and an approved set of rules, or as created during key agreement or key derivation.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key Generation and Distribution","link":"https://csrc.nist.gov/glossary/term/key_generation_and_distribution","abbrSyn":[{"text":"KGD","link":"https://csrc.nist.gov/glossary/term/kgd"}],"definitions":null},{"term":"key generation material","link":"https://csrc.nist.gov/glossary/term/key_generation_material","definitions":[{"text":"Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Key Generation Material "}]}]},{"term":"Key Generator","link":"https://csrc.nist.gov/glossary/term/key_generator","abbrSyn":[{"text":"KG","link":"https://csrc.nist.gov/glossary/term/kg"}],"definitions":null},{"term":"Key information","link":"https://csrc.nist.gov/glossary/term/key_information","definitions":[{"text":"Information about a key that includes the keying material and associated metadata relating to the key. See Keying material and Metadata.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"Information about a key that includes the keying material and associated metadata relating to that key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"Information about a key that includes the keying material and associated metadata relating to that key. See Keying material and Metadata.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}],"seeAlso":[{"text":"Keying material"},{"text":"Metadata"}]},{"term":"Key inventory","link":"https://csrc.nist.gov/glossary/term/key_inventory","definitions":[{"text":"Information about each key that does not include the key itself (e.g., the key owner, key type, algorithm, application and expiration date).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key length","link":"https://csrc.nist.gov/glossary/term/key_length","definitions":[{"text":"The length of a key in bits; used interchangeably with “Key size”.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The length of a key in bits; used interchangeably with “Key size.”","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"Used interchangeably with “Key size”.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Key life cycle","link":"https://csrc.nist.gov/glossary/term/key_life_cycle","definitions":[{"text":"The period of time between the creation of the key and its destruction.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"key list","link":"https://csrc.nist.gov/glossary/term/key_list","definitions":[{"text":"A printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"key loader","link":"https://csrc.nist.gov/glossary/term/key_loader","definitions":[{"text":"A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]}]},{"term":"key management","link":"https://csrc.nist.gov/glossary/term/key_management","abbrSyn":[{"text":"KMN","link":"https://csrc.nist.gov/glossary/term/kmn"}],"definitions":[{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., counters) during the entire life cycle of the keys, including the generation, storage, establishment, entry and output, and destruction.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g. passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., initialization vectors) during the entire lifecycle of the keys, including their generation, storage, establishment, entry and output, use and destruction.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Key Management ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key management "}]},{"text":"The activities involved in the handling of cryptographic keys and other related parameters (e.g., IVs and domain parameters) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output into cryptographic modules, use and destruction.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key management "}]},{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key management "}]},{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and counters) during the entire life cycle of the keys, including their generation, storage, establishment, entry, output, use, and destruction.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key management "}]},{"text":"The activities involving the handling of cryptographic keys and other related key information during the entire lifecycle of the keys, including their generation, storage, establishment, entry and output, use, and destruction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key management "}]},{"text":"The activities involved in the handling of cryptographic keys and other related security parameters (e.g., initialization vectors (IVs) and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key management "}]},{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., passwords) during the entire lifecycle of the keys, including their generation, storage, establishment, entry and output, use and destruction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key management "}]}]},{"term":"Key Management Center","link":"https://csrc.nist.gov/glossary/term/key_management_center","abbrSyn":[{"text":"KMC","link":"https://csrc.nist.gov/glossary/term/kmc"}],"definitions":null},{"term":"Key management components","link":"https://csrc.nist.gov/glossary/term/key_management_components","definitions":[{"text":"The software module applications and hardware security modules (HSMs) that are used to generate, establish, distribute, store, account for, suspend, revoke, or destroy cryptographic keys and metadata.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"key management device","link":"https://csrc.nist.gov/glossary/term/key_management_device","definitions":[{"text":"A unit that provides for secure electronic distribution of encryption keys to authorized users.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"key management entity (KME)","link":"https://csrc.nist.gov/glossary/term/key_management_entity","abbrSyn":[{"text":"KME","link":"https://csrc.nist.gov/glossary/term/kme"}],"definitions":[{"text":"Any activity/organization that performs key management related functionality and has been assigned an electronic key management system (EKMS) ID.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Key management function","link":"https://csrc.nist.gov/glossary/term/key_management_function","definitions":[{"text":"Functions used 1) to establish cryptographic keys, certificates and the information associated with them; 2) for the accounting of all keys and certificates; 3) for key storage and recovery; 4) for revocation and replacement (as needed); and 5) for key destruction.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key Management Identification Number","link":"https://csrc.nist.gov/glossary/term/key_management_identification_number","abbrSyn":[{"text":"KMID","link":"https://csrc.nist.gov/glossary/term/kmid"}],"definitions":null},{"term":"key management infrastructure (KMI)","link":"https://csrc.nist.gov/glossary/term/key_management_infrastructure","abbrSyn":[{"text":"KMI","link":"https://csrc.nist.gov/glossary/term/kmi"}],"definitions":[{"text":"The framework and services that provide the generation, production, storage, protection, distribution, control, tracking, and destruction for all cryptographic keying material, symmetric keys as well as public keys and public key certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of all cryptographic material, including symmetric keys, as well as public keys and public key certificates. It includes all elements (hardware, software, other equipment, and documentation); facilities; personnel; procedures; standards; and information products that form the system that distributes, manages, and supports the delivery of cryptographic products and services to end users.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key management infrastructure "}]}],"seeAlso":[{"text":"electronic key management system (EKMS)","link":"electronic_key_management_system"}]},{"term":"Key Management Interoperability Protocol","link":"https://csrc.nist.gov/glossary/term/key_management_interoperability_protocol","abbrSyn":[{"text":"KMIP","link":"https://csrc.nist.gov/glossary/term/kmip"}],"definitions":null},{"term":"Key Management Plan","link":"https://csrc.nist.gov/glossary/term/key_management_plan","abbrSyn":[{"text":"KMP","link":"https://csrc.nist.gov/glossary/term/kmp"}],"definitions":[{"text":"Documents how key management for current and/or planned cryptographic products and services will be implemented to ensure lifecycle key management support for cryptographic processes.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The Key Management Plan is the document that describes for a cryptographic device or application the management of all key management products and services distributed by the Key Management Infrastructure and employed by that cryptographic device or application. The Key Management Plan documents how current and/or planned key management products and services will be supplied by the Key Management Infrastructure and used by the cryptographic application to ensure that lifecycle key management support is available.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key management plan "}]}]},{"term":"Key management planning documentation","link":"https://csrc.nist.gov/glossary/term/key_management_planning_documentation","definitions":[{"text":"The Key Management Specification, CKMS Security Policy and CKMS Practice Statement","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key Management Policy","link":"https://csrc.nist.gov/glossary/term/key_management_policy","abbrSyn":[{"text":"KMP","link":"https://csrc.nist.gov/glossary/term/kmp"}],"definitions":[{"text":"A high-level statement of organizational key management policies that identifies a high-level structure, responsibilities, governing standards, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A high-level document that identifies a high-level structure, responsibilities, governing standards and guidelines, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The Key Management Policy is a high-level statement of organizational key management policies that identifies high-level structure, responsibilities, governing standards and guidelines, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key Management Policy "}]},{"text":"A high-level statement of organizational key-management policies that identifies a high-level structure, responsibilities, governing standards, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key-Management Policy "}]},{"text":"A high-level statement of organizational key management policies that identifies a high-level structure, responsibilities, governing Standards and Recommendations, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Key management protocol","link":"https://csrc.nist.gov/glossary/term/key_management_protocol","abbrSyn":[{"text":"KMP","link":"https://csrc.nist.gov/glossary/term/kmp"}],"definitions":[{"text":"Documented and coordinated rules for exchanging keys and metadata (e.g., X.509 certificates).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key Management Service","link":"https://csrc.nist.gov/glossary/term/key_management_service","abbrSyn":[{"text":"KMS","link":"https://csrc.nist.gov/glossary/term/kms"}],"definitions":[{"text":"A key management service is a function performed for or by an","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key management service "}]},{"text":"The generation, establishment, distribution, destruction, revocation, and recovery of keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key management service "}]}]},{"term":"Key Management System","link":"https://csrc.nist.gov/glossary/term/key_management_system","abbrSyn":[{"text":"KMS","link":"https://csrc.nist.gov/glossary/term/kms"}],"definitions":[{"text":"A system for the management of cryptographic keys and their metadata (e.g., generation, distribution, storage, backup, archive, recovery, use, revocation, and destruction). An automated key management system may be used to oversee, automate, and secure the key management process.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key management system "}]}]},{"term":"Key owner","link":"https://csrc.nist.gov/glossary/term/key_owner","definitions":[{"text":"A person authorized by an FCKMS service provider or FCKMS service-using organization to use a specific key that is managed by the FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"One or more entities that are authorized to use a symmetric key or the private key of a key pair.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Owner of a key or key pair "}]},{"text":"An entity authorized to use a cryptographic key or key pair and whose identifier is associated with a cryptographic key or key pair.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"key pair","link":"https://csrc.nist.gov/glossary/term/key_pair","abbrSyn":[{"text":"key-establishment key pair","link":"https://csrc.nist.gov/glossary/term/key_establishment_key_pair"}],"definitions":[{"text":"A public key and its corresponding private key; a key pair is used with a public key algorithm.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key pair "}]},{"text":"A private key and its corresponding public key; a key pair is used with an asymmetric-key (public-key) algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key pair "}]},{"text":"Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Key Pair "}]},{"text":"A public key and its corresponding private key; a key pair is used with a public-key algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key pair "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Key pair "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Key pair "}]},{"text":"See key-establishment key pair.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key. A key pair is used with a public key algorithm.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key; a key pair is used with a public-key (asymmetric-key) algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key pair "}]}]},{"term":"Key Performance Indicator","link":"https://csrc.nist.gov/glossary/term/key_performance_indicator","abbrSyn":[{"text":"KPI","link":"https://csrc.nist.gov/glossary/term/kpi"}],"definitions":null},{"term":"key processor (KP)","link":"https://csrc.nist.gov/glossary/term/key_processor","abbrSyn":[{"text":"KP","link":"https://csrc.nist.gov/glossary/term/kp"}],"definitions":[{"text":"The high-assurance cryptographic component in electronic key management system (EKMS) designed to provide for the local generation of keying material, encryption, and decryption of key, key load into electronic fill devices, and message signature functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Key Protection Technology","link":"https://csrc.nist.gov/glossary/term/key_protection_technology","abbrSyn":[{"text":"KPT","link":"https://csrc.nist.gov/glossary/term/kpt"}],"definitions":null},{"term":"key recovery","link":"https://csrc.nist.gov/glossary/term/key_recovery","definitions":[{"text":"A function in the lifecycle of keying material; mechanisms and processes that allow authorized entities to retrieve or reconstruct keying material from key backup or archive.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key recovery "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key recovery "}]},{"text":"A stage in the lifecycle of keying material; mechanisms and processes that allow authorized entities to retrieve keying material from key backup or archive.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key recovery "}]},{"text":"Mechanisms and processes that allow authorized entities to retrieve or reconstruct keys and other key information from key backups or archives.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key recovery "}]},{"text":"A function in the lifecycle of a cryptographic key; mechanisms and processes that allow authorized entities to retrieve or reconstruct the key from key backups or archives.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key recovery "}]}]},{"term":"Key Reference","link":"https://csrc.nist.gov/glossary/term/key_reference","definitions":[{"text":"A key reference is a one-byte identifier that specifies a cryptographic key according to its PIV Key Type. The identifier is part of the cryptographic material used in a cryptographic protocol, such as an authentication or a signing protocol.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"Key registration","link":"https://csrc.nist.gov/glossary/term/key_registration","definitions":[{"text":"A function in the lifecycle of keying material; the process of officially recording the keying material by a registration authority.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A stage in the lifecycle of keying material; the process of officially recording the keying material by a registration authority.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A function in the lifecycle of a cryptographic key; the process of officially recording the keying material by a registration authority.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key Reinstallation Attack","link":"https://csrc.nist.gov/glossary/term/key_reinstallation_attack","abbrSyn":[{"text":"KRACK","link":"https://csrc.nist.gov/glossary/term/krack"}],"definitions":null},{"term":"Key revocation","link":"https://csrc.nist.gov/glossary/term/key_revocation","definitions":[{"text":"A function in the lifecycle of keying material; a process whereby a notice is made available to affected entities that keying material should be removed from operational use prior to the end of the established cryptoperiod of that keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A stage in the lifecycle of keying material; a process whereby a notice is made available to affected entities that keying material should be removed from operational use prior to the end of the established cryptoperiod of that keying material.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A possible function in the lifecycle of a cryptographic key; a process whereby a notice is made available to affected entities that the key should be removed from operational use prior to the end of the established cryptoperiod of that key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key Risk Indicator","link":"https://csrc.nist.gov/glossary/term/key_risk_indicator","abbrSyn":[{"text":"KRI","link":"https://csrc.nist.gov/glossary/term/kri"}],"definitions":null},{"term":"Key Rollover","link":"https://csrc.nist.gov/glossary/term/key_rollover","definitions":[{"text":"The process of generating and using a new key (symmetric or asymmetric key pair) to replace one already in use. Rollover is done because a key has been compromised or is vulnerable to compromise as a result of use and age.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"Key Rotation","link":"https://csrc.nist.gov/glossary/term/key_rotation","definitions":[{"text":"Changing the key, i.e., replacing it by a new key. The places that use the key or keys derived from it (e.g., authorized keys derived from an identity key, legitimate copies of the identity key, or certificates granted for a key) typically need to be correspondingly updated. With SSH user keys, it means replacing an identity key by a newly generated key and updating authorized keys correspondingly.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Key schedule","link":"https://csrc.nist.gov/glossary/term/key_schedule","definitions":[{"text":"The sequence of round keys that are generated from the key by KEYEXPANSION().","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"Key share","link":"https://csrc.nist.gov/glossary/term/key_share","definitions":[{"text":"One of n parameters (where n ≥ 2) such that among the n key shares, any k key shares (where k ≥ n) can be used to construct a key value, but having any k−1 or fewer key shares provides no knowledge of the (constructed) key value. Sometimes called a cryptographic key component or key split.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key Signing Key (KSK)","link":"https://csrc.nist.gov/glossary/term/key_signing_key","abbrSyn":[{"text":"KSK","link":"https://csrc.nist.gov/glossary/term/ksk"}],"definitions":[{"text":"An authentication key that corresponds to a private key used to sign one or more other authentication keys for a given zone. Typically, the private key corresponding to a key signing key will sign a zone signing key, which in turn has a corresponding private key that will sign other zone data. See also “zone signing key.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}],"seeAlso":[{"text":"zone signing key"},{"text":"Zone Signing Key (ZSK)","link":"zone_signing_key"}]},{"term":"Key size","link":"https://csrc.nist.gov/glossary/term/key_size","definitions":[{"text":"The length of a key in bits; used interchangeably with “Key length”.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The length of a key in bits; used interchangeably with “Key length.”","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key splitting (k of n)","link":"https://csrc.nist.gov/glossary/term/key_splitting","definitions":[{"text":"Splitting a key into n key splits so that for some k (where k < n), any k key splits of the key can be used to form the key, but having any k-1 key splits provides no knowledge of the key value.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Key states","link":"https://csrc.nist.gov/glossary/term/key_states","definitions":[{"text":"A categorization of the states that a key can assume during its lifetime. See [NIST SP 800-57 Part 1].","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The states through which a key transitions between its generation and its destruction. See Pre-activation state, Active state, Suspended state, Deactivated state, Compromised state, and Destroyed state.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Key Storage Device","link":"https://csrc.nist.gov/glossary/term/key_storage_device","abbrSyn":[{"text":"KSD","link":"https://csrc.nist.gov/glossary/term/ksd"}],"definitions":null},{"term":"Key Storage Provider","link":"https://csrc.nist.gov/glossary/term/key_storage_provider","abbrSyn":[{"text":"KSP","link":"https://csrc.nist.gov/glossary/term/ksp"}],"definitions":null},{"term":"key stream","link":"https://csrc.nist.gov/glossary/term/key_stream","definitions":[{"text":"Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Key Stream Generator","link":"https://csrc.nist.gov/glossary/term/key_stream_generator","abbrSyn":[{"text":"KSG","link":"https://csrc.nist.gov/glossary/term/ksg"}],"definitions":null},{"term":"key tag","link":"https://csrc.nist.gov/glossary/term/key_tag","definitions":[{"text":"Identification information associated with certain types of electronic key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"key tape","link":"https://csrc.nist.gov/glossary/term/key_tape","definitions":[{"text":"Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Key Translation Center (KTC)","link":"https://csrc.nist.gov/glossary/term/key_translation_center_ktc","definitions":[{"text":"A key center that receives keys from one entity wrapped using a symmetric key shared with that entity, unwraps the wrapped keys and rewraps the keys using a symmetric key shared with another entity.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"key transport","link":"https://csrc.nist.gov/glossary/term/key_transport","abbrSyn":[{"text":"Key distribution"},{"text":"key exchange","link":"https://csrc.nist.gov/glossary/term/key_exchange"}],"definitions":[{"text":"Process of exchanging public keys (and other information) in order to establish secure communications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under key exchange ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" - Adapted"}]}]},{"text":"The transport of a key and other keying material from an entity that either owns or generates the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key distribution "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"

A key-establishment procedure whereby one party (the sender) selects and encrypts (or wraps) the keying material and then distributes it to another party (the receiver).

When used in conjunction with a public- key (asymmetric) algorithm, the key is encrypted using the public key of the receiver and subsequently decrypted using receiver's private key.

When used in conjunction with a symmetric algorithm, the key is encrypted with a key- wrapping key shared by the sending and receiving parties and decrypted using the same key.

","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver) using an asymmetric algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"See Key transport.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key distribution "}]},{"text":"A manual or automated key-establishment procedure whereby one entity (the sender) selects and distributes the key to another entity (the receiver).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key transport "}]},{"text":"A (pair-wise) key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver). Contrast with key agreement.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key-transport "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver). Contrast with key agreement.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key transport "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"The transport of a key and other keying material from an entity that either owns the key or generates the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key distribution "}]},{"text":"Secure transport of cryptographic keys from one cryptographic module to another module. When used in conjunction with a public key (asymmetric) algorithm, keying material is encrypted using a public key and subsequently decrypted using a private key. When used in conjunction with a symmetric algorithm, key transport is known as key wrapping.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"The transport of key information from one entity (the sender) to one or more other entities (the receivers). The sender may have generated the key information or acquired it from another source as part of a separate process. The key information may be distributed manually or using automated key transport mechanisms.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key distribution "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects a value for the secret keying material and then securely distributes that value to another party (the receiver).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key transport "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts (or wraps) the keying material and then distributes the material to another party (the receiver). \nWhen used in conjunction with a public-key (asymmetric) algorithm, the keying material is encrypted using the public key of the receiver and subsequently decrypted using the private key of the receiver. \nWhen used in conjunction with a symmetric algorithm, the keying material is encrypted with a key-wrapping key shared by the two parties.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key transport "}]},{"text":"The transport of a key and other keying material from an entity that either owns, generates or otherwise acquires the key to another entity that is intended to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key distribution "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts (or wraps) the key and then distributes it to another party (the receiver). When used in conjunction with a public-key (asymmetric) algorithm, the key is encrypted using the public key of the receiver and subsequently decrypted using the receiver’s private key. When used in conjunction with a symmetric algorithm, the key is encrypted with a key-wrapping key shared by the sending and receiving parties and decrypted using the same key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key transport "}]},{"text":"A key-establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). When used in conjunction with a public-key (asymmetric) algorithm, the keying material is encrypted using the public key of the receiver and subsequently decrypted using the private key of the receiver. When used in conjunction with a symmetric algorithm, the keying material is encrypted with a key-encrypting key shared by the two parties.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key transport "}]}],"seeAlso":[{"text":"key agreement","link":"key_agreement"},{"text":"Key agreement"},{"text":"key exchange","link":"key_exchange"}]},{"term":"Key transport (automated)","link":"https://csrc.nist.gov/glossary/term/key_transport_automated","definitions":[{"text":"A key-establishment procedure whereby one entity (the sender) selects a value for secret keying material and then securely distributes that value to one or more other entities (the receivers). Contrast with Key agreement.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key type","link":"https://csrc.nist.gov/glossary/term/key_type","definitions":[{"text":"One of the twenty-one types of keys listed in [NIST SP 800-130].","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"key update","link":"https://csrc.nist.gov/glossary/term/key_update","definitions":[{"text":"A function performed on a cryptographic key in order to compute a new, but related, key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key update "}]},{"text":"A procedure in which a new cryptographic key is computed as a function of the (old) cryptographic key that it will replace.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key update "}]},{"text":"A key-derivation process whereby the derived key replaces the key from which it was derived when the key-derivation process is later repeated.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Key update "}]},{"text":"A function performed on a cryptographic key in order to compute a new key that is related to the old key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key update "}]},{"text":"A stage in the lifecycle of keying material; alternate storage for operational keying material during its cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key update "}]},{"text":"A function performed on a cryptographic key in order to compute a new key that is related to the old key and is used to replace that key. Note that this Recommendation disallows this method of replacing a key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key update "}]}]},{"term":"Key Wrap with Padding mode","link":"https://csrc.nist.gov/glossary/term/key_wrap_with_padding_mode","abbrSyn":[{"text":"KWP","link":"https://csrc.nist.gov/glossary/term/kwp"}],"definitions":null},{"term":"Key wrapping","link":"https://csrc.nist.gov/glossary/term/key_wrapping","definitions":[{"text":"A method of encrypting and decrypting keys and (possibly) associated data using a symmetric key; both confidentiality and integrity protection are provided.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"A method of cryptographically protecting keys using a symmetric key that provides both confidentiality and integrity protection.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"In this Recommendation, key-wrapping is a method of protecting keying material using a symmetric-key-based authenticated encryption method, such as a block cipher key-wrapping mode specified in [NIST SP 800-38F] that provides both confidentiality and integrity protection.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key-wrapping "}]},{"text":"Encrypting a symmetric key using another symmetric key (the key encrypting key). A key used for key wrapping is known as a key encrypting key.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]},{"text":"A method of protecting secret keying material (along with associated integrity information) that provides both confidentiality and integrity protection when using symmetric-key algorithms.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A method of providing both confidentiality and integrity protection for keying material using a symmetric key,","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A method of encrypting and decrypting keys and (possibly) associated data using symmetric-key cryptography; both confidentiality and integrity protection are provided. See SP 800-38F. 6","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A method of cryptographically protecting the confidentiality and integrity of keys using a symmetric-key algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"A method of encrypting and decrypting keys and (possibly) associated data using symmetric-key cryptography; both confidentiality and integrity protection are provided; see SP 800-38F.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A method of protecting keying material (along with associated integrity information) that provides both confidentiality and integrity protection when using a symmetric-key algorithm.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"A method of encrypting keys (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Key wrapping algorithm","link":"https://csrc.nist.gov/glossary/term/key_wrapping_algorithm","definitions":[{"text":"A cryptographic algorithm approved for use in wrapping keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key/metadata recovery","link":"https://csrc.nist.gov/glossary/term/key_metadata_recovery","definitions":[{"text":"The process of retrieving or reconstructing a key or metadata from backup or archive storage.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Key-Agreement Scheme","link":"https://csrc.nist.gov/glossary/term/key_agreement_scheme","abbrSyn":[{"text":"KAS","link":"https://csrc.nist.gov/glossary/term/kas"}],"definitions":null},{"term":"Key-agreement transaction","link":"https://csrc.nist.gov/glossary/term/key_agreement_transaction","definitions":[{"text":"An execution of a key-agreement scheme.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A key-establishment event which results in secret keying material that is shared between the parties using a key-agreement scheme.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Key-Auto-Key (KAK)","link":"https://csrc.nist.gov/glossary/term/key_auto_key","abbrSyn":[{"text":"KAK","link":"https://csrc.nist.gov/glossary/term/kak"}],"definitions":[{"text":"Cryptographic logic using previous key to produce key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Key-Based Key Derivation Functions","link":"https://csrc.nist.gov/glossary/term/key_based_key_derivation_functions","abbrSyn":[{"text":"KBKDF","link":"https://csrc.nist.gov/glossary/term/kbkdf"}],"definitions":null},{"term":"Keyboard, Video, Mouse","link":"https://csrc.nist.gov/glossary/term/keyboard_video_mouse","abbrSyn":[{"text":"KVM","link":"https://csrc.nist.gov/glossary/term/kvm"}],"definitions":null},{"term":"Key-center environment","link":"https://csrc.nist.gov/glossary/term/key_center_environment","definitions":[{"text":"As used in this Recommendation, an environment in which the keys or key components needed to support cryptographically protected exchanges within one or more communicating groups are obtained from a common central source.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Key-confirmation provider","link":"https://csrc.nist.gov/glossary/term/key_confirmation_provider","definitions":[{"text":"The party that provides assurance to the other party (the recipient) that the two parties have indeed established a shared secret or shared keying material.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Key-derivation function","link":"https://csrc.nist.gov/glossary/term/key_derivation_function","abbrSyn":[{"text":"KDF","link":"https://csrc.nist.gov/glossary/term/kdf"},{"text":"KDK","link":"https://csrc.nist.gov/glossary/term/kdk_1"}],"definitions":[{"text":"A function that, with the input of a cryptographic key and other data, generates a bit string called the keying material, as defined in this Recommendation.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under key-derivation function "}]},{"text":"As used in this Recommendation, either a one-step key-derivation method or a key-derivation function based on a pseudorandom function as specified in [SP 800-108].","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"Key Derivation Function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under KDF "}]},{"text":"A function that, with the input of a cryptographic key and other data, generates a binary string, called keying material.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Key derivation function "}]},{"text":"A function by which keying material is derived from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A function that, with the input of a cryptographic key or shared secret, and possibly other data, generates a binary string, called keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"As used in this Recommendation, a function used to derive secret keying material from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A function that − with the input of a cryptographic key or shared secret and possibly other data − generates a binary string, called keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"As used in this Recommendation, either a one-step key-derivation method or a key-derivation function based on a pseudorandom function as specified in SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A function used to derive keying material from a shared secret (or a key) and other information.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Key-derivation key","link":"https://csrc.nist.gov/glossary/term/key_derivation_key","abbrSyn":[{"text":"KDK","link":"https://csrc.nist.gov/glossary/term/kdk_1"},{"text":"Master key","link":"https://csrc.nist.gov/glossary/term/master_key"}],"definitions":[{"text":"A key used as an input to a key-derivation function to derive additional keying material.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under key-derivation key "}]},{"text":"As used in this Recommendation, a key that is used during the key-expansion step of a key-derivation procedure to derive the secret output keying material. This key-derivation key is obtained from a shared secret during the randomness-extraction step.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A key used as an input to a key derivation function to derive other keys.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Key Derivation Key "},{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Key derivation key "}]},{"text":"A key used as an input to a key-derivation method to derive other keys. See [NIST SP 800-108].","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"A key that is used as an input to a key derivation function or key expansion function to derive other keys.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Key derivation key "}]},{"text":"A key that is used as input to the key expansion step to derive other keys. In this Recommendation, the key derivation key is obtained by performing randomness extraction on a shared secret.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Key derivation key "}]},{"text":"See Key-derivation key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Master key "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Master key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Master key "}]},{"text":"A key used with a key-derivation function or method to derive additional keys. Sometimes called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A key used as an input to a key-derivation method to derive other keys. See SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A key used with a key-derivation method to derive additional keys. Sometimes called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A key used as an input to a key-derivation method to derive other keys; see SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A key used with a key-derivation function or method to derive additional keys. Also called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Key-derivation method","link":"https://csrc.nist.gov/glossary/term/key_derivation_method","abbrSyn":[{"text":"KDM","link":"https://csrc.nist.gov/glossary/term/kdm"}],"definitions":[{"text":"As used in this Recommendation, a process that derives secret keying material from a shared secret. This Recommendation specifies both one-step and two-step key-derivation methods.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A method by which keying material is derived from a shared secret and other information. A key-derivation method may use a key-derivation function or a key-derivation procedure.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"A key-derivation function or other approved procedure for deriving keying material.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"As used in this Recommendation, a method by which secret keying material is derived from a shared secret and other information. A key-derivation method may use a key-derivation function or a key-derivation procedure.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Key-derivation procedure","link":"https://csrc.nist.gov/glossary/term/key_derivation_procedure","definitions":[{"text":"A procedure consisting of multiple steps and using an approved algorithm (e.g., a MAC algorithm) by which keying material is derived from a shared secret and other information.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"As used in this Recommendation, a multi-step process to derive secret keying material from a shared secret and other information.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"As used in this Recommendation, a two-step key-derivation method consisting of randomness extraction followed by key expansion.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"},{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A multi-step process that uses an approved Message Authentication Code (MAC) algorithm to derive keying material from a shared secret and other information.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Keyed Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/keyed_hash_algorithm","definitions":[{"text":"Algorithm that creates a hash based on both a message and a secret key; also known as a hash message authentication code algorithm.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"An algorithm that creates a message authentication code based on both a message and a secret key shared by two endpoints. Also known as a hash message authentication code algorithm.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Keyed-Hash Message Authentication Code","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code","abbrSyn":[{"text":"HMAC-hash","link":"https://csrc.nist.gov/glossary/term/hmac_hash"},{"text":"HMAC","link":"https://csrc.nist.gov/glossary/term/hmac"}],"definitions":[{"text":"A message authentication code that uses a cryptographic key in conjunction with a hash function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under keyed hash-based message authentication code ","refSources":[{"text":"FIPS 198-1","link":"https://doi.org/10.6028/NIST.FIPS.198-1"}]}]},{"text":"Keyed-hash Message Authentication Code (as specified in FIPS 198-1).","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under HMAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under HMAC "}]},{"text":"Keyed-hash Message Authentication Code (as specified in [FIPS 198]) with an approved hash function hash.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under HMAC-hash "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under HMAC-hash "}]},{"text":"Keyed-Hash Message Authentication Code specified in [FIPS198].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under HMAC "}]}]},{"term":"Keyed-Hash Message Authentication Code-Message Digest","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code_message_digest","abbrSyn":[{"text":"HMAC-MD5","link":"https://csrc.nist.gov/glossary/term/hmac_md5"}],"definitions":null},{"term":"Keyed-Hash Message Authentication Code-Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/keyed_hash_message_authentication_code_secure_hash_algorithm","abbrSyn":[{"text":"HMAC-SHA","link":"https://csrc.nist.gov/glossary/term/hmac_sha"}],"definitions":null},{"term":"Key-Encapsulation Mechanism","link":"https://csrc.nist.gov/glossary/term/key_encapsulation_mechanism","abbrSyn":[{"text":"KEM","link":"https://csrc.nist.gov/glossary/term/kem"}],"definitions":null},{"term":"Key-Encryption-Key (KEK)","link":"https://csrc.nist.gov/glossary/term/key_encryption_key","abbrSyn":[{"text":"KEK","link":"https://csrc.nist.gov/glossary/term/kek"}],"definitions":[{"text":"A key that encrypts other key (typically Traffic Encryption Keys or TEKs) for transmission or storage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The key for the underlying block cipher of KW, KWP, or TKW. May be called a key-wrapping key in other documents.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under key-encryption key "}]},{"text":"A cryptographic key that is used for the encryption or decryption of other keys to provide confidentiality protection. Also see Key-wrapping key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key-encrypting key "}]},{"text":"A cryptographic key that is used for the encryption or decryption of other keys to provide confidentiality protection for those keys. Also see Key-wrapping key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key-encrypting key "}]},{"text":"A cryptographic key that is used for the encryption or decryption of other keys.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key-encrypting key "}]}],"seeAlso":[{"text":"Key-wrapping key","link":"key_wrapping_key"}]},{"term":"key-establishment key pair","link":"https://csrc.nist.gov/glossary/term/key_establishment_key_pair","abbrSyn":[{"text":"Key pair"}],"definitions":[{"text":"A public key and its corresponding private key; a key pair is used with a public key algorithm.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Key pair "}]},{"text":"A private key and its corresponding public key; a key pair is used with an asymmetric-key (public-key) algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key pair "}]},{"text":"A private/public key pair used in a key-establishment scheme. It can be a static key pair or an ephemeral key pair.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Key-establishment key pair "}]},{"text":"A public key and its corresponding private key; a key pair is used with a public-key algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key pair "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Key pair "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Key pair "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Key pair "}]},{"text":"A private/public key pair used in a key-establishment scheme.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key-establishment key pair "}]},{"text":"See key-establishment key pair.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key. A key pair is used with a public key algorithm.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key pair "}]},{"text":"A public key and its corresponding private key; a key pair is used with a public-key (asymmetric-key) algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Key pair "}]}]},{"term":"key-establishment mechanism","link":"https://csrc.nist.gov/glossary/term/key_establishment_mechanism","abbrSyn":[{"text":"KEM","link":"https://csrc.nist.gov/glossary/term/kem"}],"definitions":null},{"term":"Key-establishment transaction","link":"https://csrc.nist.gov/glossary/term/key_establishment_transaction","definitions":[{"text":"An execution of a key-establishment scheme. It can be either a key-agreement transaction or a key-transport transaction.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"An instance of establishing secret keying material using a key-agreement or key-transport transaction.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"An instance of establishing secret keying material using a key-establishment scheme.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Key-generating module","link":"https://csrc.nist.gov/glossary/term/key_generating_module","definitions":[{"text":"A cryptographic module in which a given key is generated.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"keying material","link":"https://csrc.nist.gov/glossary/term/keying_material","definitions":[{"text":"A bit string such that non-overlapping segments of the string (with the required lengths) can be used as cryptographic keys or other secret (pseudorandom) parameters.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"Data that is represented as a binary string such that any non-overlapping segments of the string with the required lengths can be used as secret keys, secret initialization vectors, and other secret parameters.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Keying material "}]},{"text":"The data (e.g., keys) necessary to establish and maintain cryptographic keying relationships.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"Key, code, or authentication information in physical, electronic, or magnetic form. It includes key tapes and list, codes, authenticators, one-time pads, floppy disks, and magnetic tapes containing keys, plugs, keyed microcircuits, electronically generated key, etc.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A bit string, such that any non-overlapping segments of the string with the required lengths can be used as symmetric cryptographic keys and secret parameters, such as initialization vectors.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Keying Material "}]},{"text":"A binary string, such that any non-overlapping segments of the string with the required lengths can be used as symmetric cryptographic keys.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Keying material "}]},{"text":"Data that is represented as a binary string such that any non-overlapping segments of the string with the required lengths can be used as symmetric cryptographic keys. In this Recommendation, keying material is derived from a shared secret established during an execution of a key-establishment scheme or generated by the sender in a key-transport scheme. As used in this Recommendation, secret keying material may include keys, secret initialization vectors, and other secret parameters.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Keying material "}]},{"text":"A binary string, such that any non-overlapping segments of the string with the required lengths can be used as symmetric cryptographic keys and secret parameters, such as initialization vectors.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Keying material "}]},{"text":"The data (e.g., keys and IVs) necessary to establish and maintain cryptographic keying relationships.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Keying material "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Keying material "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Keying material "}]},{"text":"Data that is represented as a binary string such that any non-overlapping segments of the string with the required lengths can be used as secret keys, secret initialization vectors and other secret parameters.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Keying material "}]},{"text":"A cryptographic key and other parameters (e.g., IVs or domain parameters) used with a cryptographic algorithm.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Keying material "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Keying material "}]},{"text":"A cryptographic key and other parameters (e.g., IVs or domain parameters) used with a cryptographic algorithm. When keying material is derived as specified in SP 800-56CSP 800-108:bit string such that any non-overlapping segments of the string with the required lengths 4 and 5 Data represented as a can be used as secret keys, secret initialization vectors, and other secret parameters.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Keying material "}]},{"text":"Data that is represented as a binary string such that any non-overlapping segments of the string with the required lengths can be used as symmetric cryptographic keys. In this Recommendation, keying material is derived from a shared secret established during an execution of a key-agreement scheme, or transported by the sender in a key-transport scheme. As used in this Recommendation, secret keying material may include keys, secret initialization vectors, and other secret parameters.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Keying material "}]}],"seeAlso":[{"text":"Key information","link":"key_information"}]},{"term":"Key-pair owner","link":"https://csrc.nist.gov/glossary/term/key_pair_owner","definitions":[{"text":"The entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"In asymmetric-key cryptography, the entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself, or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"In asymmetric-key cryptography, the entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"key-policy attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/key_policy_attribute_based_encryption","abbrSyn":[{"text":"KP-ABE","link":"https://csrc.nist.gov/glossary/term/kp_abe"}],"definitions":null},{"term":"Key-recovery agent","link":"https://csrc.nist.gov/glossary/term/key_recovery_agent","definitions":[{"text":"An FCKMS role that assists in the key-recovery/metadata-recovery process.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A human entity authorized to access stored key information in key backups and archives.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"keystroke monitoring","link":"https://csrc.nist.gov/glossary/term/keystroke_monitoring","definitions":[{"text":"The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-12","link":"https://doi.org/10.6028/NIST.SP.800-12"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Keystroke Monitoring "}]}]},{"term":"Key-transport Scheme","link":"https://csrc.nist.gov/glossary/term/key_transport_scheme","abbrSyn":[{"text":"KTS","link":"https://csrc.nist.gov/glossary/term/kts"}],"definitions":null},{"term":"Key-transport transaction","link":"https://csrc.nist.gov/glossary/term/key_transport_transaction","definitions":[{"text":"An execution of a key-transport scheme.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A key-establishment event which results in secret keying material that is shared between the parties using a key-transport scheme.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"key-wrap algorithm","link":"https://csrc.nist.gov/glossary/term/key_wrap_algorithm","abbrSyn":[{"text":"KW","link":"https://csrc.nist.gov/glossary/term/kw"}],"definitions":[{"text":"A deterministic, symmetric-key authenticated-encryption algorithm that is intended for the protection of cryptographic keys. Consists of two functions: authenticated encryption and authenticated decryption.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Key-wrapping key","link":"https://csrc.nist.gov/glossary/term/key_wrapping_key","definitions":[{"text":"In this Recommendation, a key-wrapping key is a symmetric key established through a key-agreement transaction and used with a key-wrapping algorithm to protect the keying material to be transported.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A symmetric key-encrypting key that is used to provide both confidentiality and integrity protection. Also see Key-encrypting key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A symmetric key used with a key-wrapping algorithm to protect keying material. In accordance with this Recommendation (SP 800-56B), a key-wrapping key can be established using a KAS1, KAS2 or KTS-OAEP scheme and then used with a key-wrapping algorithm to protect transported keying material. (See Section 9.3.)","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A symmetric key that is used with a key-wrapping algorithm to protect the confidentiality and integrity of keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key wrapping key "}]},{"text":"A symmetric key used to provide confidentiality and integrity protection for other keys.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"A symmetric key that is used to provide both confidentiality and integrity protection for other keys. Also see Key-encrypting key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A key used as an input to a key-wrapping method; see SP 800-38F.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"In this Recommendation, a key-wrapping key is a symmetric key established during a key-transport transaction and used with a key- wrapping algorithm to protect the keying material to be transported.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"A symmetric key-encrypting key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}],"seeAlso":[{"text":"Key-encrypting key"}]},{"term":"KG","link":"https://csrc.nist.gov/glossary/term/kg","abbrSyn":[{"text":"Key Generator","link":"https://csrc.nist.gov/glossary/term/key_generator"}],"definitions":null},{"term":"KGD","link":"https://csrc.nist.gov/glossary/term/kgd","abbrSyn":[{"text":"Key Generation and Distribution","link":"https://csrc.nist.gov/glossary/term/key_generation_and_distribution"}],"definitions":null},{"term":"kHz","link":"https://csrc.nist.gov/glossary/term/khz","abbrSyn":[{"text":"Kilohertz","link":"https://csrc.nist.gov/glossary/term/kilohertz"}],"definitions":null},{"term":"KiB","link":"https://csrc.nist.gov/glossary/term/kib","abbrSyn":[{"text":"Kibi Byte","link":"https://csrc.nist.gov/glossary/term/kibi_byte"}],"definitions":[{"text":"Kibi Byte, Measuring Unit 210 Bytes = 1024 Bytes","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"Kibi Byte","link":"https://csrc.nist.gov/glossary/term/kibi_byte","abbrSyn":[{"text":"KiB","link":"https://csrc.nist.gov/glossary/term/kib"}],"definitions":[{"text":"Kibi Byte, Measuring Unit 210 Bytes = 1024 Bytes","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under KiB "}]}]},{"term":"Kilobits per second","link":"https://csrc.nist.gov/glossary/term/kilobits_per_second","abbrSyn":[{"text":"kbit/s"},{"text":"kbps"},{"text":"Kbps","link":"https://csrc.nist.gov/glossary/term/kbps"}],"definitions":null},{"term":"Kilobyte","link":"https://csrc.nist.gov/glossary/term/kilobyte","abbrSyn":[{"text":"KB","link":"https://csrc.nist.gov/glossary/term/kb"}],"definitions":null},{"term":"Kilohertz","link":"https://csrc.nist.gov/glossary/term/kilohertz","abbrSyn":[{"text":"kHz","link":"https://csrc.nist.gov/glossary/term/khz"}],"definitions":null},{"term":"KIRP","link":"https://csrc.nist.gov/glossary/term/kirp","abbrSyn":[{"text":"known inclusion re-identification probability","link":"https://csrc.nist.gov/glossary/term/known_inclusion_re_identification_probability"}],"definitions":null},{"term":"KMC","link":"https://csrc.nist.gov/glossary/term/kmc","abbrSyn":[{"text":"Key Management Center","link":"https://csrc.nist.gov/glossary/term/key_management_center"}],"definitions":null},{"term":"KME","link":"https://csrc.nist.gov/glossary/term/kme","abbrSyn":[{"text":"Key Management Entity"}],"definitions":null},{"term":"KMI","link":"https://csrc.nist.gov/glossary/term/kmi","abbrSyn":[{"text":"Key Management Infrastructure"}],"definitions":null},{"term":"KMI operating account (KOA)","link":"https://csrc.nist.gov/glossary/term/kmi_operating_account","abbrSyn":[{"text":"KOA","link":"https://csrc.nist.gov/glossary/term/koa"}],"definitions":[{"text":"A key management infrastructure (KMI) business relationship that is established 1) to manage the set of user devices that are under the control of a specific KMI customer organization; and 2) to control the distribution of KMI products to those devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"KMI Operating Account Manager","link":"https://csrc.nist.gov/glossary/term/kmi_operating_account_manager","abbrSyn":[{"text":"KOAM","link":"https://csrc.nist.gov/glossary/term/koam"}],"definitions":null},{"term":"KMI protected channel (KPC)","link":"https://csrc.nist.gov/glossary/term/kmi_protected_channel","abbrSyn":[{"text":"KPC","link":"https://csrc.nist.gov/glossary/term/kpc"}],"definitions":[{"text":"A key management infrastructure (KMI) Communication Channel that provides 1) Information Integrity Service; 2) either Data Origin Authentication Service or Peer Entity Authentication Service, as is appropriate to the mode of communications; and 3) optionally, Information Confidentiality Service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"KMI-aware device","link":"https://csrc.nist.gov/glossary/term/kmi_aware_device","definitions":[{"text":"A user device that has a user identity for which the registration has significance across the entire key management infrastructure (KMI) (i.e., the identity’s registration data is maintained in a database at the primary services node (PRSN) level of the system, rather than only at an MGC) and for which a product can be generated and wrapped by a product source node (PSN) for distribution to the specific device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"KMID","link":"https://csrc.nist.gov/glossary/term/kmid","abbrSyn":[{"text":"Key Management Identification Number","link":"https://csrc.nist.gov/glossary/term/key_management_identification_number"}],"definitions":null},{"term":"KMIP","link":"https://csrc.nist.gov/glossary/term/kmip","abbrSyn":[{"text":"Key Management Interoperability Protocol","link":"https://csrc.nist.gov/glossary/term/key_management_interoperability_protocol"}],"definitions":null},{"term":"KMN","link":"https://csrc.nist.gov/glossary/term/kmn","abbrSyn":[{"text":"Key Management"}],"definitions":[{"text":"The activities involving the handling of cryptographic keys and other related security parameters (e.g., initialization vectors) during the entire lifecycle of the keys, including their generation, storage, establishment, entry and output, use and destruction.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Key Management ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]}]}]},{"term":"KMP","link":"https://csrc.nist.gov/glossary/term/kmp","abbrSyn":[{"text":"Key Management Plan","link":"https://csrc.nist.gov/glossary/term/key_management_plan"},{"text":"Key Management Policy","link":"https://csrc.nist.gov/glossary/term/key_management_policy"},{"text":"Key Management Protocol"}],"definitions":[{"text":"A high-level statement of organizational key management policies that identifies a high-level structure, responsibilities, governing standards, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key Management Policy "}]},{"text":"Documents how key management for current and/or planned cryptographic products and services will be implemented to ensure lifecycle key management support for cryptographic processes.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key Management Plan "}]},{"text":"A high-level document that identifies a high-level structure, responsibilities, governing standards and guidelines, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key Management Policy "}]},{"text":"A high-level statement of organizational key management policies that identifies a high-level structure, responsibilities, governing Standards and Recommendations, organizational dependencies and other relationships, and security policies.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key Management Policy "}]}]},{"term":"KMPS","link":"https://csrc.nist.gov/glossary/term/kmps","abbrSyn":[{"text":"Key Management Practice Statement"},{"text":"Key Management Practices Statement","link":"https://csrc.nist.gov/glossary/term/key_management_practices_statement"}],"definitions":[{"text":"A document or set of documents that describes, in detail, the organizational structure, responsible roles, and organization rules for the functions identified in the Key Management Policy.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key Management Practices Statement "}]},{"text":"A document or set of documentation that describes (in detail) the organizational structure, responsible roles, and organization rules for the functions identified in the associated cryptographic Key Management Policy (see [IETF RFC 3647]).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Key Management Practice Statement "}]},{"text":"A document or set of documentation that describes in detail the organizational structure, responsible roles, and organization rules for the functions identified in the Key Management Policy.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key Management Practices Statement "}]}]},{"term":"KMS","link":"https://csrc.nist.gov/glossary/term/kms","abbrSyn":[{"text":"Key Management Service","link":"https://csrc.nist.gov/glossary/term/key_management_service"},{"text":"Key Management System","link":"https://csrc.nist.gov/glossary/term/key_management_system"}],"definitions":null},{"term":"Know Your Customer","link":"https://csrc.nist.gov/glossary/term/know_your_customer","abbrSyn":[{"text":"KYC","link":"https://csrc.nist.gov/glossary/term/kyc"}],"definitions":null},{"term":"Knowledge","link":"https://csrc.nist.gov/glossary/term/knowledge","definitions":[{"text":"A retrievable set of concepts within memory.","sources":[{"text":"NIST SP 800-181 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-181r1"},{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]},{"text":"a body of information applied directly to the performance of a function.","sources":[{"text":"NIST SP 800-181","link":"https://doi.org/10.6028/NIST.SP.800-181","note":" [Superseded]"}]}]},{"term":"Knowledge and Skill statement","link":"https://csrc.nist.gov/glossary/term/knowledge_and_skill_statement","abbrSyn":[{"text":"K&S","link":"https://csrc.nist.gov/glossary/term/k_and_s"}],"definitions":null},{"term":"Knowledge Levels","link":"https://csrc.nist.gov/glossary/term/knowledge_levels","definitions":[{"text":"verbs that describe actions an individual should be capable ofperforming on the job after completion of the training associated with the cell. The verbs are identified for three training levels: Beginning, Intermediate, and Advanced.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Knowledge, Skills, and Abilities","link":"https://csrc.nist.gov/glossary/term/knowledge_skills_and_abilities","abbrSyn":[{"text":"KSA","link":"https://csrc.nist.gov/glossary/term/ksa"}],"definitions":null},{"term":"Knowledge-Based Authentication","link":"https://csrc.nist.gov/glossary/term/knowledge_based_authentication","abbrSyn":[{"text":"KBA","link":"https://csrc.nist.gov/glossary/term/kba"}],"definitions":[{"text":"Authentication of an individual based on knowledge of information associated with his or her claimed identity in public databases. Knowledge of such information is considered to be private rather than secret, because it may be used in contexts other than authentication to a Verifier, thereby reducing the overall assurance associated with the authentication process.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Knowledge Based Authentication "}]}]},{"term":"Knowledge-Based Verification (KBV)","link":"https://csrc.nist.gov/glossary/term/knowledge_based_verification","abbrSyn":[{"text":"KBV","link":"https://csrc.nist.gov/glossary/term/kbv"}],"definitions":[{"text":"Identity verification method based on knowledge of private information associated with the claimed identity. This is often referred to as knowledge-based authentication (KBA) or knowledge-based proofing (KBP).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"known answer test","link":"https://csrc.nist.gov/glossary/term/known_answer_test","abbrSyn":[{"text":"KAT","link":"https://csrc.nist.gov/glossary/term/kat"}],"definitions":null},{"term":"Known Data","link":"https://csrc.nist.gov/glossary/term/known_data","definitions":[{"text":"A category of information that may be present within an attribute of a CPE name. Known data represents any meaningful value about a product (e.g., “sp1”, “2.3.4”, “pro”, NA), but does not include the logical value ANY.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Known Hosts File","link":"https://csrc.nist.gov/glossary/term/known_hosts_file","definitions":[{"text":"A file associated with a specific account that contains one or more host keys. Each host key is associated with an SSH server address (IP or hostname) so that the server can be authenticated when a connection is initiated. The user or administrator who makes the first connection to an SSH server is responsible for verifying that the host key presented by that server is the actual key (not a rogue key) before it gets placed in the known hosts file.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"known inclusion re-identification probability","link":"https://csrc.nist.gov/glossary/term/known_inclusion_re_identification_probability","abbrSyn":[{"text":"KIRP","link":"https://csrc.nist.gov/glossary/term/kirp"}],"definitions":null},{"term":"KOA","link":"https://csrc.nist.gov/glossary/term/koa","abbrSyn":[{"text":"KMI Operating Account"}],"definitions":null},{"term":"KOA agent","link":"https://csrc.nist.gov/glossary/term/koa_agent","definitions":[{"text":"A user identity that is designated by a key management infrastructure operating account (KOA) manager to access primary services node (PRSN) product delivery enclaves for the purpose of retrieving wrapped products that have been ordered for user devices that are assigned to that KOA.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"KOA manager (KOAM)","link":"https://csrc.nist.gov/glossary/term/koa_manager","definitions":[{"text":"An external operational management role that is responsible for the operation of a key management infrastructure operating account (KOA) that includes all distribution of KMI key and products from the management client (MGC) to the end cryptographic units (ECUs) and fill devices, and management and accountability of all electronic and physical key, and physical COMSEC materials from receipt and/or production to destruction or transfer to another KOA. (Similar to an electronic key management system (EKMS) Manager or COMSEC Account Manager)","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"KOA registration manager","link":"https://csrc.nist.gov/glossary/term/koa_registration_manager","definitions":[{"text":"The individual responsible for performing activities related to registering key management infrastructure operating accounts (KOAs).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"KOAM","link":"https://csrc.nist.gov/glossary/term/koam","abbrSyn":[{"text":"KMI Operating Account Manager","link":"https://csrc.nist.gov/glossary/term/kmi_operating_account_manager"}],"definitions":null},{"term":"Kolmogorov-Smirnov Test","link":"https://csrc.nist.gov/glossary/term/kolmogorov_smirnov_test","definitions":[{"text":"A statistical test that may be used to determine if a set of data comes from a particular probability distribution.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"KP","link":"https://csrc.nist.gov/glossary/term/kp","abbrSyn":[{"text":"Key Processor"}],"definitions":null},{"term":"KP-ABE","link":"https://csrc.nist.gov/glossary/term/kp_abe","abbrSyn":[{"text":"key-policy attribute-based encryption","link":"https://csrc.nist.gov/glossary/term/key_policy_attribute_based_encryption"}],"definitions":null},{"term":"KPC","link":"https://csrc.nist.gov/glossary/term/kpc","abbrSyn":[{"text":"KMI Protected Channel"}],"definitions":null},{"term":"KPI","link":"https://csrc.nist.gov/glossary/term/kpi","abbrSyn":[{"text":"Key Performance Indicator","link":"https://csrc.nist.gov/glossary/term/key_performance_indicator"}],"definitions":null},{"term":"KPT","link":"https://csrc.nist.gov/glossary/term/kpt","abbrSyn":[{"text":"Key Protection Technology","link":"https://csrc.nist.gov/glossary/term/key_protection_technology"}],"definitions":null},{"term":"KRACK","link":"https://csrc.nist.gov/glossary/term/krack","abbrSyn":[{"text":"Key Reinstallation Attack","link":"https://csrc.nist.gov/glossary/term/key_reinstallation_attack"}],"definitions":null},{"term":"KRI","link":"https://csrc.nist.gov/glossary/term/kri","abbrSyn":[{"text":"Key Risk Indicator","link":"https://csrc.nist.gov/glossary/term/key_risk_indicator"}],"definitions":null},{"term":"KSA","link":"https://csrc.nist.gov/glossary/term/ksa","abbrSyn":[{"text":"Knowledge, Skill, and Ability statements"},{"text":"Knowledge, Skills, and Abilities","link":"https://csrc.nist.gov/glossary/term/knowledge_skills_and_abilities"}],"definitions":null},{"term":"KSD","link":"https://csrc.nist.gov/glossary/term/ksd","abbrSyn":[{"text":"Key Storage Device","link":"https://csrc.nist.gov/glossary/term/key_storage_device"}],"definitions":null},{"term":"KSG","link":"https://csrc.nist.gov/glossary/term/ksg","abbrSyn":[{"text":"Key Stream Generator","link":"https://csrc.nist.gov/glossary/term/key_stream_generator"}],"definitions":null},{"term":"KSK","link":"https://csrc.nist.gov/glossary/term/ksk","abbrSyn":[{"text":"Key Signing Key"}],"definitions":null},{"term":"KSP","link":"https://csrc.nist.gov/glossary/term/ksp","abbrSyn":[{"text":"Key Storage Provider","link":"https://csrc.nist.gov/glossary/term/key_storage_provider"}],"definitions":null},{"term":"KTS","link":"https://csrc.nist.gov/glossary/term/kts","abbrSyn":[{"text":"Key-transport Scheme","link":"https://csrc.nist.gov/glossary/term/key_transport_scheme"}],"definitions":null},{"term":"KTS-OAEP-basic","link":"https://csrc.nist.gov/glossary/term/kts_oaep_basic","definitions":[{"text":"The basic form of the key-transport Scheme with Optimal Asymmetric Encryption Padding.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KTS-OAEP-Party_V-confirmation","link":"https://csrc.nist.gov/glossary/term/kts_oaep_party_v_confirmation","definitions":[{"text":"Key-transport Scheme with Optimal Asymmetric Encryption Padding and key confirmation provided by party V. Previously known as KTS-OAEP-receiver-confirmation.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"KVM","link":"https://csrc.nist.gov/glossary/term/kvm","abbrSyn":[{"text":"Kernel-Based Virtual Machine","link":"https://csrc.nist.gov/glossary/term/kernel_based_virtual_machine"},{"text":"Keyboard, Video, Mouse","link":"https://csrc.nist.gov/glossary/term/keyboard_video_mouse"}],"definitions":null},{"term":"KW","link":"https://csrc.nist.gov/glossary/term/kw","abbrSyn":[{"text":"AES Key Wrap","link":"https://csrc.nist.gov/glossary/term/aes_key_wrap"},{"text":"Key Wrap mode"}],"definitions":null},{"term":"KWP","link":"https://csrc.nist.gov/glossary/term/kwp","abbrSyn":[{"text":"AES Key Wrap with Padding","link":"https://csrc.nist.gov/glossary/term/aes_key_wrap_with_padding"},{"text":"Key Wrap with Padding mode","link":"https://csrc.nist.gov/glossary/term/key_wrap_with_padding_mode"}],"definitions":null},{"term":"KYC","link":"https://csrc.nist.gov/glossary/term/kyc","abbrSyn":[{"text":"Know Your Customer","link":"https://csrc.nist.gov/glossary/term/know_your_customer"}],"definitions":null},{"term":"l","link":"https://csrc.nist.gov/glossary/term/l_lowercase","definitions":[{"text":"The length in bits of a MacTag, or the length in bits of a truncated message digest (used, for example, by a digital signature algorithm).","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"term":"l(n)","link":"https://csrc.nist.gov/glossary/term/l_n","definitions":[{"text":"Lambda function of the RSA modulus n, i.e., the least positive integer i such that 1= ai mod n for all a relatively prime to n. When n = p ´ q, l(n) = LCM(p - 1, q - 1).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"L2CAP","link":"https://csrc.nist.gov/glossary/term/l2cap","abbrSyn":[{"text":"Logical Link Control and Adaptation Protocol","link":"https://csrc.nist.gov/glossary/term/logical_link_control_and_adaptation_protocol"}],"definitions":null},{"term":"L2F","link":"https://csrc.nist.gov/glossary/term/l2f","abbrSyn":[{"text":"Layer 2 Forwarding","link":"https://csrc.nist.gov/glossary/term/layer_2_forwarding"}],"definitions":null},{"term":"L2TP","link":"https://csrc.nist.gov/glossary/term/l2tp","abbrSyn":[{"text":"Layer 2 Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/layer_2_tunneling_protocol"},{"text":"Layer Two Transport Protocol","link":"https://csrc.nist.gov/glossary/term/layer_two_transport_protocol"},{"text":"Layer Two Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/layer_two_tunneling_protocol"}],"definitions":null},{"term":"L2VPN","link":"https://csrc.nist.gov/glossary/term/l2vpn","abbrSyn":[{"text":"Layer 2 VPN","link":"https://csrc.nist.gov/glossary/term/layer_2_vpn"}],"definitions":null},{"term":"label","link":"https://csrc.nist.gov/glossary/term/label","abbrSyn":[{"text":"security label","link":"https://csrc.nist.gov/glossary/term/security_label"},{"text":"Security Label"}],"definitions":[{"text":"The means used to associate a set of security attributes with a specific information object as part of the data structure for that object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security label ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security label "},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Label ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Label "}]},{"text":"Explicit or implicit marking of a data structure or output media associated with an information system representing the FIPS 199 security category, or distribution limitations or handling caveats of the information contained therein.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Label "}]},{"text":"Information that either identifies an associated parameter or provides information regarding the parameter’s proper protection and use.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Label "}]},{"text":"See security label.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Label "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Label "}]}]},{"term":"labeled security protections","link":"https://csrc.nist.gov/glossary/term/labeled_security_protections","definitions":[{"text":"Access control protection features of a system that use security labels to make access control decisions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"laboratory attack","link":"https://csrc.nist.gov/glossary/term/laboratory_attack","note":"(C.F.D.)","definitions":[{"text":"Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media. \nRationale: Term is no longer used in revised version of NIST SP 800-88.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","note":" - Adapted"}]}]}]},{"term":"LACNIC","link":"https://csrc.nist.gov/glossary/term/lacnic","abbrSyn":[{"text":"Latin America and Caribbean Network Information Center"},{"text":"Latin America and Caribbean Network Information Centre","link":"https://csrc.nist.gov/glossary/term/latin_america_and_caribbean_network_information_centre"},{"text":"Latin American and Caribbean IP Address Regional Registry","link":"https://csrc.nist.gov/glossary/term/latin_american_and_caribbean_ip_address_regional_registry"}],"definitions":[{"text":"The Internet Address Registry for Latin America and the Caribbean, responsible for assigning and managing Internet number resources for their region.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Latin America and Caribbean Network Information Center "}]}]},{"term":"LAG","link":"https://csrc.nist.gov/glossary/term/lag","abbrSyn":[{"text":"Link Aggregate","link":"https://csrc.nist.gov/glossary/term/link_aggregate"}],"definitions":null},{"term":"LAMP","link":"https://csrc.nist.gov/glossary/term/lamp","abbrSyn":[{"text":"Linux, Apache, MySQL, PHP","link":"https://csrc.nist.gov/glossary/term/linux_apache_mysql_php"}],"definitions":null},{"term":"LAN","link":"https://csrc.nist.gov/glossary/term/lan","abbrSyn":[{"text":"local area network"},{"text":"Local Area Network"}],"definitions":[{"text":"A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under local area network "}]}]},{"term":"Land Mobile Radio","link":"https://csrc.nist.gov/glossary/term/land_mobile_radio","abbrSyn":[{"text":"LMR","link":"https://csrc.nist.gov/glossary/term/lmr"}],"definitions":null},{"term":"LANL","link":"https://csrc.nist.gov/glossary/term/lanl","abbrSyn":[{"text":"Los Alamos National Laboratory","link":"https://csrc.nist.gov/glossary/term/los_alamos_national_laboratory"}],"definitions":null},{"term":"Large Volume Pump","link":"https://csrc.nist.gov/glossary/term/large_volume_pump","abbrSyn":[{"text":"LVP","link":"https://csrc.nist.gov/glossary/term/lvp"}],"definitions":null},{"term":"Large-Scale Integration","link":"https://csrc.nist.gov/glossary/term/large_scale_integration","abbrSyn":[{"text":"LSI","link":"https://csrc.nist.gov/glossary/term/lsi"}],"definitions":null},{"term":"Large-Scale Processing Environment","link":"https://csrc.nist.gov/glossary/term/large_scale_processing_environment","abbrSyn":[{"text":"LSPE","link":"https://csrc.nist.gov/glossary/term/lspe"}],"definitions":null},{"term":"Last Numbers Dialed","link":"https://csrc.nist.gov/glossary/term/last_numbers_dialed","abbrSyn":[{"text":"LND","link":"https://csrc.nist.gov/glossary/term/lnd"}],"definitions":[{"text":"a log of last numbers dialed, similar to that kept on the phone, but kept on the SIM without a timestamp.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Latency","link":"https://csrc.nist.gov/glossary/term/latency","definitions":[{"text":"time delay in processing voice packets.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"Latin America and Caribbean Network Information Centre","link":"https://csrc.nist.gov/glossary/term/latin_america_and_caribbean_network_information_centre","abbrSyn":[{"text":"LACNIC","link":"https://csrc.nist.gov/glossary/term/lacnic"}],"definitions":[{"text":"The Internet Address Registry for Latin America and the Caribbean, responsible for assigning and managing Internet number resources for their region.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Latin America and Caribbean Network Information Center "}]}]},{"term":"Latin American and Caribbean IP Address Regional Registry","link":"https://csrc.nist.gov/glossary/term/latin_american_and_caribbean_ip_address_regional_registry","abbrSyn":[{"text":"LACNIC","link":"https://csrc.nist.gov/glossary/term/lacnic"}],"definitions":null},{"term":"Launch Control Policy","link":"https://csrc.nist.gov/glossary/term/launch_control_policy","abbrSyn":[{"text":"LCP","link":"https://csrc.nist.gov/glossary/term/lcp"}],"definitions":null},{"term":"Law Enforcement","link":"https://csrc.nist.gov/glossary/term/law_enforcement","abbrSyn":[{"text":"LE","link":"https://csrc.nist.gov/glossary/term/le"}],"definitions":null},{"term":"Law Enforcement Officer","link":"https://csrc.nist.gov/glossary/term/law_enforcement_officer","abbrSyn":[{"text":"LEO","link":"https://csrc.nist.gov/glossary/term/leo"}],"definitions":null},{"term":"lawful government purpose","link":"https://csrc.nist.gov/glossary/term/lawful_government_purpose","definitions":[{"text":"Any activity, function, operation, or other circumstance the Government authorizes; also the standard to apply when determining whether individuals, organizations, or groups of users may receive or access controlled unclassified information (CUI) that is not subject to a limited dissemination control authorized by the CUI Executive Agent.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"32 C.F.R., Sec. 2002 (Draft)"}]}]}]},{"term":"Laws and Regulations","link":"https://csrc.nist.gov/glossary/term/laws_and_regulations","definitions":[{"text":"federal government-wide and organization-specific laws,regulations, policies, guidelines, standards, and procedures mandating requirements for the management and protection of information technology resources.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Layer 2 Forwarding","link":"https://csrc.nist.gov/glossary/term/layer_2_forwarding","abbrSyn":[{"text":"L2F","link":"https://csrc.nist.gov/glossary/term/l2f"}],"definitions":null},{"term":"Layer 2 Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/layer_2_tunneling_protocol","abbrSyn":[{"text":"L2TP","link":"https://csrc.nist.gov/glossary/term/l2tp"}],"definitions":null},{"term":"Layer 2 VPN","link":"https://csrc.nist.gov/glossary/term/layer_2_vpn","abbrSyn":[{"text":"L2VPN","link":"https://csrc.nist.gov/glossary/term/l2vpn"}],"definitions":null},{"term":"Layer Two Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/layer_two_tunneling_protocol","abbrSyn":[{"text":"L2TP","link":"https://csrc.nist.gov/glossary/term/l2tp"}],"definitions":null},{"term":"Layered Binary Label","link":"https://csrc.nist.gov/glossary/term/layered_binary_label","definitions":[{"text":"Label that has only one design and is applied to IoT products that meet appropriate requirements but allows for unique layers that provide specific information about the IoT product (e.g., URL or scannable code).","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"layered COTS product solutions","link":"https://csrc.nist.gov/glossary/term/layered_cots_product_solutions","definitions":[{"text":"Commercial information assurance (IA) and IA-enabled information technology (IT) components used in layered solutions approved by the National Security Agency (NSA) to protect information carried on national security systems (NSSs). \nSee commercial solutions for classified.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 11","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}],"seeAlso":[{"text":"commercial solutions for classified"}]},{"term":"LCC","link":"https://csrc.nist.gov/glossary/term/lcc","abbrSyn":[{"text":"Life Cycle Cost"},{"text":"Life-Cycle Cost"}],"definitions":null},{"term":"LCD","link":"https://csrc.nist.gov/glossary/term/lcd","abbrSyn":[{"text":"Liquid Crystal Display","link":"https://csrc.nist.gov/glossary/term/liquid_crystal_display"}],"definitions":null},{"term":"LCMS","link":"https://csrc.nist.gov/glossary/term/lcms","abbrSyn":[{"text":"Local COMSEC Management Software"}],"definitions":null},{"term":"LCP","link":"https://csrc.nist.gov/glossary/term/lcp","abbrSyn":[{"text":"Launch Control Policy","link":"https://csrc.nist.gov/glossary/term/launch_control_policy"},{"text":"Link Control Protocol","link":"https://csrc.nist.gov/glossary/term/link_control_protocol"}],"definitions":null},{"term":"LDA","link":"https://csrc.nist.gov/glossary/term/lda","abbrSyn":[{"text":"Local Delivery Agent"}],"definitions":null},{"term":"LDAP","link":"https://csrc.nist.gov/glossary/term/ldap","abbrSyn":[{"text":"Lightweight Directory Access Protocol"}],"definitions":[{"text":"The Lightweight Directory Access Protocol, or LDAP, is a directory access protocol. In this document, LDAP refers to the protocol defined by RFC 1777, which is also known as LDAP V2. LDAP V2 describes unauthenticated retrieval mechanisms.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]}]},{"term":"LDAPS","link":"https://csrc.nist.gov/glossary/term/ldaps","abbrSyn":[{"text":"Lightweight Directory Access Protocol Secure","link":"https://csrc.nist.gov/glossary/term/lightweight_directory_access_protocol_secure"},{"text":"Lightweight Directory Access Protocol Server","link":"https://csrc.nist.gov/glossary/term/lightweight_directory_access_protocol_server"},{"text":"Secure LDAP","link":"https://csrc.nist.gov/glossary/term/secure_ldap"}],"definitions":null},{"term":"LE","link":"https://csrc.nist.gov/glossary/term/le","abbrSyn":[{"text":"Law Enforcement","link":"https://csrc.nist.gov/glossary/term/law_enforcement"},{"text":"Logic Elements","link":"https://csrc.nist.gov/glossary/term/logic_elements"},{"text":"Low Energy","link":"https://csrc.nist.gov/glossary/term/low_energy"}],"definitions":null},{"term":"Lean Execution System","link":"https://csrc.nist.gov/glossary/term/lean_execution_system","abbrSyn":[{"text":"LES","link":"https://csrc.nist.gov/glossary/term/les"}],"definitions":null},{"term":"leap second","link":"https://csrc.nist.gov/glossary/term/leap_second","definitions":[{"text":"A second added to Coordinated Universal Time (UTC) to make it agree with astronomical time to within 0.9 second. UTC is an atomic time scale based on the performance of atomic clocks. Astronomical time is based on the rotational rate of the Earth. Since atomic clocks are more stable than the rate at which the Earth rotates, leap seconds are needed to keep the two time scales in agreement.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"learners","link":"https://csrc.nist.gov/glossary/term/learners","definitions":[{"text":"Individuals who perform cybersecurity work, including students, job seekers, and employees.","sources":[{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]}]},{"term":"Learning","link":"https://csrc.nist.gov/glossary/term/learning","definitions":[{"text":"knowledge gained by study (in classes or through individual research andinvestigation).","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Learning Continuum","link":"https://csrc.nist.gov/glossary/term/learning_continuum","definitions":[{"text":"a representation in which a the common characteristic of learning ispresented as a series of variations from awareness through training to education.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Learning Objective","link":"https://csrc.nist.gov/glossary/term/learning_objective","definitions":[{"text":"a link between the verbs from the “knowledge levels” section to the“Behavioral Outcomes” by providing examples of the activities an individual should be capable of doing after successful completion of training associated with the cell. Learning Objectives recognize that training must be provided at Beginning, Intermediate, and Advanced levels.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Learning With Errors","link":"https://csrc.nist.gov/glossary/term/learning_with_errors","abbrSyn":[{"text":"LWE","link":"https://csrc.nist.gov/glossary/term/lwe"}],"definitions":null},{"term":"Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/learning_with_rounding","abbrSyn":[{"text":"LWR","link":"https://csrc.nist.gov/glossary/term/lwr"}],"definitions":null},{"term":"Least common multiple","link":"https://csrc.nist.gov/glossary/term/least_common_multiple","definitions":[{"text":"The smallest positive integer that is divisible by two or more positive integers without a remainder. For example, the least common multiple of 2 and 3 is 6.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The smallest positive integer that is divisible by two positive integers without a remainder. For example, the least common multiple of 2 and 3 is 6.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"least significant bit(s)","link":"https://csrc.nist.gov/glossary/term/least_significant_bits","abbrSyn":[{"text":"LSB","link":"https://csrc.nist.gov/glossary/term/lsb"}],"definitions":[{"text":"The right-most bit(s) of a bit string.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Least Significant Bit(s) "},{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Least Significant Bit(s) "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Least Significant Bit(s) "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Least Significant Bit(s) "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"least trust","link":"https://csrc.nist.gov/glossary/term/least_trust","definitions":[{"text":"The principle that a security architecture should be designed in a way that minimizes 1) the number of components that require trust; and 2) the extent to which each component is trusted.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"LED","link":"https://csrc.nist.gov/glossary/term/led","abbrSyn":[{"text":"Light Emitting Diode"},{"text":"Light-Emitting Diode","link":"https://csrc.nist.gov/glossary/term/light_emitting_diode"}],"definitions":null},{"term":"Ledger","link":"https://csrc.nist.gov/glossary/term/ledger","definitions":[{"text":"A record of transactions.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Legacy Environment","link":"https://csrc.nist.gov/glossary/term/legacy_environment","definitions":[{"text":"A Custom environment containing older systems or applications that may need to be secured to meet today’s threats, but often use older, less secure communication mechanisms and need to be able to communicate with other systems.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Typical Custom environment usually involving older systems or applications.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"}]},{"text":"Custom environment usually involving older systems or applications.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"legacy use","link":"https://csrc.nist.gov/glossary/term/legacy_use","definitions":[{"text":"The algorithm or key length may be used only to process already protected information (e.g., to decrypt ciphertext data or to verify a digital signature).","sources":[{"text":"NIST SP 800-131A Rev.2","link":"https://doi.org/10.6028/NIST.SP.800-131Ar2"}]}]},{"term":"Leighton-Micali One-Time Signature","link":"https://csrc.nist.gov/glossary/term/leighton_micali_one_time_signature","abbrSyn":[{"text":"LM-OTS","link":"https://csrc.nist.gov/glossary/term/lm_ots"}],"definitions":null},{"term":"Leighton-Micali signature","link":"https://csrc.nist.gov/glossary/term/leighton_micali_signature","abbrSyn":[{"text":"LMS","link":"https://csrc.nist.gov/glossary/term/lms"}],"definitions":null},{"term":"Lempel-Ziv Complexity Test","link":"https://csrc.nist.gov/glossary/term/lempel_ziv_complexity_test","definitions":[{"text":"The purpose of the test is to determine how far the tested sequence can be compressed. The sequence is considered to be non-random if it can be significantly compressed","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Lempel-Ziv-Stac","link":"https://csrc.nist.gov/glossary/term/lempel_ziv_stac","abbrSyn":[{"text":"LZS","link":"https://csrc.nist.gov/glossary/term/lzs"}],"definitions":null},{"term":"LEO","link":"https://csrc.nist.gov/glossary/term/leo","abbrSyn":[{"text":"Law Enforcement Officer","link":"https://csrc.nist.gov/glossary/term/law_enforcement_officer"},{"text":"Low-Earth Orbit","link":"https://csrc.nist.gov/glossary/term/low_earth_orbit"}],"definitions":null},{"term":"LES","link":"https://csrc.nist.gov/glossary/term/les","abbrSyn":[{"text":"Lean Execution System","link":"https://csrc.nist.gov/glossary/term/lean_execution_system"}],"definitions":null},{"term":"Lesser General Public License","link":"https://csrc.nist.gov/glossary/term/lesser_general_public_license","abbrSyn":[{"text":"LGPL","link":"https://csrc.nist.gov/glossary/term/lgpl"}],"definitions":null},{"term":"Letter of Interest","link":"https://csrc.nist.gov/glossary/term/letter_of_interest","abbrSyn":[{"text":"LOI","link":"https://csrc.nist.gov/glossary/term/loi"}],"definitions":null},{"term":"level 1","link":"https://csrc.nist.gov/glossary/term/level_1","definitions":[{"text":"The risk management level that addresses overall risk strategy, policies, and procedures for the entire organization. Also refers to any element that is meant to be evaluated by Level 1 personnel.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"level 2","link":"https://csrc.nist.gov/glossary/term/level_2","definitions":[{"text":"The risk management level that addresses the risk strategy, policies, and procedures for a specific mission or business process (but not the entire organization). Also refers to any element that is meant to be evaluated by Level 2 personnel.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"level 3","link":"https://csrc.nist.gov/glossary/term/level_3","definitions":[{"text":"The risk management level that implements ISCM for specific systems. Also refers to any element that is meant to be evaluated by Level 3 personnel.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"level of assurance","link":"https://csrc.nist.gov/glossary/term/level_of_assurance","abbrSyn":[{"text":"LOA","link":"https://csrc.nist.gov/glossary/term/loa"}],"definitions":[{"text":"OMB Memorandum M-04-04 describes four levels of identity assurance and references NIST technical standards and guidelines, which are developed for agencies to use in identifying the appropriate authentication technologies that meet their requirements.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"LF","link":"https://csrc.nist.gov/glossary/term/lf","abbrSyn":[{"text":"Low Frequency","link":"https://csrc.nist.gov/glossary/term/low_frequency"}],"definitions":null},{"term":"LFSR","link":"https://csrc.nist.gov/glossary/term/lfsr","abbrSyn":[{"text":"Linear Feedback Shift Register","link":"https://csrc.nist.gov/glossary/term/linear_feedback_shift_register"}],"definitions":null},{"term":"LGPL","link":"https://csrc.nist.gov/glossary/term/lgpl","abbrSyn":[{"text":"Lesser General Public License","link":"https://csrc.nist.gov/glossary/term/lesser_general_public_license"}],"definitions":null},{"term":"life cycle","link":"https://csrc.nist.gov/glossary/term/life_cycle","definitions":[{"text":"Evolution of a system, product, service, project, or other human-made entity.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html","note":" - adapted"}]}]},{"text":"Evolution of a system, product, service, project, or other human-made entity from conception through retirement.  ","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Life cycle ","refSources":[{"text":"ISO/IEC 15288"}]}]},{"text":"Evolution of a system, product, service, project, or other human-made entity from conception through retirement. ","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Life cycle ","refSources":[{"text":"ISO/IEC 15288"}]}]},{"text":"Evolution of a system, product, service, project or other human-made entity from conception through retirement.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"life cycle model","link":"https://csrc.nist.gov/glossary/term/life_cycle_model","definitions":[{"text":"Framework of processes and activities concerned with the life cycle that may be organized into stages, which also acts as a common reference for communication and understanding.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"life cycle security concepts","link":"https://csrc.nist.gov/glossary/term/life_cycle_security_concepts","definitions":[{"text":"The processes, methods, and procedures associated with the system throughout its life cycle and provides distinct contexts for the interpretation of system security. Life cycle security concepts apply during program management, development, engineering, acquisition, manufacturing, fabrication, production, operations, sustainment, training, and retirement.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"life cycle stages","link":"https://csrc.nist.gov/glossary/term/life_cycle_stages","abbrSyn":[{"text":"system life cycle","link":"https://csrc.nist.gov/glossary/term/system_life_cycle"}],"definitions":[{"text":"Period that begins when a system is conceived and ends when the system is no longer available for use.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under system life cycle ","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"The period of time that begins when a system is conceived and ends when the system is no longer available for use. \nRefer to life cycle stages.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system life cycle ","refSources":[{"text":"IEEE 610.12"}]}]},{"text":"The period of time that begins when a system is conceived and ends when the system is no longer available for use.\nRefer to life cycle stages.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system life cycle ","refSources":[{"text":"IEEE 610.12"}]}]}]},{"term":"Light-Emitting Diode","link":"https://csrc.nist.gov/glossary/term/light_emitting_diode","abbrSyn":[{"text":"LED","link":"https://csrc.nist.gov/glossary/term/led"}],"definitions":null},{"term":"Lightweight Directory Access Protocol (LDAP)","link":"https://csrc.nist.gov/glossary/term/lightweight_directory_access_protocol_ldap","abbrSyn":[{"text":"LDAP","link":"https://csrc.nist.gov/glossary/term/ldap"}],"definitions":[{"text":"The Lightweight Directory Access Protocol, or LDAP, is a directory access protocol. In this document, LDAP refers to the protocol defined by RFC 1777, which is also known as LDAP V2. LDAP V2 describes unauthenticated retrieval mechanisms.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under LDAP "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]},{"text":"The LDAP is a directory access protocol. In this document, LDAP refers to the protocol defined by RFC 1777, which is also known as LDAP V2. LDAP V2 describes unauthenticated retrieval mechanisms.","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15"}]}]}]},{"term":"Lightweight Directory Access Protocol Secure","link":"https://csrc.nist.gov/glossary/term/lightweight_directory_access_protocol_secure","abbrSyn":[{"text":"LDAPS","link":"https://csrc.nist.gov/glossary/term/ldaps"}],"definitions":null},{"term":"Lightweight Directory Access Protocol Server","link":"https://csrc.nist.gov/glossary/term/lightweight_directory_access_protocol_server","abbrSyn":[{"text":"LDAPS","link":"https://csrc.nist.gov/glossary/term/ldaps"}],"definitions":null},{"term":"Lightweight node","link":"https://csrc.nist.gov/glossary/term/lightweight_node","definitions":[{"text":"A blockchain node that does not need to store a full copy of the blockchain and often passes its data to full nodes to be processed.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"likelihood","link":"https://csrc.nist.gov/glossary/term/likelihood","definitions":[{"text":"A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Likelihood ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Likelihood ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - “likelihood of occurrence”"},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"chance of something happening","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/IEC 27000:2014"}]}]},{"text":"Chance of something happening.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO/IEC 27000:2018"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"likelihood of occurrence","link":"https://csrc.nist.gov/glossary/term/likelihood_of_occurrence","abbrSyn":[{"text":"probability of occurrence","link":"https://csrc.nist.gov/glossary/term/probability_of_occurrence"}],"definitions":[{"text":"A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Likelihood of Occurrence ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"See likelihood of occurrence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under probability of occurrence ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]}]},{"term":"likelihood ratio test","link":"https://csrc.nist.gov/glossary/term/likelihood_ratio_test","definitions":[{"text":"A statistical test aimed at distinguishing between two competing models that could have produced an observed event based on a comparison of the likelihoods of the observed event, given the two models.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]}]},{"term":"Likert Scale","link":"https://csrc.nist.gov/glossary/term/likert_scale","definitions":[{"text":"an evaluation tool that is usually from one to five (one being very good; fivebeing not good, or vice versa), designed to allow an evaluator to prioritize the results of the evaluation.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Limit, Specification","link":"https://csrc.nist.gov/glossary/term/limit_specification","abbrSyn":[{"text":"Specification Limit","link":"https://csrc.nist.gov/glossary/term/specification_limit"}],"definitions":[{"text":"A condition indicating that risk has exceeded acceptable levels and that immediate action is needed to reduce the risk, or the system/assessment object may need to be removed from production (lose authority to operate).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"See Limit, Specification.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Specification Limit "}]}]},{"term":"limited dataset","link":"https://csrc.nist.gov/glossary/term/limited_dataset","definitions":[{"text":"A limited data set is protected health information that excludes the following direct identifiers of the individual or of relatives, employers, or household members of the individual (i) Names; (ii) Postal address information, other than town or city, State, and zip code; (iii) Telephone numbers; (iv) Fax numbers; (v) Electronic mail addresses; (vi) Social security numbers; (vii) Medical record numbers; (viii) Health plan beneficiary numbers; (ix) Account numbers; (x) Certificate/license numbers; (xi) Vehicle identifiers and serial numbers, including license plate numbers; (xii) Device identifiers and serial numbers; (xiii) Web Universal Resource Locators (URLs); (xiv) Internet Protocol (IP) address numbers; (xv) Biometric identifiers, including finger and voice prints; and (xvi) Full face photographic images and any comparable images. Limited data sets can contain complete dates, age to the nearest hour, city, state, and complete ZIP code.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"45 C.F.R., Sec. 164.514(e)2","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=d58ee03911368bcac9cfab008b5152f9&mc=true&node=se45.2.164_1514&rgn=div8","note":" - Adapted"}]}]}]},{"term":"line conditioning","link":"https://csrc.nist.gov/glossary/term/line_conditioning","definitions":[{"text":"Elimination of unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"line conduction","link":"https://csrc.nist.gov/glossary/term/line_conduction","definitions":[{"text":"Unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"line of business","link":"https://csrc.nist.gov/glossary/term/line_of_business","definitions":[{"text":"The following Office of Management and Budget (OMB)-defined process areas common to virtually all federal agencies: Case Management, Financial Management, Grants Management, Human Resources Management, Federal Health Architecture, Information Systems Security, Budget Formulation and Execution, Geospatial, and information technology (IT) Infrastructure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The following OMB-defined process areas common to virtually all federal agencies: Case Management, Financial Management, Grants Management, Human Resources Management, Federal Health Architecture, Information Systems Security, Budget Formulation and Execution, Geospatial, and IT Infrastructure.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Line of Business "}]}]},{"term":"Lineage","link":"https://csrc.nist.gov/glossary/term/lineage","definitions":[{"text":"The history of processing of a data element, which may include point-topoint data flows and the data actions performed upon the data element.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Linear Complexity Test","link":"https://csrc.nist.gov/glossary/term/linear_complexity_test","definitions":[{"text":"The purpose of this test is to determine whether or not the sequence is complex enough to be considered random.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Linear Dependence","link":"https://csrc.nist.gov/glossary/term/linear_dependence","definitions":[{"text":"In the context of the binary rank matrix test, linear dependence refers to m-bit vectors that may be expressed as a linear combination of the linearly independent m-bit vectors.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Linear Feedback Shift Register","link":"https://csrc.nist.gov/glossary/term/linear_feedback_shift_register","abbrSyn":[{"text":"LFSR","link":"https://csrc.nist.gov/glossary/term/lfsr"}],"definitions":null},{"term":"Lines of Business","link":"https://csrc.nist.gov/glossary/term/lines_of_business","definitions":[{"text":"“Lines of business” or “areas of operation” describe the purpose of government in functional terms or describe the support functions that the government must conduct in order to effectively deliver services to citizens. Lines of business relating to the purpose of government and the purposes tend to be mechanisms the government uses to achieve its mission-based. Lines of business relating to support functions and resource management functions that are necessary to conduct government operations tend to be common to most agencies. The recommended information types provided in NIST SP 800-60 are established from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"Link Aggregate","link":"https://csrc.nist.gov/glossary/term/link_aggregate","abbrSyn":[{"text":"LAG","link":"https://csrc.nist.gov/glossary/term/lag"}],"definitions":null},{"term":"Link Control Protocol","link":"https://csrc.nist.gov/glossary/term/link_control_protocol","abbrSyn":[{"text":"LCP","link":"https://csrc.nist.gov/glossary/term/lcp"}],"definitions":null},{"term":"link encryption","link":"https://csrc.nist.gov/glossary/term/link_encryption","definitions":[{"text":"Encryption of information between nodes of a communications system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Link Encryption ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Link Layer Discovery Protocol (IEEE 802.1AB)","link":"https://csrc.nist.gov/glossary/term/link_layer_discovery_protocol_ieee_802_1ab","abbrSyn":[{"text":"LLDP","link":"https://csrc.nist.gov/glossary/term/lldp"}],"definitions":null},{"term":"Link Layer Protocol","link":"https://csrc.nist.gov/glossary/term/link_layer_protocol","abbrSyn":[{"text":"LLP","link":"https://csrc.nist.gov/glossary/term/llp"}],"definitions":null},{"term":"linkable information","link":"https://csrc.nist.gov/glossary/term/linkable_information","definitions":[{"text":"Information about or related to an individual for which there is a possibility of logical association with other information about the individual.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Linkable Information "}]},{"text":"information about or related to an individual for which there is a possibility of logical association with other information about the individual","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"linked information","link":"https://csrc.nist.gov/glossary/term/linked_information","definitions":[{"text":"Information about or related to an individual that is logically associated with other information about the individual.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Linked Information "}]},{"text":"information about or related to an individual that is logically associated with other information about the individual","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"Linking the Oil and Gas Industry to Improve Cybersecurity","link":"https://csrc.nist.gov/glossary/term/linking_oil_gas_industry_to_improve_cybersecurity","abbrSyn":[{"text":"LOGIIC","link":"https://csrc.nist.gov/glossary/term/logiic"}],"definitions":null},{"term":"Linux Container","link":"https://csrc.nist.gov/glossary/term/linux_container","abbrSyn":[{"text":"LXC","link":"https://csrc.nist.gov/glossary/term/lxc"}],"definitions":null},{"term":"Linux, Apache, MySQL, PHP","link":"https://csrc.nist.gov/glossary/term/linux_apache_mysql_php","abbrSyn":[{"text":"LAMP","link":"https://csrc.nist.gov/glossary/term/lamp"}],"definitions":null},{"term":"Liquefied Natural Gas","link":"https://csrc.nist.gov/glossary/term/liquefied_natural_gas","abbrSyn":[{"text":"LNG","link":"https://csrc.nist.gov/glossary/term/lng"}],"definitions":null},{"term":"Liquid Crystal Display","link":"https://csrc.nist.gov/glossary/term/liquid_crystal_display","abbrSyn":[{"text":"LCD","link":"https://csrc.nist.gov/glossary/term/lcd"}],"definitions":null},{"term":"Live Entropy Source","link":"https://csrc.nist.gov/glossary/term/live_entropy_source","definitions":[{"text":"An approved entropy source (see [NIST SP 800-90B]) that can provide an RBG with bits having a specified amount of entropy immediately upon request or within an acceptable amount of time, as determined by the user or application relying upon that RBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"LKH","link":"https://csrc.nist.gov/glossary/term/lkh","abbrSyn":[{"text":"Logical Key Hierarchy","link":"https://csrc.nist.gov/glossary/term/logical_key_hierarchy"}],"definitions":null},{"term":"LKM","link":"https://csrc.nist.gov/glossary/term/lkm","abbrSyn":[{"text":"Loadable Kernel Module","link":"https://csrc.nist.gov/glossary/term/loadable_kernel_module"}],"definitions":null},{"term":"LLDP","link":"https://csrc.nist.gov/glossary/term/lldp","abbrSyn":[{"text":"Link Layer Discovery Protocol (IEEE 802.1AB)","link":"https://csrc.nist.gov/glossary/term/link_layer_discovery_protocol_ieee_802_1ab"}],"definitions":null},{"term":"LLP","link":"https://csrc.nist.gov/glossary/term/llp","abbrSyn":[{"text":"Link Layer Protocol","link":"https://csrc.nist.gov/glossary/term/link_layer_protocol"}],"definitions":null},{"term":"LMD","link":"https://csrc.nist.gov/glossary/term/lmd","abbrSyn":[{"text":"Local Management Device"}],"definitions":null},{"term":"LMD/KP","link":"https://csrc.nist.gov/glossary/term/lmd_kp","abbrSyn":[{"text":"Local Management Device/Key Processor","link":"https://csrc.nist.gov/glossary/term/local_management_device_key_processor"}],"definitions":null},{"term":"LM-OTS","link":"https://csrc.nist.gov/glossary/term/lm_ots","abbrSyn":[{"text":"Leighton-Micali One-Time Signature","link":"https://csrc.nist.gov/glossary/term/leighton_micali_one_time_signature"}],"definitions":null},{"term":"LMR","link":"https://csrc.nist.gov/glossary/term/lmr","abbrSyn":[{"text":"Land Mobile Radio","link":"https://csrc.nist.gov/glossary/term/land_mobile_radio"}],"definitions":null},{"term":"LMS","link":"https://csrc.nist.gov/glossary/term/lms","abbrSyn":[{"text":"Leighton-Micali signature","link":"https://csrc.nist.gov/glossary/term/leighton_micali_signature"}],"definitions":null},{"term":"LND","link":"https://csrc.nist.gov/glossary/term/lnd","abbrSyn":[{"text":"Last Numbers Dialed","link":"https://csrc.nist.gov/glossary/term/last_numbers_dialed"}],"definitions":[{"text":"a log of last numbers dialed, similar to that kept on the phone, but kept on the SIM without a timestamp.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Last Numbers Dialed "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Last Numbers Dialed "}]}]},{"term":"LNG","link":"https://csrc.nist.gov/glossary/term/lng","abbrSyn":[{"text":"Liquefied Natural Gas","link":"https://csrc.nist.gov/glossary/term/liquefied_natural_gas"}],"definitions":null},{"term":"LOA","link":"https://csrc.nist.gov/glossary/term/loa","abbrSyn":[{"text":"Level of Assurance"}],"definitions":null},{"term":"Loadable Kernel Module","link":"https://csrc.nist.gov/glossary/term/loadable_kernel_module","abbrSyn":[{"text":"LKM","link":"https://csrc.nist.gov/glossary/term/lkm"}],"definitions":null},{"term":"LOC","link":"https://csrc.nist.gov/glossary/term/loc","abbrSyn":[{"text":"Location","link":"https://csrc.nist.gov/glossary/term/location"}],"definitions":null},{"term":"local access","link":"https://csrc.nist.gov/glossary/term/local_access","definitions":[{"text":"Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Local Access "}]},{"text":"Access to an organizational system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}]},{"term":"Local Area Network (LAN)","link":"https://csrc.nist.gov/glossary/term/local_area_network","abbrSyn":[{"text":"LAN","link":"https://csrc.nist.gov/glossary/term/lan"}],"definitions":[{"text":"A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under local area network "}]},{"text":"A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]}]},{"term":"local authority","link":"https://csrc.nist.gov/glossary/term/local_authority","definitions":[{"text":"Organization responsible for generating and signing user certificates in a public key infrastructure (PKI)-enabled environment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"local COMSEC management software (LCMS)","link":"https://csrc.nist.gov/glossary/term/local_comsec_management_software","abbrSyn":[{"text":"LCMS","link":"https://csrc.nist.gov/glossary/term/lcms"}],"definitions":[{"text":"Application-level software on the local management device (LMD) that provides for the management of key, physical COMSEC materials, non-cryptographic services, and communications. Through a graphical interface, the LCMS automates the functions of the COMSEC Account Manager, including accounting, auditing, distribution, ordering, and production. Programs and systems that have specialized key management requirements have software shell programs (known as user applications software (UAS)) that run on the LMD with the LCMS software to provide custom functionality.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Local Defect Checks","link":"https://csrc.nist.gov/glossary/term/local_defect_checks","definitions":[{"text":"The defect checks that an organization adds to Foundational defect checks based on an assessment of its own needs and risk tolerance. A local defect check supports or strengthens the Foundational defect checks. Agencies might choose not to apply a given local defect check in cases where the supporting controls have not been selected/implemented.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Local Delivery Agent (LDA)","link":"https://csrc.nist.gov/glossary/term/local_delivery_agent","abbrSyn":[{"text":"LDA","link":"https://csrc.nist.gov/glossary/term/lda"}],"definitions":[{"text":"A program running on a mail server that delivers messages between a sender and recipient if their mailboxes are both on the same mail server. An LDA may also process the message based on a predefined message filter before delivery.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"local element","link":"https://csrc.nist.gov/glossary/term/local_element","abbrSyn":[{"text":"hand receipt holder","link":"https://csrc.nist.gov/glossary/term/hand_receipt_holder"}],"definitions":[{"text":"A user to whom COMSEC material has been issued a hand receipt. Known in EKMS and KMI as a Local Element.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under hand receipt holder ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See hand receipt holder.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Local Interface","link":"https://csrc.nist.gov/glossary/term/local_interface","definitions":[{"text":"An interface that can only be accessed physically, such as a port (e.g., USB, audio, video/display, serial, parallel, Thunderbolt) or a removable media drive (e.g., CD/DVD drive, memory card slot).","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"local management device (LMD)","link":"https://csrc.nist.gov/glossary/term/local_management_device","abbrSyn":[{"text":"LMD","link":"https://csrc.nist.gov/glossary/term/lmd"}],"definitions":[{"text":"The component in electronic key management system (EKMS) that provides electronic management of key and other COMSEC material and serves as an interface to the Key Processor. (It is composed of a user-supplied personal computer, an operating system, LCMS and user application software (UAS), as required).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Local Management Device/Key Processor","link":"https://csrc.nist.gov/glossary/term/local_management_device_key_processor","abbrSyn":[{"text":"LMD/KP","link":"https://csrc.nist.gov/glossary/term/lmd_kp"}],"definitions":null},{"term":"Local Preference","link":"https://csrc.nist.gov/glossary/term/local_preference","abbrSyn":[{"text":"LP","link":"https://csrc.nist.gov/glossary/term/lp"}],"definitions":null},{"term":"Local Public Safety Department","link":"https://csrc.nist.gov/glossary/term/local_public_safety_department","abbrSyn":[{"text":"LPSD","link":"https://csrc.nist.gov/glossary/term/lpsd"}],"definitions":null},{"term":"local registration authority (LRA)","link":"https://csrc.nist.gov/glossary/term/local_registration_authority","abbrSyn":[{"text":"LRA","link":"https://csrc.nist.gov/glossary/term/lra"}],"definitions":[{"text":"A registration authority with responsibility for a local community.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Local Registration Authority (LRA) "}]}]},{"term":"Local Remediation Level","link":"https://csrc.nist.gov/glossary/term/local_remediation_level","definitions":[{"text":"measures the level of protection against a misuse vulnerability within the local IT environment and captures both how widespread mitigation implementation is and how effective such mitigation is.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Local Traffic Manager","link":"https://csrc.nist.gov/glossary/term/local_traffic_manager","abbrSyn":[{"text":"LTM","link":"https://csrc.nist.gov/glossary/term/ltm"}],"definitions":null},{"term":"Local Vulnerability Prevalence","link":"https://csrc.nist.gov/glossary/term/local_vulnerability_prevalence","definitions":[{"text":"measures the prevalence of vulnerable systems in a specific environment.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Location","link":"https://csrc.nist.gov/glossary/term/location","abbrSyn":[{"text":"LOC","link":"https://csrc.nist.gov/glossary/term/loc"}],"definitions":null},{"term":"Location Information (LOCI)","link":"https://csrc.nist.gov/glossary/term/location_information","definitions":[{"text":"The Location Area Identifier (LAI) of the phone’s current location, continuously maintained on the (C/U)SIM when the phone is active and saved whenever the phone is turned off.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"the Location Area Identifier (LAI) of the phone’s current location, continuously maintained on the SIM when the phone is active and saved whenever the phone is turned off.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Location Information "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Location Information "}]}]},{"term":"Lock Pointer","link":"https://csrc.nist.gov/glossary/term/lock_pointer","definitions":[{"text":"A memory pointer that points to a target area of memory and write protects all memory locations less than the target location. This form of access control is implemented in ISO/IEC 18000-3.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"loc-RIB","link":"https://csrc.nist.gov/glossary/term/loc_rib","definitions":[{"text":"Routes selected from the adj-RIB-In table.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Log","link":"https://csrc.nist.gov/glossary/term/log","definitions":[{"text":"A record of the events occurring within an organization’s systems and networks.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","refSources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","refSources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]}]},{"term":"Log Analysis","link":"https://csrc.nist.gov/glossary/term/log_analysis","definitions":[{"text":"Studying log entries to identify events of interest or suppress log entries for insignificant events.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Archival","link":"https://csrc.nist.gov/glossary/term/log_archival","definitions":[{"text":"Retaining logs for an extended period of time, typically on removable media, a storage area network (SAN), or a specialized log archival appliance or server.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Clearing","link":"https://csrc.nist.gov/glossary/term/log_clearing","definitions":[{"text":"Removing all entries from a log that precede a certain date and time.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Compression","link":"https://csrc.nist.gov/glossary/term/log_compression","definitions":[{"text":"Storing a log file in a way that reduces the amount of storage space needed for the file without altering the meaning of its contents.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Conversion","link":"https://csrc.nist.gov/glossary/term/log_conversion","definitions":[{"text":"Parsing a log in one format and storing its entries in a second format.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Entry","link":"https://csrc.nist.gov/glossary/term/log_entry","definitions":[{"text":"An individual record within a log.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log File Integrity Checking","link":"https://csrc.nist.gov/glossary/term/log_file_integrity_checking","definitions":[{"text":"Comparing the current message digest for a log file to the original message digest to determine if the log file has been modified.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Management","link":"https://csrc.nist.gov/glossary/term/log_management","definitions":[{"text":"The process for generating, transmitting, storing, analyzing, and disposing of log data.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Management Infrastructure","link":"https://csrc.nist.gov/glossary/term/log_management_infrastructure","definitions":[{"text":"The hardware, software, networks, and media used to generate, transmit, store, analyze, and dispose of log data.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Normalization","link":"https://csrc.nist.gov/glossary/term/log_normalization","abbrSyn":[{"text":"Normalization","link":"https://csrc.nist.gov/glossary/term/normalization"}],"definitions":[{"text":"Converting each log data field to a particular data representation and categorizing it consistently.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"See “Log Normalization”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Normalization "}]},{"text":"The conversion of information into consistent representations and categorizations.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Normalization "}]}]},{"term":"Log Parsing","link":"https://csrc.nist.gov/glossary/term/log_parsing","definitions":[{"text":"Extracting data from a log so that the parsed values can be used as input for another logging process.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Preservation","link":"https://csrc.nist.gov/glossary/term/log_preservation","definitions":[{"text":"Keeping logs that normally would be discarded, because they contain records of activity of particular interest.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Reduction","link":"https://csrc.nist.gov/glossary/term/log_reduction","definitions":[{"text":"Removing unneeded entries from a log to create a new log that is smaller.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Reporting","link":"https://csrc.nist.gov/glossary/term/log_reporting","definitions":[{"text":"Displaying the results of log analysis.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Retention","link":"https://csrc.nist.gov/glossary/term/log_retention","definitions":[{"text":"Archiving logs on a regular basis as part of standard operational activities.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Rotation","link":"https://csrc.nist.gov/glossary/term/log_rotation","definitions":[{"text":"Closing a log file and opening a new log file when the first log file is considered to be complete.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"Log Viewing","link":"https://csrc.nist.gov/glossary/term/log_viewing","definitions":[{"text":"Displaying log entries in a human-readable format.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"logic bomb","link":"https://csrc.nist.gov/glossary/term/logic_bomb","definitions":[{"text":"A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Logic Bomb ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Logic Elements","link":"https://csrc.nist.gov/glossary/term/logic_elements","abbrSyn":[{"text":"LE","link":"https://csrc.nist.gov/glossary/term/le"}],"definitions":null},{"term":"logical access control system","link":"https://csrc.nist.gov/glossary/term/logical_access_control_system","abbrSyn":[{"text":"LACS","link":"https://csrc.nist.gov/glossary/term/lacs"}],"definitions":[{"text":"An automated system that controls an individual’s ability to access one or more computer system resources such as a workstation, network, application, or database. A logical access control system requires validation of an individual’s identity through some mechanism such as a PIN, card, biometric, or other token. It has the capability to assign different access privileges to different persons depending on their roles and responsibilities in an organization.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Logical Access Control System ","refSources":[{"text":"FICAM Roadmap and IG","link":"https://arch.idmanagement.gov/"}]}]},{"text":"An automated system that controls an individual’s ability to access one or more computer system resources such as a workstation, network, application, or database. A logical access control system requires validation of an individual’s identity through some mechanism such as a personal identification number (PIN), card, biometric, or other token. It has the capability to assign different access privileges to different persons depending on their roles and responsibilities in an organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An automated system that controls an individual’s ability to access one or more computer system resources, such as a workstation, network, application, or database. A logical access control system requires the validation of an individual’s identity through some mechanism, such as a PIN, card, biometric, or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Logical Backup","link":"https://csrc.nist.gov/glossary/term/logical_backup","definitions":[{"text":"A copy of the directories and files of a logical volume.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Logical Identifier","link":"https://csrc.nist.gov/glossary/term/logical_identifier","definitions":[{"text":"A device identifier that is expressed logically by the device’s software. An example is a media access control (MAC) address assigned to a network interface.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"}]}]},{"term":"Logical Key Hierarchy","link":"https://csrc.nist.gov/glossary/term/logical_key_hierarchy","abbrSyn":[{"text":"LKH","link":"https://csrc.nist.gov/glossary/term/lkh"}],"definitions":null},{"term":"Logical Link Control and Adaptation Protocol","link":"https://csrc.nist.gov/glossary/term/logical_link_control_and_adaptation_protocol","abbrSyn":[{"text":"L2CAP","link":"https://csrc.nist.gov/glossary/term/l2cap"}],"definitions":null},{"term":"Logical Partition","link":"https://csrc.nist.gov/glossary/term/logical_partition","abbrSyn":[{"text":"LPAR","link":"https://csrc.nist.gov/glossary/term/lpar"}],"definitions":null},{"term":"Logical partitioning","link":"https://csrc.nist.gov/glossary/term/logical_partitioning","definitions":[{"text":"The hypervisor allowing multiple guest OSs to share the same physical resources.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"logical perimeter","link":"https://csrc.nist.gov/glossary/term/logical_perimeter","definitions":[{"text":"A conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an “air gap”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Logical Test","link":"https://csrc.nist.gov/glossary/term/logical_test","definitions":[{"text":"An expression comprised of logical operators and one or more expressions to be evaluated. The individual expressions within a logical test may be fact references, check fact references, and/or other logical tests.","sources":[{"text":"NISTIR 7698","link":"https://doi.org/10.6028/NIST.IR.7698"}]}]},{"term":"Logical Unit Number","link":"https://csrc.nist.gov/glossary/term/logical_unit_number","abbrSyn":[{"text":"LUN","link":"https://csrc.nist.gov/glossary/term/lun"}],"definitions":null},{"term":"Logical Volume","link":"https://csrc.nist.gov/glossary/term/logical_volume","definitions":[{"text":"A partition or a collection of partitions acting as a single entity that has been formatted with a filesystem.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Logical Volume Manager","link":"https://csrc.nist.gov/glossary/term/logical_volume_manager","abbrSyn":[{"text":"LVM","link":"https://csrc.nist.gov/glossary/term/lvm"}],"definitions":null},{"term":"LOGIIC","link":"https://csrc.nist.gov/glossary/term/logiic","abbrSyn":[{"text":"Linking the Oil and Gas Industry to Improve Cybersecurity","link":"https://csrc.nist.gov/glossary/term/linking_oil_gas_industry_to_improve_cybersecurity"}],"definitions":null},{"term":"Logo","link":"https://csrc.nist.gov/glossary/term/logo","definitions":[{"text":"The NIST National Checklist Program logo.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"NIST National Checklist Program logo.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"LOI","link":"https://csrc.nist.gov/glossary/term/loi","abbrSyn":[{"text":"Letter of Interest","link":"https://csrc.nist.gov/glossary/term/letter_of_interest"}],"definitions":null},{"term":"Long Range Alliance","link":"https://csrc.nist.gov/glossary/term/long_range_alliance","abbrSyn":[{"text":"LoRa Alliance","link":"https://csrc.nist.gov/glossary/term/lora_alliance"}],"definitions":null},{"term":"Long Runs of Ones Test","link":"https://csrc.nist.gov/glossary/term/long_runs_of_ones_test","definitions":[{"text":"The purpose of this test is to determine whether the longest run of ones within the tested sequence is consistent with the longest run of ones that would be expected in a random sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Long Short-Term Memory","link":"https://csrc.nist.gov/glossary/term/long_short_term_memory","abbrSyn":[{"text":"LSTM","link":"https://csrc.nist.gov/glossary/term/lstm"}],"definitions":null},{"term":"long title","link":"https://csrc.nist.gov/glossary/term/long_title","definitions":[{"text":"The descriptive title of a COMSEC item.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Longest Repeated Substring","link":"https://csrc.nist.gov/glossary/term/longest_repeated_substring","abbrSyn":[{"text":"LRS","link":"https://csrc.nist.gov/glossary/term/lrs"}],"definitions":null},{"term":"Longitudinal Redundancy Code","link":"https://csrc.nist.gov/glossary/term/longitudinal_redundancy_code","abbrSyn":[{"text":"LRC","link":"https://csrc.nist.gov/glossary/term/lrc"}],"definitions":null},{"term":"Long-Term Evolution","link":"https://csrc.nist.gov/glossary/term/long_term_evolution","abbrSyn":[{"text":"LTE","link":"https://csrc.nist.gov/glossary/term/lte"}],"definitions":null},{"term":"Long-Term Key","link":"https://csrc.nist.gov/glossary/term/long_term_key","abbrSyn":[{"text":"LTK","link":"https://csrc.nist.gov/glossary/term/ltk"}],"definitions":null},{"term":"Long-Term Support","link":"https://csrc.nist.gov/glossary/term/long_term_support","abbrSyn":[{"text":"LTS","link":"https://csrc.nist.gov/glossary/term/lts"}],"definitions":null},{"term":"Look-Up Table","link":"https://csrc.nist.gov/glossary/term/look_up_table","abbrSyn":[{"text":"LUT","link":"https://csrc.nist.gov/glossary/term/lut"}],"definitions":null},{"term":"Loop-Back Mode","link":"https://csrc.nist.gov/glossary/term/loop_back_mode","definitions":[{"text":"An operating system facility that allows a device to be mounted via a loopback address and viewed logically on the PC.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"LoRa Alliance","link":"https://csrc.nist.gov/glossary/term/lora_alliance","abbrSyn":[{"text":"Long Range Alliance","link":"https://csrc.nist.gov/glossary/term/long_range_alliance"}],"definitions":null},{"term":"Los Alamos National Laboratory","link":"https://csrc.nist.gov/glossary/term/los_alamos_national_laboratory","abbrSyn":[{"text":"LANL","link":"https://csrc.nist.gov/glossary/term/lanl"}],"definitions":null},{"term":"Low Energy","link":"https://csrc.nist.gov/glossary/term/low_energy","abbrSyn":[{"text":"LE","link":"https://csrc.nist.gov/glossary/term/le"}],"definitions":null},{"term":"Low Frequency","link":"https://csrc.nist.gov/glossary/term/low_frequency","abbrSyn":[{"text":"LF","link":"https://csrc.nist.gov/glossary/term/lf"}],"definitions":null},{"term":"low impact","link":"https://csrc.nist.gov/glossary/term/low_impact","definitions":[{"text":"The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States (i.e., 1) causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor financial loss; or 4) results in minor harm to individuals).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Low Impact ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor financial loss; or 4) results in minor harm to individuals).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Low Impact ","refSources":[{"text":"CNSSI 4009-2010"}]}]}]},{"term":"Low Pin Count","link":"https://csrc.nist.gov/glossary/term/low_pin_count","abbrSyn":[{"text":"LPC","link":"https://csrc.nist.gov/glossary/term/lpc"}],"definitions":null},{"term":"low probability of detection (LPD)","link":"https://csrc.nist.gov/glossary/term/low_probability_of_detection","abbrSyn":[{"text":"LPD","link":"https://csrc.nist.gov/glossary/term/lpd"}],"definitions":[{"text":"Result of measures used to hide or disguise intentional electromagnetic transmissions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"low probability of intercept (LPI)","link":"https://csrc.nist.gov/glossary/term/low_probability_of_intercept","abbrSyn":[{"text":"LPI","link":"https://csrc.nist.gov/glossary/term/lpi"}],"definitions":[{"text":"Result of measures used to resist attempts by adversaries to analyze the parameters of a transmission to determine if it is a signal of interest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"low probability of positioning","link":"https://csrc.nist.gov/glossary/term/low_probability_of_positioning","definitions":[{"text":"Result of measures used to resist attempts by adversaries to determine the location of a particular transmitter.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1200","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Low Rate Initial Production","link":"https://csrc.nist.gov/glossary/term/low_rate_initial_production","abbrSyn":[{"text":"LRIP","link":"https://csrc.nist.gov/glossary/term/lrip"}],"definitions":null},{"term":"Low-Earth Orbit","link":"https://csrc.nist.gov/glossary/term/low_earth_orbit","abbrSyn":[{"text":"LEO","link":"https://csrc.nist.gov/glossary/term/leo"}],"definitions":null},{"term":"low-impact system","link":"https://csrc.nist.gov/glossary/term/low_impact_system","definitions":[{"text":"An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under LOW-IMPACT SYSTEM "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Low-Impact System "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Low-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Low-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Low-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS Publication 199 potential impact value of low.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Low-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which all three security properties (i.e., confidentiality, integrity, and availability) are assigned a FIPS PUB 199 potential impact value of low. \nNote: For National Security Systems, CNSSI No. 1253 does not adopt this FIPS PUB 200 high water mark across security objectives.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"A system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS Publication 199 potential impact value of low.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}]},{"term":"low-power transmitter","link":"https://csrc.nist.gov/glossary/term/low_power_transmitter","definitions":[{"text":"For the purposes of determining separation between RED equipment/lines and radio frequency (RF) transmitters, low-power is that which is less than or equal to 100 m Watt (20 dBm) effective isotropic radiated power (EIRP). Examples of low-power transmitters are wireless devices for local communications that do not need a Federal Communications Commission (FCC) license, such as some IEEE 802.11X network access points, and portable (but not cellular) telephones.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}],"seeAlso":[{"text":"high-power transmitter","link":"high_power_transmitter"}]},{"term":"LP","link":"https://csrc.nist.gov/glossary/term/lp","abbrSyn":[{"text":"Local Preference","link":"https://csrc.nist.gov/glossary/term/local_preference"}],"definitions":null},{"term":"LPAR","link":"https://csrc.nist.gov/glossary/term/lpar","abbrSyn":[{"text":"Logical Partition","link":"https://csrc.nist.gov/glossary/term/logical_partition"}],"definitions":null},{"term":"LPC","link":"https://csrc.nist.gov/glossary/term/lpc","abbrSyn":[{"text":"Low Pin Count","link":"https://csrc.nist.gov/glossary/term/low_pin_count"}],"definitions":null},{"term":"LPD","link":"https://csrc.nist.gov/glossary/term/lpd","abbrSyn":[{"text":"Low Probability of Detection"}],"definitions":null},{"term":"LPI","link":"https://csrc.nist.gov/glossary/term/lpi","abbrSyn":[{"text":"Low Probability of Intercept"}],"definitions":null},{"term":"LPSD","link":"https://csrc.nist.gov/glossary/term/lpsd","abbrSyn":[{"text":"Local Public Safety Department","link":"https://csrc.nist.gov/glossary/term/local_public_safety_department"}],"definitions":null},{"term":"LRA","link":"https://csrc.nist.gov/glossary/term/lra","abbrSyn":[{"text":"Local Registration Authority"}],"definitions":null},{"term":"LRC","link":"https://csrc.nist.gov/glossary/term/lrc","abbrSyn":[{"text":"Longitudinal Redundancy Code","link":"https://csrc.nist.gov/glossary/term/longitudinal_redundancy_code"}],"definitions":null},{"term":"LRIP","link":"https://csrc.nist.gov/glossary/term/lrip","abbrSyn":[{"text":"Low Rate Initial Production","link":"https://csrc.nist.gov/glossary/term/low_rate_initial_production"}],"definitions":null},{"term":"LRS","link":"https://csrc.nist.gov/glossary/term/lrs","abbrSyn":[{"text":"Longest Repeated Substring","link":"https://csrc.nist.gov/glossary/term/longest_repeated_substring"}],"definitions":null},{"term":"LSB","link":"https://csrc.nist.gov/glossary/term/lsb","abbrSyn":[{"text":"Least Significant Bit"}],"definitions":null},{"term":"LSBs(X)","link":"https://csrc.nist.gov/glossary/term/lsb_s_x","definitions":[{"text":"The bit string consisting of the s right-most bits of the bit string X.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"LSI","link":"https://csrc.nist.gov/glossary/term/lsi","abbrSyn":[{"text":"Large Scale Integration"},{"text":"Large-Scale Integration","link":"https://csrc.nist.gov/glossary/term/large_scale_integration"}],"definitions":null},{"term":"LSPE","link":"https://csrc.nist.gov/glossary/term/lspe","abbrSyn":[{"text":"Large-Scale Processing Environment","link":"https://csrc.nist.gov/glossary/term/large_scale_processing_environment"}],"definitions":null},{"term":"LSTM","link":"https://csrc.nist.gov/glossary/term/lstm","abbrSyn":[{"text":"Long Short-Term Memory","link":"https://csrc.nist.gov/glossary/term/long_short_term_memory"}],"definitions":null},{"term":"LTE","link":"https://csrc.nist.gov/glossary/term/lte","abbrSyn":[{"text":"Long Term Evolution"},{"text":"Long-Term Evolution","link":"https://csrc.nist.gov/glossary/term/long_term_evolution"}],"definitions":null},{"term":"LTE air interface","link":"https://csrc.nist.gov/glossary/term/lte_air_interface","abbrSyn":[{"text":"Uu","link":"https://csrc.nist.gov/glossary/term/uu"}],"definitions":null},{"term":"LTK","link":"https://csrc.nist.gov/glossary/term/ltk","abbrSyn":[{"text":"Long-Term Key","link":"https://csrc.nist.gov/glossary/term/long_term_key"}],"definitions":null},{"term":"LTM","link":"https://csrc.nist.gov/glossary/term/ltm","abbrSyn":[{"text":"Local Traffic Manager","link":"https://csrc.nist.gov/glossary/term/local_traffic_manager"}],"definitions":null},{"term":"LTS","link":"https://csrc.nist.gov/glossary/term/lts","abbrSyn":[{"text":"Long-Term Support","link":"https://csrc.nist.gov/glossary/term/long_term_support"}],"definitions":null},{"term":"LUN","link":"https://csrc.nist.gov/glossary/term/lun","abbrSyn":[{"text":"Logical Unit Number","link":"https://csrc.nist.gov/glossary/term/logical_unit_number"}],"definitions":null},{"term":"LUT","link":"https://csrc.nist.gov/glossary/term/lut","abbrSyn":[{"text":"Look-Up Table","link":"https://csrc.nist.gov/glossary/term/look_up_table"}],"definitions":null},{"term":"LVM","link":"https://csrc.nist.gov/glossary/term/lvm","abbrSyn":[{"text":"Logical Volume Manager","link":"https://csrc.nist.gov/glossary/term/logical_volume_manager"}],"definitions":null},{"term":"LVP","link":"https://csrc.nist.gov/glossary/term/lvp","abbrSyn":[{"text":"Large Volume Pump","link":"https://csrc.nist.gov/glossary/term/large_volume_pump"}],"definitions":null},{"term":"LWE","link":"https://csrc.nist.gov/glossary/term/lwe","abbrSyn":[{"text":"Learning With Errors","link":"https://csrc.nist.gov/glossary/term/learning_with_errors"}],"definitions":null},{"term":"LWR","link":"https://csrc.nist.gov/glossary/term/lwr","abbrSyn":[{"text":"Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/learning_with_rounding"}],"definitions":null},{"term":"LXC","link":"https://csrc.nist.gov/glossary/term/lxc","abbrSyn":[{"text":"Linux Container","link":"https://csrc.nist.gov/glossary/term/linux_container"}],"definitions":null},{"term":"LZS","link":"https://csrc.nist.gov/glossary/term/lzs","abbrSyn":[{"text":"Lempel-Ziv-Stac","link":"https://csrc.nist.gov/glossary/term/lempel_ziv_stac"}],"definitions":null},{"term":"M&S","link":"https://csrc.nist.gov/glossary/term/m_and_s","abbrSyn":[{"text":"Modeling and Simulation","link":"https://csrc.nist.gov/glossary/term/modeling_and_simulation"}],"definitions":null},{"term":"M2M","link":"https://csrc.nist.gov/glossary/term/m2m","abbrSyn":[{"text":"Machine to Machine","link":"https://csrc.nist.gov/glossary/term/machine_to_machine"}],"definitions":null},{"term":"MA","link":"https://csrc.nist.gov/glossary/term/ma","abbrSyn":[{"text":"maintenance","link":"https://csrc.nist.gov/glossary/term/maintenance"},{"text":"Major Application"}],"definitions":[{"text":"Any act that either prevents the failure or malfunction of equipment or restores its operating capability.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under maintenance ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under maintenance ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]},{"text":"The process of managing PIV Cards or Derived PIV Credentials (and its token) once they are issued. It includes re-issuance, post issuance updates, and termination.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under maintenance "}]},{"text":"An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Major Application ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]},{"text":"Any act that either prevents the failure or malfunction of IoT device and supporting equipment or restores its operating capability.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under maintenance ","refSources":[{"text":"IoT Security Compliance Framework v2.1","link":"https://www.iotsecurityfoundation.org/iotsf-issues-update-to-popular-iot-security-compliance-framework/"}]}]}]},{"term":"MAB","link":"https://csrc.nist.gov/glossary/term/mab","abbrSyn":[{"text":"MAC Authentication Bypass","link":"https://csrc.nist.gov/glossary/term/mac_authentication_bypass"}],"definitions":null},{"term":"MAC","link":"https://csrc.nist.gov/glossary/term/mac","abbrSyn":[{"text":"Mandatory Access Control"},{"text":"Media Access Control"},{"text":"Media Access Control Address","link":"https://csrc.nist.gov/glossary/term/media_access_control_address"},{"text":"Medium Access Control","link":"https://csrc.nist.gov/glossary/term/medium_access_control"},{"text":"message authentication code"},{"text":"Message Authentication Code"},{"text":"Message Authentication Codes"},{"text":"Mission Assurance Category"},{"text":"Modification, Access, and Creation","link":"https://csrc.nist.gov/glossary/term/modification_access_and_creation"}],"definitions":[{"text":"A family of secret-key cryptographic algorithms acting on input data of arbitrary length to produce an output value of a specified length (called the MAC of the input data). The MAC can be employed to provide an authentication of the origin of data and/or data-integrity protection. In this Recommendation, approved MAC algorithms are used to determine families of pseudorandom functions (indexed by the choice of key) that are employed during key derivation.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under message authentication code "}]},{"text":"A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. Mandatory Access Control is a type of nondiscretionary access control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. A subject that has been granted access to information is constrained from doing any of the following: (i) passing the information to unauthorized subjects or objects; (ii) granting its privileges to other subjects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated with newly-created or modified objects; or (v) changing the rules governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control "}]},{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"a data authenticator generated from the message, usually through cryptographic techniques. In general, a cryptographic key is also required as an input.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under message authentication code "}]},{"text":"A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Mandatory Access Control "}]},{"text":"A hardware address that uniquely identifies each component of an IEEE 802-based network. On networks that do not conform to the IEEE 802 standards but do conform to the OSI Reference Model, the node address is called the Data Link Control (DLC) address.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Media Access Control Address "}]},{"text":"A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Message Authentication Code "}]}]},{"term":"MAC algorithm","link":"https://csrc.nist.gov/glossary/term/mac_algorithm","definitions":[{"text":"An algorithm that computes a MAC from a message and a key.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"term":"MAC Authentication Bypass","link":"https://csrc.nist.gov/glossary/term/mac_authentication_bypass","abbrSyn":[{"text":"MAB","link":"https://csrc.nist.gov/glossary/term/mab"}],"definitions":null},{"term":"MAC key","link":"https://csrc.nist.gov/glossary/term/mac_key","definitions":[{"text":"A symmetric key used as input to a security function to produce a message authentication code (MAC).","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"MAC tag","link":"https://csrc.nist.gov/glossary/term/mac_tag","definitions":[{"text":"Data obtained from the output of a MAC algorithm that can be used by an entity to verify the integrity and the origination of the information used as input.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"Data obtained from the output of a MAC algorithm (possibly by truncation) that can be used by an entity to verify the integrity and the origination of the information used as input to the MAC algorithm.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"Data obtained from the output of a MAC algorithm that can be used by an entity to verify the integrity and the origination of the information used as input to the MAC algorithm.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Machine Learning","link":"https://csrc.nist.gov/glossary/term/machine_learning","abbrSyn":[{"text":"ML","link":"https://csrc.nist.gov/glossary/term/ml"}],"definitions":null},{"term":"Machine Owner Key","link":"https://csrc.nist.gov/glossary/term/machine_owner_key","abbrSyn":[{"text":"MOK","link":"https://csrc.nist.gov/glossary/term/mok"}],"definitions":null},{"term":"Machine Readable Table","link":"https://csrc.nist.gov/glossary/term/machine_readable_table","abbrSyn":[{"text":"MRT","link":"https://csrc.nist.gov/glossary/term/mrt"}],"definitions":null},{"term":"Machine Readable Travel Document","link":"https://csrc.nist.gov/glossary/term/machine_readable_travel_document","abbrSyn":[{"text":"MRTD","link":"https://csrc.nist.gov/glossary/term/mrtd"}],"definitions":null},{"term":"Machine to Machine","link":"https://csrc.nist.gov/glossary/term/machine_to_machine","abbrSyn":[{"text":"M2M","link":"https://csrc.nist.gov/glossary/term/m2m"}],"definitions":null},{"term":"Machine-Readable","link":"https://csrc.nist.gov/glossary/term/machine_readable","definitions":[{"text":"Product output that is in a structured format, typically XML, which can be consumed by another program using consistent processing logic.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"MacKeyBits","link":"https://csrc.nist.gov/glossary/term/mackeybits","definitions":[{"text":"The bit length of MacKey such that MacKeyBits = 8 ´ MacKeyLen.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"macOS Security Compliance Project","link":"https://csrc.nist.gov/glossary/term/macos_security_compliance_project","abbrSyn":[{"text":"mSCP","link":"https://csrc.nist.gov/glossary/term/mscp"}],"definitions":null},{"term":"MacOutputBits","link":"https://csrc.nist.gov/glossary/term/macoutputbits","definitions":[{"text":"The bit length of the MAC output block such that MacOutputBits = 8 ´ MacOutputLen.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"MacOutputLen","link":"https://csrc.nist.gov/glossary/term/macoutputlen","definitions":[{"text":"The byte length of the MAC output block.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"macro virus","link":"https://csrc.nist.gov/glossary/term/macro_virus","definitions":[{"text":"A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A specific type of computer virus that is encoded as a macro embedded in some document and activated when the document is handled.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Macro Virus "}]}]},{"term":"MACsec","link":"https://csrc.nist.gov/glossary/term/macsec","abbrSyn":[{"text":"Media Access Control Security","link":"https://csrc.nist.gov/glossary/term/media_access_control_security"}],"definitions":null},{"term":"MACsec Key Agreement","link":"https://csrc.nist.gov/glossary/term/macsec_key_agreement","abbrSyn":[{"text":"MKA","link":"https://csrc.nist.gov/glossary/term/mka"}],"definitions":null},{"term":"MacTagBits","link":"https://csrc.nist.gov/glossary/term/mactagbits","definitions":[{"text":"The bit length of the MAC tag such that MacTagBits = 8 ´ MacTagLen.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"MAG","link":"https://csrc.nist.gov/glossary/term/mag","abbrSyn":[{"text":"Mount Airey Group","link":"https://csrc.nist.gov/glossary/term/mount_airey_group"}],"definitions":null},{"term":"Magnetic Media","link":"https://csrc.nist.gov/glossary/term/magnetic_media","definitions":[{"text":"A class of storage device that uses only magnetic storage media for persistent storage, without the assistance of heat (ie. heat assisted magnetic recording (HAMR)) or the additional use of other persistent storage media such as flash memory-based media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"magnetic remanence","link":"https://csrc.nist.gov/glossary/term/magnetic_remanence","definitions":[{"text":"Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See clearing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"clearing","link":"clearing"},{"text":"remanence","link":"remanence"}]},{"term":"Magnetic Resonance Imaging","link":"https://csrc.nist.gov/glossary/term/magnetic_resonance_imaging","abbrSyn":[{"text":"MRI","link":"https://csrc.nist.gov/glossary/term/mri"}],"definitions":null},{"term":"Magneto Optical","link":"https://csrc.nist.gov/glossary/term/magneto_optical","abbrSyn":[{"text":"MO","link":"https://csrc.nist.gov/glossary/term/mo"}],"definitions":null},{"term":"Mail Delivery Agent","link":"https://csrc.nist.gov/glossary/term/mail_delivery_agent","abbrSyn":[{"text":"MDA","link":"https://csrc.nist.gov/glossary/term/mda"}],"definitions":null},{"term":"Mail Exchange","link":"https://csrc.nist.gov/glossary/term/mail_exchange","abbrSyn":[{"text":"MX","link":"https://csrc.nist.gov/glossary/term/mx"}],"definitions":null},{"term":"Mail Exchanger","link":"https://csrc.nist.gov/glossary/term/mail_exchanger","abbrSyn":[{"text":"MX","link":"https://csrc.nist.gov/glossary/term/mx"}],"definitions":null},{"term":"Mail Server","link":"https://csrc.nist.gov/glossary/term/mail_server","definitions":[{"text":"A host that provides “electronic post office” facilities. It stores incoming mail for distribution to users and forwards outgoing mail. The term may refer to just the application that performs this service, which can reside on a machine with other services, but for this document the term refers to the entire host including the mail server application, the host operating system and the supporting hardware.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Mail Server Administrator","link":"https://csrc.nist.gov/glossary/term/mail_server_administrator","definitions":[{"text":"The mail server equivalent of a system administrator. Mail server administrators are system architects responsible for the overall design and implementation of mail servers.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Mail Submission Agent","link":"https://csrc.nist.gov/glossary/term/mail_submission_agent","abbrSyn":[{"text":"MSA","link":"https://csrc.nist.gov/glossary/term/msa"}],"definitions":null},{"term":"Mail Transfer Agent (MTA)","link":"https://csrc.nist.gov/glossary/term/mail_transfer_agent","abbrSyn":[{"text":"MTA","link":"https://csrc.nist.gov/glossary/term/mta"}],"definitions":[{"text":"A program running on a mail server that receives messages from mail user agents or other MTAs and either forwards them to another MTA or, if the recipient is on the MTA, delivers the message to the local delivery agent (LDA) for delivery to the recipient. Common MTAs include Microsoft Exchange and sendmail.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Mail User Agent (MUA)","link":"https://csrc.nist.gov/glossary/term/mail_user_agent","abbrSyn":[{"text":"MUA","link":"https://csrc.nist.gov/glossary/term/mua"}],"definitions":[{"text":"A mail client application used by an end user to access a mail server to read, compose, and send email messages. Common MUAs include Microsoft Outlook and Mozilla Thunderbird.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"maintenance key","link":"https://csrc.nist.gov/glossary/term/maintenance_key","definitions":[{"text":"Key intended only for off-the-air, in-shop use. Maintenance key may not be used to protect classified or sensitive U.S. Government information. Also known as bench test key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"major application","link":"https://csrc.nist.gov/glossary/term/major_application","abbrSyn":[{"text":"MA","link":"https://csrc.nist.gov/glossary/term/ma"}],"definitions":[{"text":"An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. \nNote: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf","note":" - Adapted"}]}]},{"text":"An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Major Application ","refSources":[{"text":"OMB Circular A-130, Appendix III"}]}]},{"text":"An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to, or modification of, the information in the application. A breach in a major application might comprise many individual application programs and hardware, software, and telecommunications components. Major applications can be either major software applications or a combination of hardware/software where the only purpose of the system is to support a specific mission-related function.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]}]},{"term":"Major Information System","link":"https://csrc.nist.gov/glossary/term/major_information_system","definitions":[{"text":"An information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"Major Revision","link":"https://csrc.nist.gov/glossary/term/major_revision","definitions":[{"text":"Any increase in the version of an SCAP component’s specification or SCAP related data set that involves substantive changes that will break backwards compatibility with previous releases.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Major version update","link":"https://csrc.nist.gov/glossary/term/major_version_update","definitions":[{"text":"A revision of a specification that breaks backward compatibility with the previous revision of the specification in numerous significant ways.","sources":[{"text":"NIST SP 800-126A","link":"https://doi.org/10.6028/NIST.SP.800-126A"}]}]},{"term":"majority judgment algorithm","link":"https://csrc.nist.gov/glossary/term/majority_judgment_algorithm","definitions":[{"text":"An inter-level judgment conflict resolution algorithm where the judgment that occurs most frequently is taken as the result. If more than one judgment occurs the greatest number of times, then the weakest such judgment is the result.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"MAL","link":"https://csrc.nist.gov/glossary/term/mal","abbrSyn":[{"text":"Memory Allocation","link":"https://csrc.nist.gov/glossary/term/memory_allocation"}],"definitions":null},{"term":"malicious cyber activity","link":"https://csrc.nist.gov/glossary/term/malicious_cyber_activity","definitions":[{"text":"Activities, other than those authorized by or in accordance with U.S. law, that seek to compromise or impair the confidentiality, integrity, or availability of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"PPD-20"}]}]}]},{"term":"malware","link":"https://csrc.nist.gov/glossary/term/malware","abbrSyn":[{"text":"malicious code"},{"text":"Malicious Code"},{"text":"malicious code and malicious logic"},{"text":"Malware"}],"definitions":[{"text":"An application that is covertly inserted into another piece of software (e.g., operating system, application) with the intent to steal or destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.","sources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167","refSources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","note":" - adapted"}]}]},{"text":"Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality, integrity, or availability of a system. Examples of malicious code include viruses, worms, Trojan horses, spyware, some forms of adware, or other code-based entities that infect a host.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under malicious code "}]},{"text":"Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under malicious logic ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"See Malicious Code.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Malware "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Malware "}]},{"text":"Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under malicious code ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under malicious code ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Malicious Code "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - “Malicious Code”"}]}]},{"text":"A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Malware ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Malware "},{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under Malware "}]},{"text":"See malicious code and malicious logic.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Software designed and operated by an adversary to violate the security of a computer (includes spyware, virus programs, root kits, and Trojan horses).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Malware "}]},{"text":"Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of a system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Malicious Code ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under malicious code "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under malicious code "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under malicious code "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under malicious code "}]},{"text":"A program that is written intentionally to carry out annoying or harmful actions, which includes Trojan horses, viruses, and worms.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Malicious Code "}]},{"text":"A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Malware "}]},{"text":"See “Malware”.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Malicious Code "}]},{"text":"A computer program that is covertly placed onto a computer with the intent to compromise the privacy, accuracy, or reliability of the computer’s data, applications, or operating system.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Malware "}]},{"text":"A program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","underTerm":" under Malware "}]},{"text":"See Malicious malicious Ccode.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host.  Spyware and some forms of adware are also examples of malicious code.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Malicious Code ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Software or firmware intended to perform an unauthorized process that will have adverse impacts on the confidentiality, integrity, or availability of a system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under malicious code "}]},{"text":"A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-111","link":"https://doi.org/10.6028/NIST.SP.800-111"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-111","link":"https://doi.org/10.6028/NIST.SP.800-111"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Malware ","refSources":[{"text":"NIST SP 800-111","link":"https://doi.org/10.6028/NIST.SP.800-111"}]}]},{"text":"See “Malware.”","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Malicious Code "}]},{"text":"A computer program that is covertly placed onto a computer with the intent to compromise the privacy, accuracy, or reliability of the computer’s data, applications, or OS. Common types of malware threats include viruses, worms, malicious mobile code, Trojan horses, rootkits, and spyware.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Malware "}]}],"seeAlso":[{"text":"virus","link":"virus"},{"text":"Virus"},{"text":"Worm"}]},{"term":"MAM","link":"https://csrc.nist.gov/glossary/term/mam","abbrSyn":[{"text":"Mobile Application Management","link":"https://csrc.nist.gov/glossary/term/mobile_application_management"}],"definitions":null},{"term":"MAN","link":"https://csrc.nist.gov/glossary/term/man","abbrSyn":[{"text":"Mandatory Modification"},{"text":"Metropolitan Area Network","link":"https://csrc.nist.gov/glossary/term/metropolitan_area_network"}],"definitions":null},{"term":"Man in the middle","link":"https://csrc.nist.gov/glossary/term/man_in_the_middle","abbrSyn":[{"text":"MitM","link":"https://csrc.nist.gov/glossary/term/mitm"},{"text":"MITM"}],"definitions":null},{"term":"Manage Boundaries","link":"https://csrc.nist.gov/glossary/term/manage_boundaries","abbrSyn":[{"text":"Capability, Boundary Management","link":"https://csrc.nist.gov/glossary/term/capability_boundary_management"}],"definitions":[{"text":"An ISCM capability that addresses the following network and physical boundary areas: \nPhysical Boundaries – Ensure that movement (of people, media, equipment, etc.) into and out of the physical facility does not compromise security. \nFilters – Ensure that traffic into and out of the network (and thus out of the physical facility protection) does not compromise security. Do the same for enclaves that subdivide the network. \nOther – Ensure that information is protected (with adequate strength) when needed to protect confidentiality and integrity, whether that information is in transit or at rest.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Boundary Management "}]},{"text":"See Capability, Boundary Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Manage Credentials and Authentication","link":"https://csrc.nist.gov/glossary/term/manage_credentials_and_authentication","abbrSyn":[{"text":"Capability, Credentials and Authentication Management","link":"https://csrc.nist.gov/glossary/term/capability_credentials_and_authentication_management"}],"definitions":[{"text":"An ISCM capability that ensures that people have the credentials and authentication methods necessary (and only those necessary) to perform their duties, while limiting access to that which is necessary.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Credentials and Authentication Management "}]},{"text":"See Capability, Credentials and Authentication Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Manage Privileges","link":"https://csrc.nist.gov/glossary/term/manage_privileges","abbrSyn":[{"text":"Capability, Privilege and Account Management","link":"https://csrc.nist.gov/glossary/term/capability_privilege_and_account_management"}],"definitions":[{"text":"An ISCM capability that ensures that people have the privileges necessary (and only those necessary) to perform their duties, to limit access to that which is necessary.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Privilege and Account Management "}]},{"text":"See Capability, Privilege and Account Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Manageability","link":"https://csrc.nist.gov/glossary/term/manageability","definitions":[{"text":"Providing the capability for granular administration of personally identifiable information, including alteration, deletion, and selective disclosure.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"Per NISTIR8062: Providing the capability for granular administration of personally identifiable information, including alteration, deletion, and selective disclosure.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"Providing the capability for granular administration of data, including alteration, deletion, and selective disclosure.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]},{"text":"Providing the capability for granular administration of PII including alteration, deletion, and selective disclosure.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"term":"Manageability Engine","link":"https://csrc.nist.gov/glossary/term/manageability_engine","abbrSyn":[{"text":"ME","link":"https://csrc.nist.gov/glossary/term/me"}],"definitions":null},{"term":"Managed Detection and Response","link":"https://csrc.nist.gov/glossary/term/managed_detection_and_response","abbrSyn":[{"text":"MDR","link":"https://csrc.nist.gov/glossary/term/mdr"}],"definitions":null},{"term":"Managed Devices","link":"https://csrc.nist.gov/glossary/term/managed_devices","definitions":[{"text":"Personal computers, laptops, mobile devices, virtual machines, and infrastructure components require management agents, allowing information technology staff to discover, maintain, and control them. Those with broken or missing agents cannot be seen or managed by agent-based security products.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]},{"text":"Personal computers, laptops, mobile devices, virtual machines, and infrastructure components require management agents, allowing information technology staff to discover, maintain, and control these devices. Those with broken or missing agents cannot be seen or managed by agent-based security products.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Managed Environment","link":"https://csrc.nist.gov/glossary/term/managed_environment","definitions":[{"text":"Environment comprising centrally managed IT products, everything ranging from servers and printers to desktops, laptops, smartphones, and tablets.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Inward-facing environment that is typically very structured and centrally managed.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"}]},{"text":"Environment comprising centrally managed IT products.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Managed Incident Lightweight Exchange","link":"https://csrc.nist.gov/glossary/term/managed_incident_lightweight_exchange","abbrSyn":[{"text":"MILE","link":"https://csrc.nist.gov/glossary/term/mile"}],"definitions":null},{"term":"managed interface","link":"https://csrc.nist.gov/glossary/term/managed_interface","definitions":[{"text":"An interface within an information system that provides boundary protection capability using automated mechanisms or devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Managed Interface "}]},{"text":"An interface within a system that provides boundary protection capabilities using automated mechanisms or devices.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Managed Security Services Provider","link":"https://csrc.nist.gov/glossary/term/managed_security_services_provider","abbrSyn":[{"text":"MSSP","link":"https://csrc.nist.gov/glossary/term/mssp"}],"definitions":null},{"term":"Management","link":"https://csrc.nist.gov/glossary/term/management","abbrSyn":[{"text":"MGMT","link":"https://csrc.nist.gov/glossary/term/mgmt"}],"definitions":null},{"term":"management client (MGC)","link":"https://csrc.nist.gov/glossary/term/management_client","abbrSyn":[{"text":"MGC","link":"https://csrc.nist.gov/glossary/term/mgc"}],"definitions":[{"text":"A configuration of a client node that enables a key management infrastructure (KMI) external operational manager to manage KMI products and services by either 1) accessing a PRSN or 2) exercising locally-provided capabilities. A management client (MGC) consists of a client platform and an advanced key processor (AKP).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"management controls","link":"https://csrc.nist.gov/glossary/term/management_controls","note":"(C.F.D.)","definitions":[{"text":"The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under MANAGEMENT CONTROLS "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Management Controls ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","underTerm":" under Management Controls ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Management Controls ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Management Controls ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Management Controls ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Management Controls ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information security.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Management Controls ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"management controls are actions taken to manage thedevelopment, maintenance, and use of the system, including system-specific policies, procedures, and rules of behavior, individual roles and responsibilities, individual accountability and personnel security decisions.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Management Controls "}]},{"text":"Restricting who can manage the computer to a limited number of known people","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Management control "}]}]},{"term":"Management Information Base","link":"https://csrc.nist.gov/glossary/term/management_information_base","abbrSyn":[{"text":"MIB","link":"https://csrc.nist.gov/glossary/term/mib"}],"definitions":null},{"term":"Management Network","link":"https://csrc.nist.gov/glossary/term/management_network","abbrSyn":[{"text":"MGMT","link":"https://csrc.nist.gov/glossary/term/mgmt"}],"definitions":null},{"term":"management security controls","link":"https://csrc.nist.gov/glossary/term/management_security_controls","note":"(C.F.D.)","definitions":[{"text":"The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information systems security. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Management stations","link":"https://csrc.nist.gov/glossary/term/management_stations","definitions":[{"text":"Systems with which only IT and network administrators interact","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"term":"Manager","link":"https://csrc.nist.gov/glossary/term/manager","definitions":[{"text":"An individual responsible for network resources (people, data, processing capability) who is charged with conducting business of an organization.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"mandate","link":"https://csrc.nist.gov/glossary/term/mandate","definitions":[{"text":"A mandatory order or requirement under statute.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]}]},{"term":"mandatory access control (MAC)","link":"https://csrc.nist.gov/glossary/term/mandatory_access_control","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"},{"text":"non-discretionary access control","link":"https://csrc.nist.gov/glossary/term/non_discretionary_access_control"},{"text":"Nondiscretionary Access Control"}],"definitions":[{"text":"A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. Mandatory Access Control is a type of nondiscretionary access control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. A subject that has been granted access to information is constrained from doing any of the following: (i) passing the information to unauthorized subjects or objects; (ii) granting its privileges to other subjects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated with newly-created or modified objects; or (v) changing the rules governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control "}]},{"text":"See mandatory access control (MAC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under non-discretionary access control "}]},{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]},{"text":"means that access control policy decisions are made by a central authority, not by the individual owner of an object. User cannot change access rights. An example of MAC occurs in military security, where an individual data owner does not decide who has a top-secret clearance, nor can the owner change the classification of an object from top-secret to secret.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Mandatory access control (MAC) "}]},{"text":"A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Mandatory Access Control "}]},{"text":"See Mandatory Access Control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Nondiscretionary Access Control "}]},{"text":"An access control policy that is uniformly enforced across all subjects and objects within a system. A subject that has been granted access to information is constrained from: passing the information to unauthorized subjects or objects; granting its privileges to other subjects; changing one or more security attributes on subjects, objects, the system, or system components; choosing the security attributes to be associated with newly created or modified objects; or changing the rules for governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints. Mandatory access control is considered a type of nondiscretionary access control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under mandatory access control "}]}]},{"term":"mandatory modification (MAN)","link":"https://csrc.nist.gov/glossary/term/mandatory_modification","abbrSyn":[{"text":"MAN","link":"https://csrc.nist.gov/glossary/term/man"}],"definitions":[{"text":"A change to a COMSEC end-item, which the National Security Agency (NSA) requires to be completed and reported by a specified date. See optional modification.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)","note":" - Adapted"}]}]}],"seeAlso":[{"text":"optional modification","link":"optional_modification"}]},{"term":"man-in-the-middle attack (MitM)","link":"https://csrc.nist.gov/glossary/term/man_in_the_middle_attack","abbrSyn":[{"text":"MitM","link":"https://csrc.nist.gov/glossary/term/mitm"},{"text":"MITM"},{"text":"MitMA","link":"https://csrc.nist.gov/glossary/term/mitma"}],"definitions":[{"text":"A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"An attack that occurs when an adversary deceives an SS/MS to appear as a legitimate BS while simultaneously deceiving a BS to appear as a legitimate SS/MS. This may allow an adversary to act as a pass-through for all communications and to inject malicious traffic into the communications stream.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Man-in-the-middle (MITM) "}]},{"text":"An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. In the context of authentication, the attacker would be positioned between claimant and verifier, between registrant and CSP during enrollment, or between subscriber and CSP during authenticator binding.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Man-in-the-Middle Attack (MitM) "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Person (Man)-in-the-Middle Attack ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Man-In-The-Middle "}]},{"text":"An attack on the authentication protocol run in which the Attacker positions himself or herself in between the Claimant and Verifier so that he can intercept and alter data traveling between them.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Man-in-the-Middle Attack (MitM) "}]}]},{"term":"manipulative communications deception","link":"https://csrc.nist.gov/glossary/term/manipulative_communications_deception","note":"(C.F.D.)","definitions":[{"text":"Alteration or simulation of friendly telecommunications for the purpose of deception. See communications deception and imitative communications deception. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"communications deception","link":"communications_deception"},{"text":"imitative communications deception","link":"imitative_communications_deception"}]},{"term":"manual cryptosystem","link":"https://csrc.nist.gov/glossary/term/manual_cryptosystem","definitions":[{"text":"Cryptosystem in which the cryptographic processes are performed without the use of crypto-equipment or auto-manual devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Manual key distribution","link":"https://csrc.nist.gov/glossary/term/manual_key_distribution","definitions":[{"text":"A non-automated means of transporting cryptographic keys by physically moving a device or document containing the key or key component.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Manual key transport","link":"https://csrc.nist.gov/glossary/term/manual_key_transport","definitions":[{"text":"A non-automated means of transporting cryptographic keys by physically moving a device or document containing the key or key component.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A non-automated means of transporting cryptographic keys by physically moving a device or document containing the key or key share.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A non-automated means of transporting cryptographic keys by physically moving a device, document or person containing or possessing the key or key component.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"manual remote rekeying","link":"https://csrc.nist.gov/glossary/term/manual_remote_rekeying","abbrSyn":[{"text":"cooperative remote rekeying","link":"https://csrc.nist.gov/glossary/term/cooperative_remote_rekeying"}],"definitions":[{"text":"Synonymous with manual remote rekeying.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under cooperative remote rekeying "}]},{"text":"Procedure by which a distant crypto-equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. See automatic remote rekeying.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"automatic remote rekeying","link":"automatic_remote_rekeying"},{"text":"remote rekeying","link":"remote_rekeying"}]},{"term":"Manufacturer and User Facility Device Experience","link":"https://csrc.nist.gov/glossary/term/manufacturer_and_user_facility_device_experience","abbrSyn":[{"text":"MAUDE","link":"https://csrc.nist.gov/glossary/term/maude"}],"definitions":null},{"term":"Manufacturer Disclosure Statement for Medical Device Security","link":"https://csrc.nist.gov/glossary/term/manufacturer_disclosure_statement_for_medical_device_security","abbrSyn":[{"text":"MDS2","link":"https://csrc.nist.gov/glossary/term/mds2"}],"definitions":null},{"term":"Manufacturer Usage Description (MUD)","link":"https://csrc.nist.gov/glossary/term/manufacturer_usage_description_mud","abbrSyn":[{"text":"MUD","link":"https://csrc.nist.gov/glossary/term/mud"}],"definitions":[{"text":"A component-based architecture specified in Request for Comments (RFC) 8520 that is designed to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Manufacturing","link":"https://csrc.nist.gov/glossary/term/manufacturing","abbrSyn":[{"text":"MFG","link":"https://csrc.nist.gov/glossary/term/mfg"}],"definitions":null},{"term":"Manufacturing Operations","link":"https://csrc.nist.gov/glossary/term/manufacturing_operations","definitions":[{"text":"Activities concerning the facility operation, system processes, materials input/output, maintenance, supply and distribution, health, and safety, emergency response, human resources, security, information technology and other contributing measures to the manufacturing enterprise.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]},{"text":"Activities concerning the facility operation, system processes, materials input/output, maintenance, supply and distribution, health, and safety, emergency response, human resources, security, information technology and other contributing measures to the manufacturing enterprise.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"}]}]},{"term":"MAO","link":"https://csrc.nist.gov/glossary/term/mao","abbrSyn":[{"text":"Maximum Allowable Outage","link":"https://csrc.nist.gov/glossary/term/maximum_allowable_outage"}],"definitions":null},{"term":"Maple","link":"https://csrc.nist.gov/glossary/term/maple","definitions":[{"text":"An interactive computer algebra system that provides a complete mathematical environment for the manipulation and simplification of symbolic algebraic expressions, arbitrary extended precision mathematics, two- and three-dimensional graphics, and programming.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Mapping","link":"https://csrc.nist.gov/glossary/term/mapping","abbrSyn":[{"text":"concept mapping","link":"https://csrc.nist.gov/glossary/term/concept_mapping"}],"definitions":[{"text":"An indication that one concept is related to another concept.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477","underTerm":" under concept mapping "}]},{"text":"Depiction of how data from one information source maps to data from another information source.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"MARAD","link":"https://csrc.nist.gov/glossary/term/marad","abbrSyn":[{"text":"Maritime Administration","link":"https://csrc.nist.gov/glossary/term/maritime_administration"}],"definitions":null},{"term":"margin","link":"https://csrc.nist.gov/glossary/term/margin","abbrSyn":[{"text":"design margin","link":"https://csrc.nist.gov/glossary/term/design_margin"},{"text":"operational margin","link":"https://csrc.nist.gov/glossary/term/operational_margin"}],"definitions":[{"text":"The margin allocated during design based on assessments of uncertainty and unknowns. This margin is often consumed as the design matures.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under design margin ","refSources":[{"text":"NASA Systems Engineering Handbook","link":"https://www.nasa.gov/seh"}]}]},{"text":"A spare amount or measure or degree allowed or given for contingencies or special situations. The allowances carried to account for uncertainties and risks.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"MTR210263","link":"https://figshare.com/articles/preprint/Design_Principles_for_Cyber_Physical_Systems_pdf/15175605"}]}]},{"text":"The margin that is designed explicitly to provide space between the worst normal operating condition and the point at which failure occurs (derives from physical design margin).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under operational margin ","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"}]}]}]},{"term":"Marine Transportation System","link":"https://csrc.nist.gov/glossary/term/marine_transportation_system","abbrSyn":[{"text":"MTS","link":"https://csrc.nist.gov/glossary/term/mts"}],"definitions":null},{"term":"Maritime Administration","link":"https://csrc.nist.gov/glossary/term/maritime_administration","abbrSyn":[{"text":"MARAD","link":"https://csrc.nist.gov/glossary/term/marad"}],"definitions":null},{"term":"Market research","link":"https://csrc.nist.gov/glossary/term/market_research","definitions":[{"text":"Collecting and analyzing information about capabilities within the market to satisfy agency needs.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"48 C.F.R.","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=455bc78b0b6061fca232fa24310d6b74&mc=true&tpl=/ecfrbrowse/Title48/48tab_02.tpl"}]}]}]},{"term":"marking","link":"https://csrc.nist.gov/glossary/term/marking","abbrSyn":[{"text":"security marking","link":"https://csrc.nist.gov/glossary/term/security_marking"},{"text":"Security Marking"}],"definitions":[{"text":"The means used to associate a set of security attributes with objects in a human-readable form, to enable organizational process-based enforcement of information security policies.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security marking ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Marking "}]},{"text":"See security marking.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Marking "}]},{"text":"The means used to associate a set of security attributes with objects in a human-readable form in order to enable organizational, process-based enforcement of information security policies.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under security marking "}]}]},{"term":"MASK","link":"https://csrc.nist.gov/glossary/term/mask_cap","definitions":[{"text":"a byte string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Mask Generation Function","link":"https://csrc.nist.gov/glossary/term/mask_generation_function","abbrSyn":[{"text":"MGF","link":"https://csrc.nist.gov/glossary/term/mgf"}],"definitions":null},{"term":"masquerading","link":"https://csrc.nist.gov/glossary/term/masquerading","definitions":[{"text":"A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Mass Casualty Incident","link":"https://csrc.nist.gov/glossary/term/mass_casualty_incident","abbrSyn":[{"text":"MCI","link":"https://csrc.nist.gov/glossary/term/mci"}],"definitions":null},{"term":"Massachusetts Institute of Technology","link":"https://csrc.nist.gov/glossary/term/massachusetts_institute_of_technology","abbrSyn":[{"text":"MIT","link":"https://csrc.nist.gov/glossary/term/mit"}],"definitions":null},{"term":"Master Boot Record","link":"https://csrc.nist.gov/glossary/term/master_boot_record","abbrSyn":[{"text":"MBR","link":"https://csrc.nist.gov/glossary/term/mbr"}],"definitions":null},{"term":"Master Control Unit","link":"https://csrc.nist.gov/glossary/term/master_control_unit","abbrSyn":[{"text":"MCU","link":"https://csrc.nist.gov/glossary/term/mcu"}],"definitions":null},{"term":"Master key","link":"https://csrc.nist.gov/glossary/term/master_key","abbrSyn":[{"text":"Key-derivation key","link":"https://csrc.nist.gov/glossary/term/key_derivation_key"}],"definitions":[{"text":"As used in this Recommendation, a key that is used during the key-expansion step of a key-derivation procedure to derive the secret output keying material. This key-derivation key is obtained from a shared secret during the randomness-extraction step.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Key-derivation key "}]},{"text":"A key used as an input to a key-derivation method to derive other keys. See [NIST SP 800-108].","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Key-derivation key "}]},{"text":"See Key-derivation key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A key used with a key-derivation function or method to derive additional keys. Sometimes called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Key-derivation key "}]},{"text":"A key used as an input to a key-derivation method to derive other keys. See SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Key-derivation key "}]},{"text":"A key used with a key-derivation method to derive additional keys. Sometimes called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Key-derivation key "}]},{"text":"A key used as an input to a key-derivation method to derive other keys; see SP 800-108.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Key-derivation key "}]},{"text":"A key used with a key-derivation function or method to derive additional keys. Also called a master key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Key-derivation key "}]}]},{"term":"Master Scenario Events List (MSEL)","link":"https://csrc.nist.gov/glossary/term/master_scenario_events_list","abbrSyn":[{"text":"MSEL","link":"https://csrc.nist.gov/glossary/term/msel"}],"definitions":[{"text":"A chronologically sequenced outline of the simulated events and key event descriptions that participants will be asked to respond to during an exercise.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"master services agreement","link":"https://csrc.nist.gov/glossary/term/master_services_agreement","abbrSyn":[{"text":"MSA","link":"https://csrc.nist.gov/glossary/term/msa"}],"definitions":null},{"term":"Master Session Key","link":"https://csrc.nist.gov/glossary/term/master_session_key","abbrSyn":[{"text":"MSK","link":"https://csrc.nist.gov/glossary/term/msk"}],"definitions":null},{"term":"Master Terminal Unit (MTU)","link":"https://csrc.nist.gov/glossary/term/master_terminal_unit","abbrSyn":[{"text":"Control Server","link":"https://csrc.nist.gov/glossary/term/control_server"},{"text":"MTU","link":"https://csrc.nist.gov/glossary/term/mtu"}],"definitions":[{"text":"A controller that also acts as a server that hosts the control software that communicates with lower-level control devices, such as remote terminal units (RTUs) and programmable logic controllers (PLCs), over an OT network. In a SCADA system, this is often called a SCADA server, MTU, or supervisory controller.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Control Server "},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Control Server "}]},{"text":"See Control Server.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]"}]}]},{"term":"Match","link":"https://csrc.nist.gov/glossary/term/match","definitions":[{"text":"Comparison decision stating that the biometric probe(s) and the biometric reference are from the same source. Match is a possible result of a Comparison. The opposite of a match is a non-match.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"ISO/IEC 2382-37:2017","link":"https://www.iso.org/standard/66693.html","note":" - adapted"}]}]}]},{"term":"match/matching","link":"https://csrc.nist.gov/glossary/term/match_matching","definitions":[{"text":"The process of comparing biometric information against a previously stored template(s) and scoring the level of similarity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"The process of comparing biometric information against a previously stored biometric data and scoring the level of similarity.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Match/Matching "}]}]},{"term":"Matching","link":"https://csrc.nist.gov/glossary/term/matching","definitions":[{"text":"The process of determining whether two or more asset identification expressions refer to the same asset.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"matching agreement","link":"https://csrc.nist.gov/glossary/term/matching_agreement","definitions":[{"text":"A written agreement between a recipient agency and a source agency (or a non-Federal agency) that is required by the Privacy Act for parties engaging in a matching program.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-108","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf"}]}]}]},{"term":"materiality","link":"https://csrc.nist.gov/glossary/term/materiality","definitions":[{"text":"The standard of materiality articulated by the U.S. Supreme Court in TSC Industries v. Northway, 426 U.S. 438, 449 (1976) (a fact is material “if there is a substantial likelihood that a reasonable shareholder would consider it important” in making an investment decision or if it “would have been viewed by the reasonable investor as having significantly altered the ‘total mix’ of information made available” to the shareholder).","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"TSC Industries v. Northway","link":"https://www.loc.gov/item/usrep426438/"}]}]},{"text":"The materiality of cybersecurity risks or incidents depends upon their nature, extent, and potential magnitude, particularly as they relate to any compromised information or the business and scope of company operations. The materiality of cybersecurity risks and incidents also depends on the range of harm that such incidents could cause. This includes harm to a company’s reputation, financial performance, and customer and vendor relationships, as well as the possibility of litigation or regulatory investigations or actions, including regulatory actions by state and federal governmental authorities and non-U.S. authorities.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"Public Company Cybersecurity Disclosures","link":"https://www.sec.gov/rules/interp/2018/33-10459.pdf"}]}]}]},{"term":"MATLAB","link":"https://csrc.nist.gov/glossary/term/matlab","definitions":[{"text":"An integrated, technical computer environment that combines numeric computation, advanced graphics and visualization, and a high level programming language. MATLAB includes functions for data analysis and visu alization; numeric and symbolic computation; engineering and scientific graphics; modeling, simulation and prototyping; and programming, application development and a GUI design.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Matyas-Meyer-Oseas","link":"https://csrc.nist.gov/glossary/term/matyas_meyer_oseas","abbrSyn":[{"text":"MMO","link":"https://csrc.nist.gov/glossary/term/mmo"}],"definitions":null},{"term":"MAUDE","link":"https://csrc.nist.gov/glossary/term/maude","abbrSyn":[{"text":"Manufacturer and User Facility Device Experience","link":"https://csrc.nist.gov/glossary/term/manufacturer_and_user_facility_device_experience"}],"definitions":null},{"term":"MAV","link":"https://csrc.nist.gov/glossary/term/mav","abbrSyn":[{"text":"Mobile Application Vetting","link":"https://csrc.nist.gov/glossary/term/mobile_application_vetting"}],"definitions":null},{"term":"max(x1, …, xn)","link":"https://csrc.nist.gov/glossary/term/max_x1_xn","definitions":[{"text":"The maximum of the xi values","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Maximum Allowable Outage","link":"https://csrc.nist.gov/glossary/term/maximum_allowable_outage","abbrSyn":[{"text":"MAO","link":"https://csrc.nist.gov/glossary/term/mao"}],"definitions":null},{"term":"Maximum allowed length of a prefix specified in RAO","link":"https://csrc.nist.gov/glossary/term/maximum_allowed_length_of_a_prefix_specified_in_rao","abbrSyn":[{"text":"maxlength"}],"definitions":null},{"term":"Maximum Distance Separable","link":"https://csrc.nist.gov/glossary/term/maximum_distance_separable","abbrSyn":[{"text":"MDS","link":"https://csrc.nist.gov/glossary/term/mds"}],"definitions":null},{"term":"Maximum Foreseeable Loss","link":"https://csrc.nist.gov/glossary/term/maximum_foreseeable_loss","abbrSyn":[{"text":"MFL","link":"https://csrc.nist.gov/glossary/term/mfl"}],"definitions":null},{"term":"Maximum Prefix Length","link":"https://csrc.nist.gov/glossary/term/maximum_prefix_length","abbrSyn":[{"text":"maxLength","link":"https://csrc.nist.gov/glossary/term/maxlength"}],"definitions":null},{"term":"Maximum Segment Size","link":"https://csrc.nist.gov/glossary/term/maximum_segment_size","abbrSyn":[{"text":"MSS","link":"https://csrc.nist.gov/glossary/term/mss"}],"definitions":null},{"term":"Maximum Tolerable Downtime","link":"https://csrc.nist.gov/glossary/term/maximum_tolerable_downtime","abbrSyn":[{"text":"MTD","link":"https://csrc.nist.gov/glossary/term/mtd"}],"definitions":[{"text":"The amount of time mission/business process can be disrupted without causing significant harm to the organization’s mission.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"Maximum Transmission Unit","link":"https://csrc.nist.gov/glossary/term/maximum_transmission_unit","abbrSyn":[{"text":"MTU","link":"https://csrc.nist.gov/glossary/term/mtu"}],"definitions":null},{"term":"MB","link":"https://csrc.nist.gov/glossary/term/mb","abbrSyn":[{"text":"Megabyte","link":"https://csrc.nist.gov/glossary/term/megabyte"},{"text":"Megabyte(s)"}],"definitions":null},{"term":"Mbps","link":"https://csrc.nist.gov/glossary/term/mbps","abbrSyn":[{"text":"Megabit per second"},{"text":"Megabits per second","link":"https://csrc.nist.gov/glossary/term/megabits_per_second"},{"text":"Megabits Per Second"}],"definitions":null},{"term":"MBR","link":"https://csrc.nist.gov/glossary/term/mbr","abbrSyn":[{"text":"Master Boot Record","link":"https://csrc.nist.gov/glossary/term/master_boot_record"}],"definitions":null},{"term":"MBSE","link":"https://csrc.nist.gov/glossary/term/mbse","abbrSyn":[{"text":"Model-Based Systems Engineering","link":"https://csrc.nist.gov/glossary/term/model_based_systems_engineering"}],"definitions":null},{"term":"MC/DC","link":"https://csrc.nist.gov/glossary/term/mc_dc","abbrSyn":[{"text":"Modified Condition/Decision Coverage"}],"definitions":null},{"term":"MCAA","link":"https://csrc.nist.gov/glossary/term/mcaa","abbrSyn":[{"text":"Measurement, Control, & Automation Association","link":"https://csrc.nist.gov/glossary/term/measurement_control_automation_association"}],"definitions":null},{"term":"MCC","link":"https://csrc.nist.gov/glossary/term/mcc","abbrSyn":[{"text":"Millennium Challenge Corporation","link":"https://csrc.nist.gov/glossary/term/millennium_challenge_corporation"}],"definitions":null},{"term":"MCI","link":"https://csrc.nist.gov/glossary/term/mci","abbrSyn":[{"text":"Mass Casualty Incident","link":"https://csrc.nist.gov/glossary/term/mass_casualty_incident"}],"definitions":null},{"term":"MCM","link":"https://csrc.nist.gov/glossary/term/mcm","abbrSyn":[{"text":"Multicloud Management","link":"https://csrc.nist.gov/glossary/term/multicloud_management"}],"definitions":null},{"term":"MCPTT","link":"https://csrc.nist.gov/glossary/term/mcptt","abbrSyn":[{"text":"Mission Critical Push-To-Talk","link":"https://csrc.nist.gov/glossary/term/mission_critical_push_to_talk"}],"definitions":null},{"term":"MCU","link":"https://csrc.nist.gov/glossary/term/mcu","abbrSyn":[{"text":"Master Control Unit","link":"https://csrc.nist.gov/glossary/term/master_control_unit"},{"text":"Microcontroller Unit","link":"https://csrc.nist.gov/glossary/term/microcontroller_unit"}],"definitions":null},{"term":"MCV","link":"https://csrc.nist.gov/glossary/term/mcv","abbrSyn":[{"text":"Mission Critical Voice","link":"https://csrc.nist.gov/glossary/term/mission_critical_voice"}],"definitions":null},{"term":"MD","link":"https://csrc.nist.gov/glossary/term/md","abbrSyn":[{"text":"Mediation Device","link":"https://csrc.nist.gov/glossary/term/mediation_device"},{"text":"Merkle-Damgård","link":"https://csrc.nist.gov/glossary/term/merkle_damgaard"},{"text":"Message Digest"}],"definitions":[{"text":"A hash that uniquely identifies data. Changing a single bit in the data stream used to generate the message digest will yield a completely different message digest.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Message Digest "}]},{"text":"A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Message Digest "}]},{"text":"A crytpographic checksum, typically generated for a file that can be used to detect changes to the file.. Synonyous with hash value/result.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"CNSSI 4009"}]}]},{"text":"A digital signature that uniquely identifes data and has the property that changing a single bit in the data will cause a completely different message diges to be generated.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"text":"See Digital Fingerprint","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"text":"The result of applying a hash function to a message.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest "}]}]},{"term":"MD5","link":"https://csrc.nist.gov/glossary/term/md5","abbrSyn":[{"text":"Message Digest 5","link":"https://csrc.nist.gov/glossary/term/message_digest_5"},{"text":"Message-Digest algorithm version 5"}],"definitions":null},{"term":"MDA","link":"https://csrc.nist.gov/glossary/term/mda","abbrSyn":[{"text":"Mail Delivery Agent","link":"https://csrc.nist.gov/glossary/term/mail_delivery_agent"}],"definitions":null},{"term":"MDISS","link":"https://csrc.nist.gov/glossary/term/mdiss","abbrSyn":[{"text":"Medical Device Innovation, Safety & Security Consortium","link":"https://csrc.nist.gov/glossary/term/medical_device_innovation_safety_and_security_consortium"}],"definitions":null},{"term":"mDL","link":"https://csrc.nist.gov/glossary/term/mdl","abbrSyn":[{"text":"Mobile Driving License","link":"https://csrc.nist.gov/glossary/term/mobile_driving_license"}],"definitions":null},{"term":"MDM","link":"https://csrc.nist.gov/glossary/term/mdm","abbrSyn":[{"text":"Mobile Device Management"},{"text":"Mobile Device Manager","link":"https://csrc.nist.gov/glossary/term/mobile_device_manager"}],"definitions":null},{"term":"mDNS","link":"https://csrc.nist.gov/glossary/term/mdns","abbrSyn":[{"text":"Multicast Domain Name System","link":"https://csrc.nist.gov/glossary/term/multicast_domain_name_system"}],"definitions":null},{"term":"MDPH","link":"https://csrc.nist.gov/glossary/term/mdph","abbrSyn":[{"text":"Merkle-Damgård with Permutation using Hirose’s DBL compression function","link":"https://csrc.nist.gov/glossary/term/merkle_damgard_with_permutation_using_hirose_dbl_comp_fcn"}],"definitions":null},{"term":"MDR","link":"https://csrc.nist.gov/glossary/term/mdr","abbrSyn":[{"text":"Managed Detection and Response","link":"https://csrc.nist.gov/glossary/term/managed_detection_and_response"}],"definitions":null},{"term":"MDRAP","link":"https://csrc.nist.gov/glossary/term/mdrap","abbrSyn":[{"text":"Medical Device Risk Assessment Platform","link":"https://csrc.nist.gov/glossary/term/medical_device_risk_assessment_platform"}],"definitions":null},{"term":"MDS","link":"https://csrc.nist.gov/glossary/term/mds","abbrSyn":[{"text":"Maximum Distance Separable","link":"https://csrc.nist.gov/glossary/term/maximum_distance_separable"},{"text":"Mobile Device Security","link":"https://csrc.nist.gov/glossary/term/mobile_device_security"}],"definitions":null},{"term":"MDS2","link":"https://csrc.nist.gov/glossary/term/mds2","abbrSyn":[{"text":"Manufacturer Disclosure Statement for Medical Device Security","link":"https://csrc.nist.gov/glossary/term/manufacturer_disclosure_statement_for_medical_device_security"}],"definitions":null},{"term":"MDT","link":"https://csrc.nist.gov/glossary/term/mdt","abbrSyn":[{"text":"Mobile Data Terminal","link":"https://csrc.nist.gov/glossary/term/mobile_data_terminal"}],"definitions":null},{"term":"MDU","link":"https://csrc.nist.gov/glossary/term/mdu","abbrSyn":[{"text":"Mobile Data Unit","link":"https://csrc.nist.gov/glossary/term/mobile_data_unit"}],"definitions":null},{"term":"ME","link":"https://csrc.nist.gov/glossary/term/me","abbrSyn":[{"text":"Manageability Engine","link":"https://csrc.nist.gov/glossary/term/manageability_engine"},{"text":"Millennium Edition","link":"https://csrc.nist.gov/glossary/term/millennium_edition"},{"text":"Mobile Equipment","link":"https://csrc.nist.gov/glossary/term/mobile_equipment"}],"definitions":null},{"term":"MEA","link":"https://csrc.nist.gov/glossary/term/mea","abbrSyn":[{"text":"Monitor-Evaluate-Adjust"},{"text":"Monitor-Evaluate-Adjust cycle","link":"https://csrc.nist.gov/glossary/term/monitor_evaluate_adjust_cycle"}],"definitions":null},{"term":"Mean Time To Failure","link":"https://csrc.nist.gov/glossary/term/mean_time_to_failure","abbrSyn":[{"text":"MTTF","link":"https://csrc.nist.gov/glossary/term/mttf"}],"definitions":null},{"term":"Means","link":"https://csrc.nist.gov/glossary/term/means","definitions":[{"text":"“An agent, tool, device, measure, plan, or policy for accomplishing or furthering a purpose.”","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259","refSources":[{"text":"Merriam-Webster 2017"}]}]}]},{"term":"Measure of Effectiveness","link":"https://csrc.nist.gov/glossary/term/measure_of_effectiveness","abbrSyn":[{"text":"MOE","link":"https://csrc.nist.gov/glossary/term/moe"}],"definitions":null},{"term":"Measure of Performance","link":"https://csrc.nist.gov/glossary/term/measure_of_performance","abbrSyn":[{"text":"MOP","link":"https://csrc.nist.gov/glossary/term/mop"}],"definitions":null},{"term":"Measured Launch Environment","link":"https://csrc.nist.gov/glossary/term/measured_launch_environment","abbrSyn":[{"text":"MLE","link":"https://csrc.nist.gov/glossary/term/mle"}],"definitions":null},{"term":"Measured service","link":"https://csrc.nist.gov/glossary/term/measured_service","abbrSyn":[{"text":"MS","link":"https://csrc.nist.gov/glossary/term/ms_acronym"}],"definitions":[{"text":"Cloud systems automatically control and optimize resource use by leveraging a metering capability [1] at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Measurement, Control, & Automation Association","link":"https://csrc.nist.gov/glossary/term/measurement_control_automation_association","abbrSyn":[{"text":"MCAA","link":"https://csrc.nist.gov/glossary/term/mcaa"}],"definitions":null},{"term":"MEC","link":"https://csrc.nist.gov/glossary/term/mec","abbrSyn":[{"text":"Multicast Group","link":"https://csrc.nist.gov/glossary/term/multicast_group"}],"definitions":null},{"term":"mechanism","link":"https://csrc.nist.gov/glossary/term/mechanism","abbrSyn":[{"text":"security mechanism","link":"https://csrc.nist.gov/glossary/term/security_mechanism"}],"definitions":[{"text":"A process or system that is used to produce a particular result.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A natural or established process by which something takes place or is brought about.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A device or method for achieving a security-relevant purpose.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under security mechanism "}]},{"text":"A device or function designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security mechanism "}]},{"text":"An operating system entry point or separate operating system support program that performs a specific action or related group of actions.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Mechanism "}]},{"text":"A process or system that is used to produce a particular result. \nThe fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon. \nA natural or established process by which something takes place or is brought about. \nRefer to security mechanism. \nNote: A mechanism can be technology- or nontechnology-based (e.g., apparatus, device, instrument, procedure, process, system, operation, method, technique, means, or medium).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A method, tool, or procedure that is the realization of security requirements. \nNote 1: A security mechanism exists in machine, technology, human, and physical forms. \nNote 2: A security mechanism reflects security and trust principles. \nNote 3: A security mechanism may enforce security policy and therefore must have capabilities consistent with the intent of the security policy.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security mechanism "}]},{"text":"A process or system that is used to produce a particular result.\nThe fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon.\nA natural or established process by which something takes place or is brought about.\nRefer to security mechanism.\nNote: A mechanism can be technology- or nontechnology-based (e.g., apparatus, device, instrument, procedure, process, system, operation, method, technique, means, or medium).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"mechanisms","link":"https://csrc.nist.gov/glossary/term/mechanisms","definitions":[{"text":"An assessment object that includes specific protection-related items (e.g., hardware, software, or firmware).","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"An assessment object that includes specific protection-related items (e.g., hardware, software, or firmware) employed within or at the boundary of an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Mechanisms ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Mechanisms "}]}]},{"term":"MED","link":"https://csrc.nist.gov/glossary/term/med","abbrSyn":[{"text":"Multi-Exit Discriminator"}],"definitions":null},{"term":"media","link":"https://csrc.nist.gov/glossary/term/media","definitions":[{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under MEDIA "}]},{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Media ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Physical devices or writing surfaces including but not limited to, magnetic tapes, optical disks, magnetic disks, Large-scale integration (LSI) memory chips, printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Plural of medium.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Media "}]},{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration memory chips, and printouts (but excluding display media) onto which information is recorded, stored, or printed within a system.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Media ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration (LSI) memory chips, and printouts (but excluding display media) onto which information is recorded, stored, or printed within system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within a system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Physical devices or writing surfaces including magnetic tapes, optical disks, magnetic disks, Large-Scale Integration memory chips, and printouts (but excluding display media) onto which information is recorded, stored, or printed within a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}]},{"term":"Media Access Control (MAC)","link":"https://csrc.nist.gov/glossary/term/media_access_control","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]},{"text":"A unique 48-bit value that is assigned to a particular wireless network interface by the manufacturer.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"Media Access Control Address","link":"https://csrc.nist.gov/glossary/term/media_access_control_address","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]},{"text":"A hardware address that uniquely identifies each component of an IEEE 802-based network. On networks that do not conform to the IEEE 802 standards but do conform to the OSI Reference Model, the node address is called the Data Link Control (DLC) address.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]}]},{"term":"Media Access Control Security","link":"https://csrc.nist.gov/glossary/term/media_access_control_security","abbrSyn":[{"text":"MACsec","link":"https://csrc.nist.gov/glossary/term/macsec"}],"definitions":null},{"term":"Media gateway","link":"https://csrc.nist.gov/glossary/term/media_gateway","definitions":[{"text":"the interface between circuit switched networks and IP network. Media gateways handle analog/digital conversion, call origination and reception, and quality improvement functions such as compression or echo cancellation.","sources":[{"text":"NIST SP 800-58","link":"https://doi.org/10.6028/NIST.SP.800-58"}]}]},{"term":"media library","link":"https://csrc.nist.gov/glossary/term/media_library","definitions":[{"text":"Stores, protects, and controls all authorized versions of media CIs. ","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Media Library "}]},{"text":"Stores, protects, and controls all authorized versions of media CIs.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Media Protection","link":"https://csrc.nist.gov/glossary/term/media_protection","abbrSyn":[{"text":"MP","link":"https://csrc.nist.gov/glossary/term/mp"}],"definitions":null},{"term":"media sanitization","link":"https://csrc.nist.gov/glossary/term/media_sanitization","definitions":[{"text":"The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Media Sanitization "}]}],"seeAlso":[{"text":"sanitize","link":"sanitize"}]},{"term":"Medical Device Innovation, Safety & Security Consortium","link":"https://csrc.nist.gov/glossary/term/medical_device_innovation_safety_and_security_consortium","abbrSyn":[{"text":"MDISS","link":"https://csrc.nist.gov/glossary/term/mdiss"}],"definitions":null},{"term":"Medical Device Risk Assessment Platform","link":"https://csrc.nist.gov/glossary/term/medical_device_risk_assessment_platform","abbrSyn":[{"text":"MDRAP","link":"https://csrc.nist.gov/glossary/term/mdrap"}],"definitions":null},{"term":"Medical Imaging & Technology Alliance","link":"https://csrc.nist.gov/glossary/term/medical_imaging_and_technology_alliance","abbrSyn":[{"text":"MITA","link":"https://csrc.nist.gov/glossary/term/mita"}],"definitions":null},{"term":"Medium","link":"https://csrc.nist.gov/glossary/term/medium","definitions":[{"text":"Material on which data are or may be recorded, such as paper, punched cards, magnetic tape, magnetic disks, solid state devices, or optical discs.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Medium Access Control","link":"https://csrc.nist.gov/glossary/term/medium_access_control","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]}]},{"term":"MEE","link":"https://csrc.nist.gov/glossary/term/mee","abbrSyn":[{"text":"Memory Encryption Engine","link":"https://csrc.nist.gov/glossary/term/memory_encryption_engine"}],"definitions":null},{"term":"MEF","link":"https://csrc.nist.gov/glossary/term/mef","abbrSyn":[{"text":"Mission Essential Functions","link":"https://csrc.nist.gov/glossary/term/mission_essential_functions"}],"definitions":null},{"term":"Megabits per second","link":"https://csrc.nist.gov/glossary/term/megabits_per_second","abbrSyn":[{"text":"Mbps","link":"https://csrc.nist.gov/glossary/term/mbps"}],"definitions":null},{"term":"Megabyte","link":"https://csrc.nist.gov/glossary/term/megabyte","abbrSyn":[{"text":"MB","link":"https://csrc.nist.gov/glossary/term/mb"}],"definitions":null},{"term":"Megahertz","link":"https://csrc.nist.gov/glossary/term/megahertz","abbrSyn":[{"text":"MHz","link":"https://csrc.nist.gov/glossary/term/mhz"}],"definitions":null},{"term":"MEID","link":"https://csrc.nist.gov/glossary/term/meid","abbrSyn":[{"text":"Mobile Equipment Identifier","link":"https://csrc.nist.gov/glossary/term/mobile_equipment_identifier"}],"definitions":null},{"term":"Melting","link":"https://csrc.nist.gov/glossary/term/melting","definitions":[{"text":"A physically Destructive method of sanitizing media; to be changed from a solid to a liquid state generally by the application of heat.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Memorandum of Understanding or Agreement","link":"https://csrc.nist.gov/glossary/term/memorandum_of_understanding_or_agreement","abbrSyn":[{"text":"MOA","link":"https://csrc.nist.gov/glossary/term/moa"},{"text":"MOU","link":"https://csrc.nist.gov/glossary/term/mou"},{"text":"MOU/A","link":"https://csrc.nist.gov/glossary/term/mou_a"}],"definitions":[{"text":"A type of intra-agency, interagency, or National Guard agreement between two or more parties, which includes specific terms that are agreed to, and a commitment by at least one party to engage in action. It includes either a commitment of resources or binds a party to a specific action.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under memorandum of agreement (MOA) ","refSources":[{"text":"DoDI 4000.19","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"A type of intra-agency, interagency, or National Guard agreement between two or more parties, which includes only general understandings between the parties. It neither includes a commitment of resources nor binds a party to a specific action.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under memorandum of understanding (MOU) ","refSources":[{"text":"DoDI 4000.19","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"Agreement between the Federal PKI Policy Authority and an Agency allowing interoperability between the Agency Principal CA and the FBCA.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Memorandum of Agreement (MOA) "}]},{"text":"Memorandum of Agreement (as used in the context of this CP, between an Agency and the FPKIPA allowing interoperation between the FBCA and Agency Principal CA)","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under MOA "}]},{"text":"A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Memorandum of Understanding/Agreement (MOU/A) "}]},{"text":"A statement of intent between the participating organizations to work together and often states goals, objectives, or the purpose for the partnership; details the terms of and conditions for the agreement; and outlines the operations needed to achieve the goals or purpose.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1","underTerm":" under memoranda of understanding/agreement "}]}]},{"term":"memorized secret","link":"https://csrc.nist.gov/glossary/term/memorized_secret","abbrSyn":[{"text":"Password"}],"definitions":[{"text":"A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Password ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers and other symbols) that are used to authenticate an identity, to verify access authorization or to derive cryptographic keys.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Password "},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Password ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers and other symbols) that are used to authenticate an identity or to verify access authorization. A passphrase is a special case of a password that is a sequence of words or other text. In this document, the use of the term “password' includes this special case.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers and other symbols) that are used to authenticate an identity or to verify access authorization.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Password "}]},{"text":"A type of authenticator comprised of a character string intended to be memorized or memorable by the subscriber, permitting the subscriber to demonstratesomething they knowas part of an authentication process.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Memorized Secret "}]},{"text":"See memorized secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers and other symbols) that is used to authenticate an identity, to verify access authorization or to derive cryptographic keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Password "}]},{"text":"A type of authenticator comprised of a character string intended to be memorized or memorable by the subscriber, permitting the subscriber to demonstrate something they know as part of an authentication process.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Memorized Secret "}]},{"text":"A string of characters (letters, numbers and other symbols) that are used to authenticate an identity or to verify access authorization. A passphrase is a special case of a password that is a sequence of words or other text. In this document, the use of the term “password” includes this special case.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers and other symbols) that are used to authenticate an identity, verify access authorization or derive cryptographic keys.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Password "}]},{"text":"A string of characters (letters, numbers, and other symbols) that are used to authenticate an identity or to verify access authorization. A passphrase is a special case of a password that is a sequence of words or other text. In this Recommendation, the use of the term “password” includes this special case.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Password "}]},{"text":"Confidential authentication information, usually composed of a string of characters.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Password ","refSources":[{"text":"ISO DIS 10181-2"}]}]},{"text":"A secret shared between the user and the party issuing credentials. Memorized Secret Tokens are typically character strings (e.g., passwords and passphrases) or numerical strings (e.g., PINs).","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under Memorized secret tokens ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"A secret that a Claimant memorizes and uses to authenticate his or her identity. Passwords are typically character strings.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Password "}]}]},{"term":"Memory Allocation","link":"https://csrc.nist.gov/glossary/term/memory_allocation","abbrSyn":[{"text":"MAL","link":"https://csrc.nist.gov/glossary/term/mal"}],"definitions":null},{"term":"Memory Encryption Engine","link":"https://csrc.nist.gov/glossary/term/memory_encryption_engine","abbrSyn":[{"text":"MEE","link":"https://csrc.nist.gov/glossary/term/mee"}],"definitions":null},{"term":"Memory Management Unit","link":"https://csrc.nist.gov/glossary/term/memory_management_unit","abbrSyn":[{"text":"MMU","link":"https://csrc.nist.gov/glossary/term/mmu"}],"definitions":null},{"term":"memory scavenging","link":"https://csrc.nist.gov/glossary/term/memory_scavenging","definitions":[{"text":"The collection of residual information from data storage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Memory Tagging Extension","link":"https://csrc.nist.gov/glossary/term/memory_tagging_extension","abbrSyn":[{"text":"MTE","link":"https://csrc.nist.gov/glossary/term/mte"}],"definitions":null},{"term":"Menezes-Qu-Vanstone","link":"https://csrc.nist.gov/glossary/term/menezes_qu_vanstone","abbrSyn":[{"text":"MQV","link":"https://csrc.nist.gov/glossary/term/mqv"}],"definitions":[{"text":"The Menezes-Qu-Vanstone key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under MQV "}]}]},{"term":"MEP","link":"https://csrc.nist.gov/glossary/term/mep","abbrSyn":[{"text":"Message Exchange Pattern","link":"https://csrc.nist.gov/glossary/term/message_exchange_pattern"}],"definitions":null},{"term":"Merkle tree","link":"https://csrc.nist.gov/glossary/term/merkle_tree","definitions":[{"text":"A data structure where the data is hashed and combined until there is a singular root hash that represents the entire structure.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Merkle Tree ","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]}]},{"term":"Merkle-Damgård","link":"https://csrc.nist.gov/glossary/term/merkle_damgaard","abbrSyn":[{"text":"MD","link":"https://csrc.nist.gov/glossary/term/md"}],"definitions":null},{"term":"Merkle-Damgård with Permutation using Hirose’s DBL compression function","link":"https://csrc.nist.gov/glossary/term/merkle_damgard_with_permutation_using_hirose_dbl_comp_fcn","abbrSyn":[{"text":"MDPH","link":"https://csrc.nist.gov/glossary/term/mdph"}],"definitions":null},{"term":"MES","link":"https://csrc.nist.gov/glossary/term/mes","abbrSyn":[{"text":"Manufacturing Execution System"},{"text":"Mobile Endpoint Security","link":"https://csrc.nist.gov/glossary/term/mobile_endpoint_security"}],"definitions":null},{"term":"Mesh","link":"https://csrc.nist.gov/glossary/term/mesh","definitions":[{"text":"A key management architecture in which key processing facilities may interact with each other with no concept of dominance implied by the interaction.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Mesh Encryption","link":"https://csrc.nist.gov/glossary/term/mesh_encryption","definitions":[{"text":"A special case of many host-to-host VPNs. Whenever one host in a network wishes to communicate with another host in the network, it first establishes an IPsec connection. Typically, adding or removing one node in the mesh does not require reconfiguration of the other nodes.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Mesh Link Establishment","link":"https://csrc.nist.gov/glossary/term/mesh_link_establishment","abbrSyn":[{"text":"MLE","link":"https://csrc.nist.gov/glossary/term/mle"}],"definitions":null},{"term":"Message","link":"https://csrc.nist.gov/glossary/term/message","definitions":[{"text":"The basic unit of data sent from one Web services agent to another in the context of Web services.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"The data that is signed.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]},{"text":"The data that is signed. Also known as “signed data” during the signature verification and validation process.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}],"seeAlso":[{"text":"Signed data","link":"signed_data"}]},{"term":"Message authentication","link":"https://csrc.nist.gov/glossary/term/message_authentication","definitions":[{"text":"A process that provides assurance of the integrity of messages, documents or stored data.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"message authentication code (MAC)","link":"https://csrc.nist.gov/glossary/term/message_authentication_code","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"A family of secret-key cryptographic algorithms acting on input data of arbitrary length to produce an output value of a specified length (called the MAC of the input data). The MAC can be employed to provide an authentication of the origin of data and/or data-integrity protection. In this Recommendation, approved MAC algorithms are used to determine families of pseudorandom functions (indexed by the choice of key) that are employed during key derivation.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under message authentication code "}]},{"text":"A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. \nSee checksum.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]}]},{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]},{"text":"A family of cryptographic algorithms that is parameterized by a symmetric key. Each of the algorithms can act on input data of arbitrary length to produce an output value of a specified length (called the MAC of the input data). A MAC algorithm can be used to provide data origin authentication and data integrity.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Message authentication code "}]},{"text":"a data authenticator generated from the message, usually through cryptographic techniques. In general, a cryptographic key is also required as an input.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under message authentication code "}]},{"text":"A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Message Authentication Code (MAC) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Message authentication code (MAC) "}]},{"text":"A bit string of fixed length, computed by a MAC generation algorithm, that is used to establish the authenticity and, hence, the integrity of a message.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Message Authentication Code (MAC) "}]},{"text":"A cryptographic checksum on data that is designed to reveal both accidental errors and intentional modifications of the data.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Message Authentication Code (MAC) "}]},{"text":"A cryptographic checksum on data that uses an approved security function and a symmetric key to detect both accidental and intentional modifications of data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Message authentication code (MAC) "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Message authentication code (MAC) "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Message Authentication Code (MAC) "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Message Authenciation Code (MAC) "}]},{"text":"A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non-repudiation protection.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Message Authentication Code (MAC) "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Message Authentication Code (MAC) "}]},{"text":"A cryptographic checksum based on an approved cryptographic function and a symmetric key to detect both accidental and intentional modifications of data.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Message authentication code "}]},{"text":"A family of cryptographic algorithms that is parameterized by a symmetric key. Each of the algorithms can act on input data (called a message) of an arbitrary length to produce an output value of a specified length (called the MAC of the input data). A MAC algorithm can be used to provide data origin authentication and data integrity protection. In this Recommendation, a MAC algorithm is also called a MAC function.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Message authentication code (MAC) "}]},{"text":"A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Message Authentication Code "},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Message Authentication Code (MAC) "}]}],"seeAlso":[{"text":"checksum","link":"checksum"}]},{"term":"Message Authentication Code (MAC) algorithm","link":"https://csrc.nist.gov/glossary/term/message_authentication_code_algorithm","definitions":[{"text":"

A family of cryptographic functions that is parameterized by a symmetric key. Each of the functions can act on input data (called a “message”) of variable length to produce an output value of a specified length. The output value is called the MAC of the input message. MAC(k, x, …) is used to denote the MAC of message x computed using the key k (and any additional algorithm-specific parameters). An approved MAC algorithm is expected to satisfy the following property (for each supported security strength):

Without knowledge of the key k, it must be computationally infeasible to predict the (as-yet-unseen) value of MAC(k, x, …) with a probability of success that is a significant improvement over simply guessing either the MAC value or k, even if one has already seen the results of using that same key to compute MAC(k, xj, …) for (a bounded number of) other messages \\(x_{j}\\neq x\\).

A MAC algorithm can be employed to provide authentication of the origin of data and/or to provide data-integrity protection. In this Recommendation, approved MAC algorithms are used to determine families of pseudorandom functions (indexed by the choice of key) that may be employed during key derivation.

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"A MAC algorithm is a family of cryptographic functions – parameterized by a symmetric key – that can be used to provide data origin authentication, as well as data integrity, by producing a MAC tag on arbitrary data (the message). In this Recommendation, an approved MAC algorithm is used for key-confirmation and may also be employed in certain key derivation methods.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A family of cryptographic functions that is parameterized by a symmetric key. Each of the functions can act on input data (called a “message”) of variable length to produce an output value of a specified length. The output value is called the MAC of the input message. An approved MAC algorithm is expected to satisfy the following property (for each of its supported security levels): It must be computationally infeasible to determine the (as yet unseen) MAC of a message without knowledge of the key, even if one has already seen the results of using that key to compute the MAC's of other (different) messages. A MAC algorithm can be used to provide data-origon authenication and data-integrity protection. In this Recommendaton, a MAC algorithm is used for key confirmation; the use of MAC algorithms for key derivation is addressed in SP 800-56C.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A family of one-way cryptographic functions that is parameterized by a symmetric key. A given function in the family produces a MacTag on input data of arbitrary length. A MAC algorithm can be used to provide data-origin authentication, as well as data integrity. In this Recommendation, a MAC algorithm is used for key confirmation and key derivation.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"message digest","link":"https://csrc.nist.gov/glossary/term/message_digest","abbrSyn":[{"text":"Digital Fingerprint","link":"https://csrc.nist.gov/glossary/term/digital_fingerprint"},{"text":"Hash output"},{"text":"Hash value"},{"text":"hash value/result","link":"https://csrc.nist.gov/glossary/term/hash_value"},{"text":"MD","link":"https://csrc.nist.gov/glossary/term/md"}],"definitions":[{"text":"The result of applying a hash function to a message. Also known as a “hash value.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Message digest "}]},{"text":"The result of applying a hash function to a message. Also known as a “hash value” or “hash output”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Message digest "}]},{"text":"The result of applying a hash function to data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Hash value "}]},{"text":"The result of applying a cryptographic hash function to data (e.g., a message). Also known as a “message digest”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Hash value "}]},{"text":"See “Hash value”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Message digest "}]},{"text":"See “message digest”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash output "},{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Hash value "}]},{"text":"the fixed size result of hashing a message.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"The fixed-length bit string produced by a hash function.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Hash value "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"The result of applying a hash function to information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Hash value "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Hash value "}]},{"text":"A hash that uniquely identifies data. Changing a single bit in the data stream used to generate the message digest will yield a completely different message digest.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Message Digest "}]},{"text":"A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Message Digest "}]},{"text":"See message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under hash value/result "},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Digital Fingerprint "}]},{"text":"The result of applying a hash function to information; also called a message digest.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Hash value "}]},{"text":"See hash value.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Message digest "}]},{"text":"A crytpographic checksum, typically generated for a file that can be used to detect changes to the file.. Synonyous with hash value/result.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"CNSSI 4009"}]}]},{"text":"A digital signature that uniquely identifes data and has the property that changing a single bit in the data will cause a completely different message diges to be generated.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"},{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"text":"See Digital Fingerprint","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest ","refSources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"text":"See Hash digest.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Hash value "}]},{"text":"The result of applying a hash function to a message.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Message Digest "}]}]},{"term":"Message Digest 5","link":"https://csrc.nist.gov/glossary/term/message_digest_5","abbrSyn":[{"text":"MD5","link":"https://csrc.nist.gov/glossary/term/md5"}],"definitions":null},{"term":"Message Exchange Pattern","link":"https://csrc.nist.gov/glossary/term/message_exchange_pattern","abbrSyn":[{"text":"MEP","link":"https://csrc.nist.gov/glossary/term/mep"}],"definitions":null},{"term":"message indicator (MI)","link":"https://csrc.nist.gov/glossary/term/message_indicator","abbrSyn":[{"text":"MI","link":"https://csrc.nist.gov/glossary/term/mi"}],"definitions":[{"text":"Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Message Inject","link":"https://csrc.nist.gov/glossary/term/message_inject","definitions":[{"text":"A pre-scripted message that will be given to participants during the course of an exercise.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Message Integrity Check","link":"https://csrc.nist.gov/glossary/term/message_integrity_check","abbrSyn":[{"text":"MIC","link":"https://csrc.nist.gov/glossary/term/mic"}],"definitions":null},{"term":"Message Integrity Code","link":"https://csrc.nist.gov/glossary/term/message_integrity_code","abbrSyn":[{"text":"MIC","link":"https://csrc.nist.gov/glossary/term/mic"}],"definitions":null},{"term":"Message Queuing Telemetry Transport","link":"https://csrc.nist.gov/glossary/term/message_queuing_telemetry_transport","abbrSyn":[{"text":"MQTT","link":"https://csrc.nist.gov/glossary/term/mqtt"}],"definitions":null},{"term":"Message Signature Key","link":"https://csrc.nist.gov/glossary/term/message_signature_key","abbrSyn":[{"text":"MSK","link":"https://csrc.nist.gov/glossary/term/msk"}],"definitions":null},{"term":"metaattributes","link":"https://csrc.nist.gov/glossary/term/metaattributes","definitions":[{"text":"Information about attributes such as attribute authority, attribute creation date, etc.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]}]},{"term":"Metacharacter","link":"https://csrc.nist.gov/glossary/term/metacharacter","definitions":[{"text":"A character that has some special meaning to a computer program and therefore will not be interpreted properly as part of a literal string.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711"}]}]},{"term":"metacontrol","link":"https://csrc.nist.gov/glossary/term/metacontrol","definitions":[{"text":"A control of, or about, a control. For example, a control that specifies how the desired or actual state data for another control is to be managed.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"metadata","link":"https://csrc.nist.gov/glossary/term/metadata","definitions":[{"text":"Information describing the characteristics of data including, for example, structural metadata describing data structures (e.g., data format, syntax, and semantics) and descriptive metadata describing data contents (e.g., information security labels).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Metadata ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Metadata "}]},{"text":"Information used to describe specific characteristics, constraints, acceptable uses and parameters of another data item (e.g., a cryptographic key).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Metadata "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Metadata "}]},{"text":"Data about data. For filesystems, metadata is data that provides information about a file’s contents.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Metadata "}]},{"text":"The information associated with a key that describes its specific characteristics, constraints, acceptable uses, ownership, etc. Sometimes called the key's attributes.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Metadata "}]},{"text":"The information associated with a key that describes its specific characteristics, constraints, acceptable uses, ownership, etc.; sometimes called the key's attributes.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Metadata "}]},{"text":"The information associated with a key that describes its specific characteristics, constraints, acceptable uses, ownership, etc.; sometimes called the key’s attributes.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Metadata "}]},{"text":"Information that describes the characteristics of data, including structural metadata that describes data structures (i.e., data format, syntax, semantics) and descriptive metadata that describes data contents (i.e., security labels).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Information describing the characteristics of data. This may include, for example, structural metadata describing data structures (i.e., data format, syntax, semantics) and descriptive metadata describing data contents","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Metadata ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]}]}],"seeAlso":[{"text":"Key information","link":"key_information"}]},{"term":"Metadata (bound)","link":"https://csrc.nist.gov/glossary/term/metadata_bound","definitions":[{"text":"Metadata that has been cryptographically combined with the associated key to produce a MAC or digital signature that can be used to verify that the key and metadata are indeed associated with each other.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Metadata (compromised)","link":"https://csrc.nist.gov/glossary/term/metadata_compromised","definitions":[{"text":"Sensitive metadata that has been disclosed to or modified by an unauthorized entity.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Metadata (explicit)","link":"https://csrc.nist.gov/glossary/term/metadata_explicit","definitions":[{"text":"Parameters used to describe the properties associated with a cryptographic key that are explicitly recorded, managed, and protected by the CKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Metadata (implicit)","link":"https://csrc.nist.gov/glossary/term/metadata_implicit","definitions":[{"text":"Information about a cryptographic key that may be inferred (i.e., by context), but is not explicitly recorded, managed, or protected by the CKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Metadata Standards Working Group","link":"https://csrc.nist.gov/glossary/term/metadata_standards_working_group","abbrSyn":[{"text":"MSWG","link":"https://csrc.nist.gov/glossary/term/mswg"}],"definitions":null},{"term":"Metapolicy","link":"https://csrc.nist.gov/glossary/term/metapolicy","abbrSyn":[{"text":"MP","link":"https://csrc.nist.gov/glossary/term/mp"}],"definitions":[{"text":"Information about policy, such as author, policy effective date, deconflict methods, etc.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]}]},{"term":"Meter","link":"https://csrc.nist.gov/glossary/term/meter","abbrSyn":[{"text":"m"}],"definitions":[{"text":"The number of blocks in the formatted payload.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under m "}]},{"text":"In LMS, the number of bytes associated with each node of a Merkle tree.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208","underTerm":" under m "}]}]},{"term":"metrics","link":"https://csrc.nist.gov/glossary/term/metrics","definitions":[{"text":"Tools designed to facilitate decision making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-55","link":"https://doi.org/10.6028/NIST.SP.800-55"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Metrics ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]}]},{"term":"Metrology","link":"https://csrc.nist.gov/glossary/term/metrology","definitions":[{"text":"The sub-component of a Smart Meter responsible for measuring and calculating Metered Data that may be used for register readings, time-of-use readings, load profile data, and other electrical or revenue measurement purposes. The Metrology may or may not be a separate electronic element and may or may not include other electronic elements or interfaces as well.","sources":[{"text":"NISTIR 7823","link":"https://doi.org/10.6028/NIST.IR.7823","refSources":[{"text":"SG-AMI 1-2009"}]}]}]},{"term":"Metropolitan Area Network","link":"https://csrc.nist.gov/glossary/term/metropolitan_area_network","abbrSyn":[{"text":"MAN","link":"https://csrc.nist.gov/glossary/term/man"}],"definitions":null},{"term":"MF","link":"https://csrc.nist.gov/glossary/term/mf","abbrSyn":[{"text":"Multifactor","link":"https://csrc.nist.gov/glossary/term/multifactor"}],"definitions":[{"text":"A characteristic of an authentication system or an authenticator that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor "}]}]},{"term":"MFA","link":"https://csrc.nist.gov/glossary/term/mfa","abbrSyn":[{"text":"Multi Factor Authentication"},{"text":"Multifactor Authentication"},{"text":"Multi-Factor Authentication"}],"definitions":[{"text":"Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/personal identification number [PIN]); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An authentication system that requires more than one distinct authentication factor for successful authentication. Multifactor authentication can be performed using a multifactor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multifactor Authentication "}]}]},{"term":"MFG","link":"https://csrc.nist.gov/glossary/term/mfg","abbrSyn":[{"text":"Manufacturing","link":"https://csrc.nist.gov/glossary/term/manufacturing"}],"definitions":null},{"term":"MFL","link":"https://csrc.nist.gov/glossary/term/mfl","abbrSyn":[{"text":"Maximum Foreseeable Loss","link":"https://csrc.nist.gov/glossary/term/maximum_foreseeable_loss"}],"definitions":null},{"term":"MGC","link":"https://csrc.nist.gov/glossary/term/mgc","abbrSyn":[{"text":"Management Client"}],"definitions":null},{"term":"MGF","link":"https://csrc.nist.gov/glossary/term/mgf","abbrSyn":[{"text":"Mask Generation Function","link":"https://csrc.nist.gov/glossary/term/mask_generation_function"}],"definitions":null},{"term":"MGMT","link":"https://csrc.nist.gov/glossary/term/mgmt","abbrSyn":[{"text":"Management","link":"https://csrc.nist.gov/glossary/term/management"},{"text":"Management Network","link":"https://csrc.nist.gov/glossary/term/management_network"}],"definitions":null},{"term":"MHz","link":"https://csrc.nist.gov/glossary/term/mhz","abbrSyn":[{"text":"Megahertz","link":"https://csrc.nist.gov/glossary/term/megahertz"}],"definitions":null},{"term":"MI","link":"https://csrc.nist.gov/glossary/term/mi","abbrSyn":[{"text":"Message Indicator"}],"definitions":null},{"term":"MIA","link":"https://csrc.nist.gov/glossary/term/mia","abbrSyn":[{"text":"Mission Impact Analysis","link":"https://csrc.nist.gov/glossary/term/mission_impact_analysis"}],"definitions":null},{"term":"MIB","link":"https://csrc.nist.gov/glossary/term/mib","abbrSyn":[{"text":"Management Information Base","link":"https://csrc.nist.gov/glossary/term/management_information_base"}],"definitions":null},{"term":"MiB","link":"https://csrc.nist.gov/glossary/term/mebi_byte","definitions":[{"text":"Mebi Byte, Measuring Unit 220 Bytes = 1,048,576 Bytes","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"MIC","link":"https://csrc.nist.gov/glossary/term/mic","abbrSyn":[{"text":"Message Integrity Check","link":"https://csrc.nist.gov/glossary/term/message_integrity_check"},{"text":"Message Integrity Code","link":"https://csrc.nist.gov/glossary/term/message_integrity_code"}],"definitions":null},{"term":"Micro Secure Digital","link":"https://csrc.nist.gov/glossary/term/micro_secure_digital","abbrSyn":[{"text":"microSD","link":"https://csrc.nist.gov/glossary/term/microsd"}],"definitions":null},{"term":"Microcontroller Unit","link":"https://csrc.nist.gov/glossary/term/microcontroller_unit","abbrSyn":[{"text":"MCU","link":"https://csrc.nist.gov/glossary/term/mcu"}],"definitions":null},{"term":"microSD","link":"https://csrc.nist.gov/glossary/term/microsd","abbrSyn":[{"text":"Micro Secure Digital","link":"https://csrc.nist.gov/glossary/term/micro_secure_digital"}],"definitions":null},{"term":"Microservice","link":"https://csrc.nist.gov/glossary/term/microservice","definitions":[{"text":"A set of containers that work together to compose an application.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]}]},{"term":"Microsoft","link":"https://csrc.nist.gov/glossary/term/microsoft","abbrSyn":[{"text":"MS","link":"https://csrc.nist.gov/glossary/term/ms_acronym"}],"definitions":null},{"term":"Microsoft Challenge-Handshake Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol","abbrSyn":[{"text":"MS-CHAP","link":"https://csrc.nist.gov/glossary/term/ms_chap"}],"definitions":null},{"term":"Microsoft Challenge-Handshake Authentication Protocol version 1","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol_v1","abbrSyn":[{"text":"MS-CHAPv1","link":"https://csrc.nist.gov/glossary/term/ms_chapv1"}],"definitions":null},{"term":"Microsoft Challenge-Handshake Authentication Protocol version 2","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol_v2","abbrSyn":[{"text":"MS-CHAPv2","link":"https://csrc.nist.gov/glossary/term/ms_chapv2"}],"definitions":null},{"term":"Microsoft Disk Operating System","link":"https://csrc.nist.gov/glossary/term/microsoft_disk_operating_system","abbrSyn":[{"text":"MS-DOS","link":"https://csrc.nist.gov/glossary/term/ms_dos"}],"definitions":null},{"term":"Microsoft Excel Workbook File","link":"https://csrc.nist.gov/glossary/term/microsoft_excel_workbook_file","abbrSyn":[{"text":"XLSX","link":"https://csrc.nist.gov/glossary/term/xlsx"}],"definitions":null},{"term":"Microsoft Intermediate Language","link":"https://csrc.nist.gov/glossary/term/microsoft_intermediate_language","abbrSyn":[{"text":"MSIL","link":"https://csrc.nist.gov/glossary/term/msil"}],"definitions":null},{"term":"Microsoft Management Console","link":"https://csrc.nist.gov/glossary/term/microsoft_management_console","abbrSyn":[{"text":"MMC","link":"https://csrc.nist.gov/glossary/term/mmc"}],"definitions":null},{"term":"Microsoft Point-to-Point Encryption","link":"https://csrc.nist.gov/glossary/term/microsoft_point_to_point_encryption","abbrSyn":[{"text":"MPPE","link":"https://csrc.nist.gov/glossary/term/mppe"}],"definitions":null},{"term":"Microsoft SQL","link":"https://csrc.nist.gov/glossary/term/microsoft_sql","abbrSyn":[{"text":"MS SQL","link":"https://csrc.nist.gov/glossary/term/ms_sql"},{"text":"MSQL","link":"https://csrc.nist.gov/glossary/term/msql"},{"text":"MSSQL","link":"https://csrc.nist.gov/glossary/term/mssql"}],"definitions":null},{"term":"Microsoft Support Diagnostic Tool","link":"https://csrc.nist.gov/glossary/term/microsoft_support_diagnostic_tool","abbrSyn":[{"text":"MSDT","link":"https://csrc.nist.gov/glossary/term/msdt"}],"definitions":null},{"term":"Middleware","link":"https://csrc.nist.gov/glossary/term/middleware","definitions":[{"text":"Software that aggregates and filters data collected by RFID readers and possibly passes the information to an enterprise subsystem database. Middleware may also responsible for monitoring and managing readers.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"mil","link":"https://csrc.nist.gov/glossary/term/mil","abbrSyn":[{"text":"Thousandth of an inch","link":"https://csrc.nist.gov/glossary/term/thousandth_of_an_inch"}],"definitions":null},{"term":"MILE","link":"https://csrc.nist.gov/glossary/term/mile","abbrSyn":[{"text":"Managed Incident Lightweight Exchange","link":"https://csrc.nist.gov/glossary/term/managed_incident_lightweight_exchange"}],"definitions":null},{"term":"Military Standard","link":"https://csrc.nist.gov/glossary/term/military_standard","abbrSyn":[{"text":"MIL-STD","link":"https://csrc.nist.gov/glossary/term/mil_std"}],"definitions":null},{"term":"Millennium Challenge Corporation","link":"https://csrc.nist.gov/glossary/term/millennium_challenge_corporation","abbrSyn":[{"text":"MCC","link":"https://csrc.nist.gov/glossary/term/mcc"}],"definitions":null},{"term":"Millimeter","link":"https://csrc.nist.gov/glossary/term/millimeter","abbrSyn":[{"text":"mm","link":"https://csrc.nist.gov/glossary/term/mm"}],"definitions":null},{"term":"Milliwatt","link":"https://csrc.nist.gov/glossary/term/milliwatt","abbrSyn":[{"text":"mW","link":"https://csrc.nist.gov/glossary/term/mw"}],"definitions":null},{"term":"MILP","link":"https://csrc.nist.gov/glossary/term/milp","abbrSyn":[{"text":"Mixed-Integer Linear Programming","link":"https://csrc.nist.gov/glossary/term/mixed_integer_linear_programming"}],"definitions":null},{"term":"MIL-STD","link":"https://csrc.nist.gov/glossary/term/mil_std","abbrSyn":[{"text":"Military Standard","link":"https://csrc.nist.gov/glossary/term/military_standard"}],"definitions":null},{"term":"MIME","link":"https://csrc.nist.gov/glossary/term/mime","abbrSyn":[{"text":"Multipurpose Internet Mail Extension"},{"text":"Multipurpose Internet Mail Extensions"},{"text":"Multipurpose Internet Message Extensions"}],"definitions":null},{"term":"MIME Object Security Services","link":"https://csrc.nist.gov/glossary/term/mime_object_security_services","abbrSyn":[{"text":"MOSS","link":"https://csrc.nist.gov/glossary/term/moss"}],"definitions":null},{"term":"min-entropy","link":"https://csrc.nist.gov/glossary/term/min_entropy","definitions":[{"text":"A lower bound on the entropy of a random variable. The precise formulation for min-entropy is \\((-\\log_{2} \\max p_{i})\\) for a discrete distribution having probabilities \\(p_{1},...,p_{k}\\). Min-entropy is often used as a measure of the unpredictability of a random variable.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427"}]},{"text":"The min-entropy (in bits) of a random variable X is the largest value m having the property that each observation of X provides at least m bits of information (i.e., the min-entropy of X is the greatest lower bound for the information content of potential observations of X). The min-entropy of a random variable is a lower bound on its entropy. The precise formulation for min-entropy is −(log2 max pi) for a discrete distribution having n possible outputs with probabilities p1,…, pn. Min-entropy is often used as a worst-case measure of the unpredictability of a random variable. Also see [NIST SP 800-90B].","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Min-entropy "}]},{"text":"The min-entropy (in bits) of a random variable X is the largest value m having the property that each observation of X provides at least m bits of information (i.e., the min-entropy of X is the greatest lower bound for the information content of potential observations of X). The min-entropy of a random variable is a lower bound on its entropy. The precise formulation for min-entropy is (log2 max pi) for a discrete distribution having probabilities p1, ...,pk. Min-entropy is often used as a worst-case measure of the unpredictability of a random variable.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Min-entropy "}]},{"text":"The min-entropy (in bits) of a random variable X is the largest value m having the property that each observation of X provides at least m bits of information (i.e., the min-entropy of X is the greatest lower bound for the information content of potential observations of X). The min-entropy of a random variable is a lower bound on its entropy. The precise formulation for min-entropy is - log2 (max pi) for a discrete distribution having event probabilities p1, ..., pk. Min-entropy is often used as a worst-case measure of the unpredictability of a random variable.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Min-entropy "}]},{"text":"A measure of the difficulty that an Attacker has to guess the most commonly chosen password used in a system. In this document, entropy is stated in bits. When a password has n-bits of min-entropy then an Attacker requires as many trials to find a user with that password as is needed to guess an n-bit random quantity. The Attacker is assumed to know the most commonly used password(s). See Appendix A.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Min-entropy "}]}],"seeAlso":[{"text":"DRBG Mechanism Boundary","link":"drbg_mechanism_boundary"},{"text":"Entropy Input","link":"entropy_input"}]},{"term":"MINEX","link":"https://csrc.nist.gov/glossary/term/minex","definitions":[{"text":"Minutia Exchange – the NIST program supporting minutia-based biometrics","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"Minimalist Cryptography","link":"https://csrc.nist.gov/glossary/term/minimalist_cryptography","definitions":[{"text":"Cryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Minimally Securable IoT Device","link":"https://csrc.nist.gov/glossary/term/minimally_securable_iot_device","definitions":[{"text":"An IoT device that has the device cybersecurity capabilities (i.e., hardware and software) customers may need to implement cybersecurity controls used to mitigate some common cybersecurity risks.","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"}]}]},{"term":"Minimum Level of Protection","link":"https://csrc.nist.gov/glossary/term/minimum_level_of_protection","definitions":[{"text":"the reduction in the Total Risk that results from the impactof in-place safeguards. (See Total Risk, Acceptable Risk, and Residual Risk.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}],"seeAlso":[{"text":"Acceptable Risk","link":"acceptable_risk"},{"text":"Residual Risk"},{"text":"Total Risk","link":"total_risk"}]},{"term":"Mining","link":"https://csrc.nist.gov/glossary/term/mining","definitions":[{"text":"The data structure where the data is hashed and combined until there is a singular root hash that represents the entire structure.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"The act of solving a puzzle within a proof of work consensus model.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"minor application","link":"https://csrc.nist.gov/glossary/term/minor_application","definitions":[{"text":"An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Minor Application "}]}]},{"term":"Minor Revision","link":"https://csrc.nist.gov/glossary/term/minor_revision","definitions":[{"text":"Any increase in the version of an SCAP component’s specification or SCAP related data set that may involve adding additional functionality, but that preserves backwards compatibility with previous releases.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Minor version update","link":"https://csrc.nist.gov/glossary/term/minor_version_update","definitions":[{"text":"A revision of a specification that may add or enhance functionality, fix bugs, and make other changes from the previous revision, but the changes have minimal impact, if any, on backward compatibility.","sources":[{"text":"NIST SP 800-126A","link":"https://doi.org/10.6028/NIST.SP.800-126A"}]}]},{"term":"Mint","link":"https://csrc.nist.gov/glossary/term/mint","definitions":[{"text":"A protocol-level operation that creates and distributes new tokens to blockchain addresses, either individually or in batch.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"MIP","link":"https://csrc.nist.gov/glossary/term/mip","abbrSyn":[{"text":"Modules-In-Process","link":"https://csrc.nist.gov/glossary/term/modules_in_process"}],"definitions":null},{"term":"MIS Training Institute","link":"https://csrc.nist.gov/glossary/term/mis_training_institute","abbrSyn":[{"text":"MISTI","link":"https://csrc.nist.gov/glossary/term/misti"}],"definitions":null},{"term":"misconfiguration","link":"https://csrc.nist.gov/glossary/term/misconfiguration","definitions":[{"text":"An incorrect or subobtimal configuration of an information system or system component that may lead to vulnerabilities.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Misconfiguration "}]},{"text":"An incorrect or suboptimal configuration of an information system or system component that may lead to vulnerabilities.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"A setting within a computer program that violates a configuration policy or that permits or causes unintended behavior that impacts the security posture of a system. CCE can be used for enumerating misconfigurations.\nNOTE: NIST generally defines vulnerability as including both software flaws and configuration issues [misconfigurations]. For the purposes of the validation program and dependent procurement language, the SCAP Validation program is defining vulnerability and misconfiguration as two separate entities, with “vulnerability” referring strictly to software flaws.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under Misconfiguration "}]}]},{"term":"misdirection","link":"https://csrc.nist.gov/glossary/term/misdirection","definitions":[{"text":"The process of maintaining and employing deception resources or environments and directing adversary activities to those resources or environments.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"misnamed files","link":"https://csrc.nist.gov/glossary/term/misnamed_files","definitions":[{"text":"A technique used to disguise a file’s content by changing the file’s name to something innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file signature versus file extension.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Misnamed Files "}]}]},{"term":"mission assurance","link":"https://csrc.nist.gov/glossary/term/mission_assurance","definitions":[{"text":"A process to protect or ensure the continued function and resilience of capabilities and assets—including personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains—critical to the execution of organizational mission-essential functions in any operating environment or condition.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"DoDD 3020.40","link":"https://www.esd.whs.mil/Directives/issuances/dodd/"}]}]},{"text":"A process to protect or ensure the continued function and resilience of capabilities and assets, including personnel, equipment, facilities, networks, information and information systems, infrastructure, and supply chains, critical to the execution of organizational mission-essential functions in any operating environment or condition.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"DoDD 3020.40","link":"https://www.esd.whs.mil/Directives/issuances/dodd/","note":" - Adapted"}]}]}]},{"term":"mission assurance category","link":"https://csrc.nist.gov/glossary/term/mission_assurance_category","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"A Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and integrity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]}]},{"term":"mission critical","link":"https://csrc.nist.gov/glossary/term/mission_critical","definitions":[{"text":"Any telecommunications or information system that is defined as a national security system (FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Mission Critical "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Mission Critical "}]},{"text":"Any telecommunications or information system that is defined as a national security system (Federal Information Security Management Act (FISMA) of 2002) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"}]}]}]},{"term":"Mission Critical Push-To-Talk","link":"https://csrc.nist.gov/glossary/term/mission_critical_push_to_talk","abbrSyn":[{"text":"MCPTT","link":"https://csrc.nist.gov/glossary/term/mcptt"}],"definitions":null},{"term":"Mission Critical Voice","link":"https://csrc.nist.gov/glossary/term/mission_critical_voice","abbrSyn":[{"text":"MCV","link":"https://csrc.nist.gov/glossary/term/mcv"}],"definitions":null},{"term":"Mission Essential Functions","link":"https://csrc.nist.gov/glossary/term/mission_essential_functions","abbrSyn":[{"text":"MEF","link":"https://csrc.nist.gov/glossary/term/mef"}],"definitions":null},{"term":"Mission Impact Analysis","link":"https://csrc.nist.gov/glossary/term/mission_impact_analysis","abbrSyn":[{"text":"MIA","link":"https://csrc.nist.gov/glossary/term/mia"}],"definitions":null},{"term":"mission objective","link":"https://csrc.nist.gov/glossary/term/mission_objective","definitions":[{"text":"A high-level goal that must be achieved for an organization to succeed at its primary mission or purpose.","sources":[{"text":"NIST IR 8406","link":"https://doi.org/10.6028/NIST.IR.8406-upd1","note":" [Update 1]"}]}]},{"term":"mission operations center","link":"https://csrc.nist.gov/glossary/term/mission_operations_center","abbrSyn":[{"text":"MOC","link":"https://csrc.nist.gov/glossary/term/moc"}],"definitions":[{"text":"A facility that provides C2 for the satellite bus, receives TT&C from the satellite, and requests and retrieves data as necessary.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]}]},{"term":"mission resilience","link":"https://csrc.nist.gov/glossary/term/mission_resilience","definitions":[{"text":"The ability to continuously maintain the capability and capacity to perform essential functions and services, without time delay, regardless of threats or conditions, and with the understanding that adequate warning of a threat may not be available.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"Federal Mission Resilience Strategy 2020","link":"https://www.hsdl.org/?view&did=848323"}]}]}]},{"term":"mission/business segment","link":"https://csrc.nist.gov/glossary/term/mission_business_segment","definitions":[{"text":"Elements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Mission/Business Segment "}]}]},{"term":"mission-critical element","link":"https://csrc.nist.gov/glossary/term/mission_critical_element","definitions":[{"text":"A system component or subsystem that delivers mission critical functionality to a system or that may, by virtue of system design, introduce vulnerability to mission critical functions. \nNote: Mission-critical element is often denoted as \"critical component\".","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 505","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"mission-critical functionality","link":"https://csrc.nist.gov/glossary/term/mission_critical_functionality","definitions":[{"text":"Any system function, the compromise of which would degrade the effectiveness of that system in achieving the core mission for which it was designed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 505","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"MISTI","link":"https://csrc.nist.gov/glossary/term/misti","abbrSyn":[{"text":"MIS Training Institute","link":"https://csrc.nist.gov/glossary/term/mis_training_institute"}],"definitions":null},{"term":"misuse of Controlled Unclassified Information (CUI)","link":"https://csrc.nist.gov/glossary/term/misuse_of_controlled_unclassified_information","definitions":[{"text":"Any situation where controlled unclassified information (CUI) is used in a manner inconsistent with the policy contained in Executive Order 13556, 32 Code of Federal Regulations (CFR), the CUI Registry, additional issuances from the CUI Executive Agent, or any of the laws, regulations, and Government-wide policies that establish the designation of CUI categories and subcategories. This may include intentional violations or unintentional errors in safeguarding or disseminating CUI.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"32 C.F.R., Sec. 2002 (Draft)"}]}]}]},{"term":"MIT","link":"https://csrc.nist.gov/glossary/term/mit","abbrSyn":[{"text":"Massachusetts Institute of Technology","link":"https://csrc.nist.gov/glossary/term/massachusetts_institute_of_technology"}],"definitions":null},{"term":"MITA","link":"https://csrc.nist.gov/glossary/term/mita","abbrSyn":[{"text":"Medical Imaging & Technology Alliance","link":"https://csrc.nist.gov/glossary/term/medical_imaging_and_technology_alliance"}],"definitions":null},{"term":"Mitigate","link":"https://csrc.nist.gov/glossary/term/mitigate","definitions":[{"text":"To make less severe or painful or to cause to become less harsh or hostile.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]}]}]},{"term":"mitigation","link":"https://csrc.nist.gov/glossary/term/mitigation","definitions":[{"text":"A decision, action, or practice intended to reduce the level of risk associated with one or more threat events, threat scenarios, or vulnerabilities.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"The temporary reduction or lessening of the impact of a vulnerability or the likelihood of its exploitation.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"MitM","link":"https://csrc.nist.gov/glossary/term/mitm","abbrSyn":[{"text":"Man in the middle","link":"https://csrc.nist.gov/glossary/term/man_in_the_middle"},{"text":"Man In The Middle"},{"text":"Man-in-the-Middle"},{"text":"Man-In-The-Middle"},{"text":"Man-in-the-Middle Attack"}],"definitions":[{"text":"An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Man-In-The-Middle "}]}]},{"term":"MitMA","link":"https://csrc.nist.gov/glossary/term/mitma","abbrSyn":[{"text":"Man-in-the-Middle Attack"}],"definitions":null},{"term":"Mixed-Integer Linear Programming","link":"https://csrc.nist.gov/glossary/term/mixed_integer_linear_programming","abbrSyn":[{"text":"MILP","link":"https://csrc.nist.gov/glossary/term/milp"}],"definitions":null},{"term":"MKA","link":"https://csrc.nist.gov/glossary/term/mka","abbrSyn":[{"text":"MACsec Key Agreement","link":"https://csrc.nist.gov/glossary/term/macsec_key_agreement"}],"definitions":null},{"term":"ML","link":"https://csrc.nist.gov/glossary/term/ml","abbrSyn":[{"text":"Machine Learning","link":"https://csrc.nist.gov/glossary/term/machine_learning"}],"definitions":null},{"term":"MLE","link":"https://csrc.nist.gov/glossary/term/mle","abbrSyn":[{"text":"Measured Launch Environment","link":"https://csrc.nist.gov/glossary/term/measured_launch_environment"},{"text":"Mesh Link Establishment","link":"https://csrc.nist.gov/glossary/term/mesh_link_establishment"}],"definitions":null},{"term":"MLS","link":"https://csrc.nist.gov/glossary/term/mls","abbrSyn":[{"text":"Multilevel Secure","link":"https://csrc.nist.gov/glossary/term/multilevel_secure"},{"text":"Multi-Level Secure"},{"text":"Multilevel Security"},{"text":"Multi-Level Security"}],"definitions":[{"text":"Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multilevel Security ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"MLWE","link":"https://csrc.nist.gov/glossary/term/mlwe","abbrSyn":[{"text":"Module Learning With Errors","link":"https://csrc.nist.gov/glossary/term/module_learning_with_errors"}],"definitions":null},{"term":"MLWR","link":"https://csrc.nist.gov/glossary/term/mlwr","abbrSyn":[{"text":"Module Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/module_learning_with_rounding"}],"definitions":null},{"term":"mm","link":"https://csrc.nist.gov/glossary/term/mm","abbrSyn":[{"text":"Millimeter","link":"https://csrc.nist.gov/glossary/term/millimeter"}],"definitions":null},{"term":"MMC","link":"https://csrc.nist.gov/glossary/term/mmc","abbrSyn":[{"text":"Microsoft Management Console","link":"https://csrc.nist.gov/glossary/term/microsoft_management_console"},{"text":"Multimedia Card","link":"https://csrc.nist.gov/glossary/term/multimedia_card"},{"text":"Multi-Media Card"}],"definitions":null},{"term":"MME","link":"https://csrc.nist.gov/glossary/term/mme","abbrSyn":[{"text":"Mobility Management Entity","link":"https://csrc.nist.gov/glossary/term/mobility_management_entity"}],"definitions":null},{"term":"MMO","link":"https://csrc.nist.gov/glossary/term/mmo","abbrSyn":[{"text":"Matyas-Meyer-Oseas","link":"https://csrc.nist.gov/glossary/term/matyas_meyer_oseas"}],"definitions":null},{"term":"MMS","link":"https://csrc.nist.gov/glossary/term/mms","abbrSyn":[{"text":"Multimedia Messaging Service"}],"definitions":[{"text":"An accepted standard for messaging that lets users send and receive messages formatted with text, graphics, photographs, audio, and video clips.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Multimedia Messaging Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Multimedia Messaging Service "}]}]},{"term":"MMT","link":"https://csrc.nist.gov/glossary/term/mmt","abbrSyn":[{"text":"Multi-Block Message Test","link":"https://csrc.nist.gov/glossary/term/multi_block_message_test"}],"definitions":null},{"term":"MMU","link":"https://csrc.nist.gov/glossary/term/mmu","abbrSyn":[{"text":"Memory Management Unit","link":"https://csrc.nist.gov/glossary/term/memory_management_unit"}],"definitions":null},{"term":"MNO","link":"https://csrc.nist.gov/glossary/term/mno","abbrSyn":[{"text":"Mobile Network Operator","link":"https://csrc.nist.gov/glossary/term/mobile_network_operator"}],"definitions":null},{"term":"MO","link":"https://csrc.nist.gov/glossary/term/mo","abbrSyn":[{"text":"Magneto Optical","link":"https://csrc.nist.gov/glossary/term/magneto_optical"}],"definitions":null},{"term":"MOA","link":"https://csrc.nist.gov/glossary/term/moa","abbrSyn":[{"text":"Memorandum of Agreement"},{"text":"Memorandum Of Agreement"}],"definitions":[{"text":"Memorandum of Agreement (as used in the context of this CP, between an Agency and the FPKIPA allowing interoperation between the FBCA and Agency Principal CA)","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]}]},{"term":"MOBIKE","link":"https://csrc.nist.gov/glossary/term/mobike","abbrSyn":[{"text":"Mobile Internet Key Exchange"}],"definitions":null},{"term":"Mobile Application Management","link":"https://csrc.nist.gov/glossary/term/mobile_application_management","abbrSyn":[{"text":"MAM","link":"https://csrc.nist.gov/glossary/term/mam"}],"definitions":null},{"term":"Mobile Application Vetting","link":"https://csrc.nist.gov/glossary/term/mobile_application_vetting","abbrSyn":[{"text":"MAV","link":"https://csrc.nist.gov/glossary/term/mav"}],"definitions":null},{"term":"mobile code","link":"https://csrc.nist.gov/glossary/term/mobile_code","definitions":[{"text":"Software programs or parts of programs obtained from remote systems, transmitted across a network, and executed on a local system without explicit installation or execution by the recipient.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Mobile Code "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mobile Code "}]},{"text":"Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient. \nNote: Some examples of software technologies that provide the mechanisms for the production and use of mobile code include Java, JavaScript, ActiveX, VBScript, etc.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Mobile Code "},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Mobile Code "}]},{"text":"Executable code that is normally transferred from its source to another computer system for execution. This transfer is often through the network (e.g., JavaScript embedded in a web page) but may transfer through physical media as well.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Mobile Code "}]},{"text":"Software that is transmitted from a remote host to be executed on a local host, typically without the user’s explicit instruction.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","underTerm":" under Mobile Code "}]}]},{"term":"mobile code risk categories","link":"https://csrc.nist.gov/glossary/term/mobile_code_risk_categories","definitions":[{"text":"Categories of risk associated with mobile code technology based on functionality, level of access to workstation, server, and remote system services and resources, and the resulting threat to information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"mobile code technologies","link":"https://csrc.nist.gov/glossary/term/mobile_code_technologies","definitions":[{"text":"Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Mobile Code Technologies "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mobile Code Technologies "}]},{"text":"Software technologies that provide the mechanisms for the production and use of mobile code.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Mobile Data Terminal","link":"https://csrc.nist.gov/glossary/term/mobile_data_terminal","abbrSyn":[{"text":"MDT","link":"https://csrc.nist.gov/glossary/term/mdt"}],"definitions":null},{"term":"Mobile Data Unit","link":"https://csrc.nist.gov/glossary/term/mobile_data_unit","abbrSyn":[{"text":"MDU","link":"https://csrc.nist.gov/glossary/term/mdu"}],"definitions":null},{"term":"mobile device","link":"https://csrc.nist.gov/glossary/term/mobile_device","definitions":[{"text":"A portable computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); possesses local, non-removable, or removable data storage; and includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, or built-in features that synchronize local data with remote locations. Examples include smartphones, tablets, and e-readers.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable data storage; and (iv) is powered-on for extended periods of time with a self-contained power source. Mobile devices may also include voice communication capabilities, on board sensors that allow the device to capture (e.g., photograph, video, record, or determine location) information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and E-readers. \nNote: If the device only has storage capability and is not capable of processing or transmitting/receiving information, then it is considered a portable storage device, not a mobile device. See portable storage device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A mobile device is a small hand-held device that has a display screen with touch input and/or a QWERTY keyboard and may provide users with telephony capabilities. Mobile devices are used interchangeably (phones, tablets) throughout this document.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Mobile Devices "}]},{"text":"A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable or removable data storage; and (iv) includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and e-readers.","sources":[{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157","underTerm":" under Mobile Device "}]},{"text":"A mobile device, for the purpose of this document is a portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable or removable data storage; and (iv) includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and e-readers.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Mobile Device "}]},{"text":"A portable computing device that (1) has a small form factor so it can easily be carried by a single individual; (2) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (3) possesses local, nonremovable or removable data storage; and (4) includes a self-contained power source. Mobile devices may also include voice communication capabilities, onboard sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations. Examples are smartphones, tablets, and e-readers.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"A portable computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); possesses local, non-removable/removable data storage; and includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, or built-in features that synchronize local data with remote locations. Examples include smartphones, tablets, and E-readers.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable or removable data storage; and (iv) includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and E-readers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mobile Device "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Mobile Device ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A portable computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); possesses local, non-removable data storage; and is powered on for extended periods of time with a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the device to capture (e.g., photograph, video, record, or determine location) information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and e-readers.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-124r2","link":"https://doi.org/10.6028/NIST.SP.800-124r2","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"A portable computing device that has a small form factor such that it can easily be carried by a single individual, is designed to operate without a physical connection (e.g., wirelessly transmit or receive information), possesses local, non-removable or removable data storage, and includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, or built-in features that synchronize local data with remote locations. Examples include smartphones, tablets, and E-readers.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}],"seeAlso":[{"text":"portable storage device","link":"portable_storage_device"}]},{"term":"Mobile Device Management (MDM)","link":"https://csrc.nist.gov/glossary/term/mobile_device_management","abbrSyn":[{"text":"MDM","link":"https://csrc.nist.gov/glossary/term/mdm"}],"definitions":[{"text":"The administration of mobile devices such as smartphones, tablets, computers, laptops, and desktop computers. MDM is usually implemented through a third-party product that has management features for particular vendors of mobile devices.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-163 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-163r1"}]}]}]},{"term":"Mobile Device Manager","link":"https://csrc.nist.gov/glossary/term/mobile_device_manager","abbrSyn":[{"text":"MDM","link":"https://csrc.nist.gov/glossary/term/mdm"}],"definitions":null},{"term":"Mobile Device Security","link":"https://csrc.nist.gov/glossary/term/mobile_device_security","abbrSyn":[{"text":"MDS","link":"https://csrc.nist.gov/glossary/term/mds"}],"definitions":null},{"term":"Mobile Driving License","link":"https://csrc.nist.gov/glossary/term/mobile_driving_license","abbrSyn":[{"text":"mDL","link":"https://csrc.nist.gov/glossary/term/mdl"}],"definitions":null},{"term":"Mobile Endpoint Security","link":"https://csrc.nist.gov/glossary/term/mobile_endpoint_security","abbrSyn":[{"text":"MES","link":"https://csrc.nist.gov/glossary/term/mes"}],"definitions":null},{"term":"Mobile Equipment","link":"https://csrc.nist.gov/glossary/term/mobile_equipment","abbrSyn":[{"text":"ME","link":"https://csrc.nist.gov/glossary/term/me"}],"definitions":null},{"term":"Mobile Equipment Identifier","link":"https://csrc.nist.gov/glossary/term/mobile_equipment_identifier","abbrSyn":[{"text":"MEID","link":"https://csrc.nist.gov/glossary/term/meid"}],"definitions":null},{"term":"Mobile Internet Key Exchange (MOBIKE)","link":"https://csrc.nist.gov/glossary/term/mobile_internet_key_exchange","abbrSyn":[{"text":"MOBIKE","link":"https://csrc.nist.gov/glossary/term/mobike"}],"definitions":[{"text":"A form of IKE supporting the use of devices with multiple network interfaces that switch from one network to another while IPsec is in use.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"mobile mode","link":"https://csrc.nist.gov/glossary/term/mobile_mode","definitions":[{"text":"Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]}]},{"term":"Mobile Network Operator","link":"https://csrc.nist.gov/glossary/term/mobile_network_operator","abbrSyn":[{"text":"MNO","link":"https://csrc.nist.gov/glossary/term/mno"}],"definitions":null},{"term":"Mobile Services Category Team","link":"https://csrc.nist.gov/glossary/term/mobile_services_category_team","abbrSyn":[{"text":"MSCT","link":"https://csrc.nist.gov/glossary/term/msct"}],"definitions":null},{"term":"Mobile Single Sign-On","link":"https://csrc.nist.gov/glossary/term/mobile_single_sign_on","abbrSyn":[{"text":"MSSO","link":"https://csrc.nist.gov/glossary/term/msso"}],"definitions":null},{"term":"Mobile Subscriber Integrated Services Digital Network (MSISDN)","link":"https://csrc.nist.gov/glossary/term/mobile_subscriber_integrated_services_digital_network","abbrSyn":[{"text":"MSISDN","link":"https://csrc.nist.gov/glossary/term/msisdn"}],"definitions":[{"text":"The international telephone number assigned to a cellular subscriber.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Mobile Subscriber Integrated Services Digital Network "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Mobile Subscriber Integrated Services Digital Network "}]}]},{"term":"Mobile Switching Center","link":"https://csrc.nist.gov/glossary/term/mobile_switching_center","abbrSyn":[{"text":"MSC","link":"https://csrc.nist.gov/glossary/term/msc"}],"definitions":null},{"term":"Mobile Threat Catalogue","link":"https://csrc.nist.gov/glossary/term/mobile_threat_catalogue","abbrSyn":[{"text":"MTC","link":"https://csrc.nist.gov/glossary/term/mtc"}],"definitions":null},{"term":"Mobile Threat Defense","link":"https://csrc.nist.gov/glossary/term/mobile_threat_defense","abbrSyn":[{"text":"MTD","link":"https://csrc.nist.gov/glossary/term/mtd"}],"definitions":null},{"term":"Mobile Threat Intelligence","link":"https://csrc.nist.gov/glossary/term/mobile_threat_intelligence","abbrSyn":[{"text":"MTI","link":"https://csrc.nist.gov/glossary/term/mti"}],"definitions":null},{"term":"Mobile Threat Posture","link":"https://csrc.nist.gov/glossary/term/mobile_threat_posture","abbrSyn":[{"text":"MTP","link":"https://csrc.nist.gov/glossary/term/mtp"}],"definitions":null},{"term":"Mobile Threat Protection","link":"https://csrc.nist.gov/glossary/term/mobile_threat_protection","abbrSyn":[{"text":"MTP","link":"https://csrc.nist.gov/glossary/term/mtp"}],"definitions":null},{"term":"Mobile Virtual Network Operator","link":"https://csrc.nist.gov/glossary/term/mobile_virtual_network_operator","abbrSyn":[{"text":"MVNO","link":"https://csrc.nist.gov/glossary/term/mvno"}],"definitions":null},{"term":"Mobility Management Entity","link":"https://csrc.nist.gov/glossary/term/mobility_management_entity","abbrSyn":[{"text":"MME","link":"https://csrc.nist.gov/glossary/term/mme"}],"definitions":null},{"term":"MOC","link":"https://csrc.nist.gov/glossary/term/moc","abbrSyn":[{"text":"Mission Operations Center"}],"definitions":null},{"term":"MOD","link":"https://csrc.nist.gov/glossary/term/mod","abbrSyn":[{"text":"Moderate","link":"https://csrc.nist.gov/glossary/term/moderate"}],"definitions":null},{"term":"Modality Performed Procedure Step","link":"https://csrc.nist.gov/glossary/term/modality_performed_procedure_step","abbrSyn":[{"text":"MPPS","link":"https://csrc.nist.gov/glossary/term/mpps"}],"definitions":null},{"term":"Mode Configuration","link":"https://csrc.nist.gov/glossary/term/mode_configuration","abbrSyn":[{"text":"ModeCFG","link":"https://csrc.nist.gov/glossary/term/modecfg"}],"definitions":null},{"term":"mode of iteration","link":"https://csrc.nist.gov/glossary/term/mode_of_iteration","definitions":[{"text":"A method for iterating the multiple invocations of a pseudorandom function in order to derive the keying material with a required length.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]}]},{"term":"Mode of Operation (Mode)","link":"https://csrc.nist.gov/glossary/term/mode_of_operation","abbrSyn":[{"text":"block cipher mode of operation","link":"https://csrc.nist.gov/glossary/term/block_cipher_mode_of_operation"}],"definitions":[{"text":"An algorithm for the cryptographic transformation of data that features a symmetric key block cipher algorithm.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]},{"text":"An algorithm for the cryptographic transformation of data that features a symmetric key block cipher.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]},{"text":"An algorithm for the cryptographic transformation of data that is based on a block cipher.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under block cipher mode of operation "}]},{"text":"See “block cipher mode of operation.”","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F","underTerm":" under mode "}]},{"text":"An algorithm that uses a block cipher algorithm as a cryptographic primitive to provide a cryptographic service, such as confidentiality or authentication.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Mode of operation "}]}]},{"term":"ModeCFG","link":"https://csrc.nist.gov/glossary/term/modecfg","abbrSyn":[{"text":"Mode Configuration","link":"https://csrc.nist.gov/glossary/term/mode_configuration"}],"definitions":null},{"term":"Model","link":"https://csrc.nist.gov/glossary/term/model","definitions":[{"text":"A detailed description or scaled representation of one component of a larger system that can be created, operated, and analyzed to predict actual operational characteristics of the final produced component.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A very detailed description or scaled representation of one component of a larger system that can be created, operated, and analyzed to predict actual operational characteristics of the final produced component.","sources":[{"text":"FIPS 201","note":" [version unknown]"}]}]},{"term":"Model-Based Systems Engineering","link":"https://csrc.nist.gov/glossary/term/model_based_systems_engineering","abbrSyn":[{"text":"MBSE","link":"https://csrc.nist.gov/glossary/term/mbse"}],"definitions":null},{"term":"Modeling and Simulation","link":"https://csrc.nist.gov/glossary/term/modeling_and_simulation","abbrSyn":[{"text":"M&S","link":"https://csrc.nist.gov/glossary/term/m_and_s"}],"definitions":null},{"term":"Moderate","link":"https://csrc.nist.gov/glossary/term/moderate","abbrSyn":[{"text":"MOD","link":"https://csrc.nist.gov/glossary/term/mod"}],"definitions":null},{"term":"Moderate Impact","link":"https://csrc.nist.gov/glossary/term/moderate_impact","definitions":[{"text":"The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under moderate impact "}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States (i.e., 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life-threatening injuries).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life threatening injuries.).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under moderate-impact ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life-threatening injuries).","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"CNSSI 4009-2010"}]}]}]},{"term":"moderate-impact system","link":"https://csrc.nist.gov/glossary/term/moderate_impact_system","definitions":[{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate, and no security objective is assigned a FIPS 199 potential impact value of high.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under MODERATE-IMPACT SYSTEM "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Moderate-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of moderate and no security objective is assigned a FIPS Publication 199 potential impact value of high.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Moderate-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS PUB 199 potential impact value of moderate and no security objective is assigned a FIPS PUB 199 potential impact value of high. \nNote: For National Security Systems, CNSSI No. 1253 does not adopt this FIPS PUB 200 high water mark across security objectives.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"A system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS Publication 199 potential impact value of moderate and no security objective is assigned a potential impact value of high.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Moderate-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Moderate-Impact System ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Moderate-Impact System "}]}]},{"term":"modern key","link":"https://csrc.nist.gov/glossary/term/modern_key","definitions":[{"text":"A collective name for asymmetric key such as secure data network system (SDNS) FIREFLY key and message signature key. It does not include the public key infrastructure (PKI) system or keys.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Modification, Access, and Creation","link":"https://csrc.nist.gov/glossary/term/modification_access_and_creation","abbrSyn":[{"text":"MAC","link":"https://csrc.nist.gov/glossary/term/mac"}],"definitions":[{"text":"Message Authentication Code.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under MAC "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under MAC "}]}]},{"term":"Modified condition decision coverage","link":"https://csrc.nist.gov/glossary/term/modified_condition_decision_coverage","abbrSyn":[{"text":"MC/DC","link":"https://csrc.nist.gov/glossary/term/mc_dc"}],"definitions":[{"text":"This is a strong coverage criterion that is required by the US Federal Aviation Administration for Level A (catastrophic failure consequence) software; i.e., software whose failure could lead to loss of function necessary for safe operation. It requires that every condition in a decision in the program has taken on all possible outcomes at least once, and each condition has been shown to independently affect the decision outcome, and that each entry and exit point have been invoked at least once.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878","refSources":[{"text":"Chilenski et al"}]}]}]},{"term":"MODP","link":"https://csrc.nist.gov/glossary/term/modp","abbrSyn":[{"text":"Modular Exponential","link":"https://csrc.nist.gov/glossary/term/modular_exponential"}],"definitions":null},{"term":"Modular Contracting","link":"https://csrc.nist.gov/glossary/term/modular_contracting","definitions":[{"text":"Under modular contracting, an executive agency’s need for a system is satisfied in successive acquisitions of interoperable increments. Each increment complies with common or commercially accepted standards applicable to information technology so that the increments are compatible with other increments of information technology comprising the system.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"41 U.S.C.","link":"https://www.govinfo.gov/app/details/USCODE-2019-title41/"}]}]},{"text":"Under modular contracting, an executive agency’s need for a system is satisfied in successive acquisitions of interoperable increments. Each increment complies with common or commercially accepted standards applicable to information technology so that the increments are compatible with other increments of information technology composing the system.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"41 U.S.C.","link":"https://www.govinfo.gov/app/details/USCODE-2019-title41/"}]}]}]},{"term":"Modular Exponential","link":"https://csrc.nist.gov/glossary/term/modular_exponential","abbrSyn":[{"text":"MODP","link":"https://csrc.nist.gov/glossary/term/modp"}],"definitions":null},{"term":"module","link":"https://csrc.nist.gov/glossary/term/module","abbrSyn":[{"text":"Cryptographic module","link":"https://csrc.nist.gov/glossary/term/Cryptographicmodule"}],"definitions":[{"text":"Program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Discrete and identifiable element with a well-defined interface and well-defined purpose or role whose effect is described as relations among inputs, outputs, and retained state.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic module boundary. See [FIPS 140].","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Cryptographic module "}]},{"text":"See Cryptographic module.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Module "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Cryptographic module "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Cryptographic module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved cryptographic functions (including key generation) that are contained within the cryptographic boundary of the module.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Cryptographic module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Cryptographic module "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Cryptographic module "}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and key generation) and is contained within a cryptographic module boundary. See FIPS 140.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Cryptographic module "}]},{"text":"See Cryptographic module","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Module "}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms), holds plaintext keys and uses them for performing cryptographic operations, and is contained within a cryptographic module boundary. This Profile requires the use of a validated cryptographic module as specified in [FIPS 140].","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Cryptographic module "}]},{"text":"The set of hardware, software, and/or firmware that implements approved security functions and is contained within a cryptographic boundary.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Cryptographic module "}]},{"text":"The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms and keygeneration methods) and is contained within a cryptographic module boundary. See FIPS 140.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Cryptographic module "}]},{"text":"an embedded software component of a product or application, or a complete product in-and-of-itself that has one or more capabilities.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under Module "}]}]},{"term":"Module Learning With Errors","link":"https://csrc.nist.gov/glossary/term/module_learning_with_errors","abbrSyn":[{"text":"MLWE","link":"https://csrc.nist.gov/glossary/term/mlwe"}],"definitions":null},{"term":"Module Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/module_learning_with_rounding","abbrSyn":[{"text":"MLWR","link":"https://csrc.nist.gov/glossary/term/mlwr"}],"definitions":null},{"term":"Module Short Integer Solution","link":"https://csrc.nist.gov/glossary/term/module_short_integer_solution","abbrSyn":[{"text":"MSIS","link":"https://csrc.nist.gov/glossary/term/msis"}],"definitions":null},{"term":"Modules-In-Process","link":"https://csrc.nist.gov/glossary/term/modules_in_process","abbrSyn":[{"text":"MIP","link":"https://csrc.nist.gov/glossary/term/mip"}],"definitions":null},{"term":"MOE","link":"https://csrc.nist.gov/glossary/term/moe","abbrSyn":[{"text":"Measure of Effectiveness","link":"https://csrc.nist.gov/glossary/term/measure_of_effectiveness"},{"text":"Measures of Effectiveness"}],"definitions":null},{"term":"MOK","link":"https://csrc.nist.gov/glossary/term/mok","abbrSyn":[{"text":"Machine Owner Key","link":"https://csrc.nist.gov/glossary/term/machine_owner_key"}],"definitions":null},{"term":"Monitor-Evaluate-Adjust cycle","link":"https://csrc.nist.gov/glossary/term/monitor_evaluate_adjust_cycle","abbrSyn":[{"text":"MEA","link":"https://csrc.nist.gov/glossary/term/mea"}],"definitions":null},{"term":"monitoring","link":"https://csrc.nist.gov/glossary/term/monitoring","definitions":[{"text":"Continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"Monobit Test","link":"https://csrc.nist.gov/glossary/term/monobit_test","definitions":[{"text":"The purpose of this test is to determine whether the number of ones and zeros in a sequence are approximately the same as would be expected for a truly random sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"MOP","link":"https://csrc.nist.gov/glossary/term/mop","abbrSyn":[{"text":"Measure of Performance","link":"https://csrc.nist.gov/glossary/term/measure_of_performance"},{"text":"Measures of Performance"}],"definitions":null},{"term":"Morale, Welfare, and Recreation","link":"https://csrc.nist.gov/glossary/term/morale_welfare_and_recreation","abbrSyn":[{"text":"MWR","link":"https://csrc.nist.gov/glossary/term/mwr"}],"definitions":null},{"term":"MOSS","link":"https://csrc.nist.gov/glossary/term/moss","abbrSyn":[{"text":"MIME Object Security Services","link":"https://csrc.nist.gov/glossary/term/mime_object_security_services"}],"definitions":null},{"term":"most significant bit(s)","link":"https://csrc.nist.gov/glossary/term/most_significant_bits","abbrSyn":[{"text":"MSB","link":"https://csrc.nist.gov/glossary/term/msb"}],"definitions":[{"text":"The left-most bit(s) of a bit string.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Most Significant Bit(s) "},{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B","underTerm":" under Most Significant Bit(s) "},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Most Significant Bit(s) "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Most Significant Bit(s) "},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"MOU","link":"https://csrc.nist.gov/glossary/term/mou","abbrSyn":[{"text":"Memorandum of Understanding"},{"text":"Memorandum Of Understanding"}],"definitions":null},{"term":"MOU/A","link":"https://csrc.nist.gov/glossary/term/mou_a","abbrSyn":[{"text":"Memorandum of Understanding or Agreement","link":"https://csrc.nist.gov/glossary/term/memorandum_of_understanding_or_agreement"},{"text":"Memorandum of Understanding/Agreement"}],"definitions":null},{"term":"Mount Airey Group","link":"https://csrc.nist.gov/glossary/term/mount_airey_group","abbrSyn":[{"text":"MAG","link":"https://csrc.nist.gov/glossary/term/mag"}],"definitions":null},{"term":"moving target defense","link":"https://csrc.nist.gov/glossary/term/moving_target_defense","abbrSyn":[{"text":"MTD","link":"https://csrc.nist.gov/glossary/term/mtd"}],"definitions":[{"text":"The concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity, and increase the costs of their probing and attack efforts.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"MP","link":"https://csrc.nist.gov/glossary/term/mp","abbrSyn":[{"text":"Media Protection","link":"https://csrc.nist.gov/glossary/term/media_protection"},{"text":"Metapolicy","link":"https://csrc.nist.gov/glossary/term/metapolicy"}],"definitions":[{"text":"Information about policy, such as author, policy effective date, deconflict methods, etc.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162","underTerm":" under Metapolicy "}]}]},{"term":"MPC","link":"https://csrc.nist.gov/glossary/term/mpc","abbrSyn":[{"text":"multi-party computation","link":"https://csrc.nist.gov/glossary/term/multi_party_computation"},{"text":"Multi-Party Computation"}],"definitions":null},{"term":"MPLS","link":"https://csrc.nist.gov/glossary/term/mpls","abbrSyn":[{"text":"Multiprotocol Label Switching","link":"https://csrc.nist.gov/glossary/term/multiprotocol_label_switching"},{"text":"Multi-Protocol Label Switching"}],"definitions":null},{"term":"MPPE","link":"https://csrc.nist.gov/glossary/term/mppe","abbrSyn":[{"text":"Microsoft Point to Point Encryption"},{"text":"Microsoft Point-to-Point Encryption","link":"https://csrc.nist.gov/glossary/term/microsoft_point_to_point_encryption"}],"definitions":null},{"term":"MPPS","link":"https://csrc.nist.gov/glossary/term/mpps","abbrSyn":[{"text":"Modality Performed Procedure Step","link":"https://csrc.nist.gov/glossary/term/modality_performed_procedure_step"}],"definitions":null},{"term":"MQTT","link":"https://csrc.nist.gov/glossary/term/mqtt","abbrSyn":[{"text":"Message Queuing Telemetry Transport","link":"https://csrc.nist.gov/glossary/term/message_queuing_telemetry_transport"}],"definitions":null},{"term":"MQV","link":"https://csrc.nist.gov/glossary/term/mqv","abbrSyn":[{"text":"Menezes-Qu-Vanstone","link":"https://csrc.nist.gov/glossary/term/menezes_qu_vanstone"},{"text":"Menezes−Qu−Vanstone algorithm"}],"definitions":[{"text":"The Menezes-Qu-Vanstone key-agreement primitive.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]}]},{"term":"MRAE","link":"https://csrc.nist.gov/glossary/term/mrae","abbrSyn":[{"text":"Nonce Misuse-Resistant AE","link":"https://csrc.nist.gov/glossary/term/nonce_misuse_resistant_ae"}],"definitions":null},{"term":"MRI","link":"https://csrc.nist.gov/glossary/term/mri","abbrSyn":[{"text":"Magnetic Resonance Imaging","link":"https://csrc.nist.gov/glossary/term/magnetic_resonance_imaging"}],"definitions":null},{"term":"MRT","link":"https://csrc.nist.gov/glossary/term/mrt","abbrSyn":[{"text":"Machine Readable Table","link":"https://csrc.nist.gov/glossary/term/machine_readable_table"}],"definitions":null},{"term":"MRTD","link":"https://csrc.nist.gov/glossary/term/mrtd","abbrSyn":[{"text":"Machine Readable Travel Document","link":"https://csrc.nist.gov/glossary/term/machine_readable_travel_document"}],"definitions":null},{"term":"MS","link":"https://csrc.nist.gov/glossary/term/ms_acronym","abbrSyn":[{"text":"Measured Service"},{"text":"Microsoft","link":"https://csrc.nist.gov/glossary/term/microsoft"},{"text":"Mobile Subscriber"}],"definitions":null},{"term":"MS SQL","link":"https://csrc.nist.gov/glossary/term/ms_sql","abbrSyn":[{"text":"Microsoft Structured Query Language"}],"definitions":null},{"term":"MSA","link":"https://csrc.nist.gov/glossary/term/msa","abbrSyn":[{"text":"Mail Submission Agent","link":"https://csrc.nist.gov/glossary/term/mail_submission_agent"},{"text":"master services agreement","link":"https://csrc.nist.gov/glossary/term/master_services_agreement"}],"definitions":null},{"term":"MSB","link":"https://csrc.nist.gov/glossary/term/msb","abbrSyn":[{"text":"Most Significant Bit"}],"definitions":null},{"term":"MSBs(X)","link":"https://csrc.nist.gov/glossary/term/msb_s_x","definitions":[{"text":"The bit string consisting of the s left-most bits of the bit string X.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"},{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"MSC","link":"https://csrc.nist.gov/glossary/term/msc","abbrSyn":[{"text":"Mobile Switching Center","link":"https://csrc.nist.gov/glossary/term/mobile_switching_center"}],"definitions":null},{"term":"MS-CHAP","link":"https://csrc.nist.gov/glossary/term/ms_chap","abbrSyn":[{"text":"Microsoft Challenge Handshake Authentication Protocol"},{"text":"Microsoft Challenge-Handshake Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol"}],"definitions":null},{"term":"MS-CHAPv1","link":"https://csrc.nist.gov/glossary/term/ms_chapv1","abbrSyn":[{"text":"Microsoft Challenge-Handshake Authentication Protocol version 1","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol_v1"}],"definitions":null},{"term":"MS-CHAPv2","link":"https://csrc.nist.gov/glossary/term/ms_chapv2","abbrSyn":[{"text":"Microsoft Challenge-Handshake Authentication Protocol version 2","link":"https://csrc.nist.gov/glossary/term/microsoft_challenge_handshake_authentication_protocol_v2"}],"definitions":null},{"term":"mSCP","link":"https://csrc.nist.gov/glossary/term/mscp","abbrSyn":[{"text":"macOS Security Compliance Project","link":"https://csrc.nist.gov/glossary/term/macos_security_compliance_project"}],"definitions":null},{"term":"MSCT","link":"https://csrc.nist.gov/glossary/term/msct","abbrSyn":[{"text":"Mobile Services Category Team","link":"https://csrc.nist.gov/glossary/term/mobile_services_category_team"}],"definitions":null},{"term":"MSCUID","link":"https://csrc.nist.gov/glossary/term/mscuid","definitions":[{"text":"An optional legacy identifier included for compatibility with Common Access Card and Government Smart Card Interoperability Specifications.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"MS-DOS","link":"https://csrc.nist.gov/glossary/term/ms_dos","abbrSyn":[{"text":"Microsoft Disk Operating System","link":"https://csrc.nist.gov/glossary/term/microsoft_disk_operating_system"}],"definitions":null},{"term":"MSDT","link":"https://csrc.nist.gov/glossary/term/msdt","abbrSyn":[{"text":"Microsoft Support Diagnostic Tool","link":"https://csrc.nist.gov/glossary/term/microsoft_support_diagnostic_tool"}],"definitions":null},{"term":"MSEC","link":"https://csrc.nist.gov/glossary/term/msec","abbrSyn":[{"text":"Multicast Security","link":"https://csrc.nist.gov/glossary/term/multicast_security"}],"definitions":null},{"term":"MSEL","link":"https://csrc.nist.gov/glossary/term/msel","abbrSyn":[{"text":"Master Scenario Events List"}],"definitions":null},{"term":"MSIL","link":"https://csrc.nist.gov/glossary/term/msil","abbrSyn":[{"text":"Microsoft Intermediate Language","link":"https://csrc.nist.gov/glossary/term/microsoft_intermediate_language"}],"definitions":null},{"term":"MSIS","link":"https://csrc.nist.gov/glossary/term/msis","abbrSyn":[{"text":"Module Short Integer Solution","link":"https://csrc.nist.gov/glossary/term/module_short_integer_solution"}],"definitions":null},{"term":"MSISDN","link":"https://csrc.nist.gov/glossary/term/msisdn","abbrSyn":[{"text":"Mobile Subscriber Integrated Services Digital Network"}],"definitions":[{"text":"The international telephone number assigned to a cellular subscriber.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Mobile Subscriber Integrated Services Digital Network "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Mobile Subscriber Integrated Services Digital Network "}]}]},{"term":"MSK","link":"https://csrc.nist.gov/glossary/term/msk","abbrSyn":[{"text":"Master Session Key","link":"https://csrc.nist.gov/glossary/term/master_session_key"},{"text":"Message Signature Key","link":"https://csrc.nist.gov/glossary/term/message_signature_key"}],"definitions":null},{"term":"MSL","link":"https://csrc.nist.gov/glossary/term/msl","abbrSyn":[{"text":"Multiple Security Levels"}],"definitions":[{"text":"Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multiple Security Levels ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"MSO","link":"https://csrc.nist.gov/glossary/term/mso","abbrSyn":[{"text":"Multiple-System Operator","link":"https://csrc.nist.gov/glossary/term/multiple_system_operator"}],"definitions":null},{"term":"MSQL","link":"https://csrc.nist.gov/glossary/term/msql","abbrSyn":[{"text":"Microsoft SQL","link":"https://csrc.nist.gov/glossary/term/microsoft_sql"}],"definitions":null},{"term":"MSS","link":"https://csrc.nist.gov/glossary/term/mss","abbrSyn":[{"text":"Maximum Segment Size","link":"https://csrc.nist.gov/glossary/term/maximum_segment_size"}],"definitions":null},{"term":"MSSO","link":"https://csrc.nist.gov/glossary/term/msso","abbrSyn":[{"text":"Mobile Single Sign-On","link":"https://csrc.nist.gov/glossary/term/mobile_single_sign_on"}],"definitions":null},{"term":"MSSP","link":"https://csrc.nist.gov/glossary/term/mssp","abbrSyn":[{"text":"Managed Security Service Provider"},{"text":"Managed Security Services Provider","link":"https://csrc.nist.gov/glossary/term/managed_security_services_provider"}],"definitions":null},{"term":"MSSQL","link":"https://csrc.nist.gov/glossary/term/mssql","abbrSyn":[{"text":"Microsoft SQL","link":"https://csrc.nist.gov/glossary/term/microsoft_sql"},{"text":"Microsoft Structured Query Language"}],"definitions":null},{"term":"MSWG","link":"https://csrc.nist.gov/glossary/term/mswg","abbrSyn":[{"text":"Metadata Standards Working Group","link":"https://csrc.nist.gov/glossary/term/metadata_standards_working_group"}],"definitions":null},{"term":"MTA","link":"https://csrc.nist.gov/glossary/term/mta","abbrSyn":[{"text":"Mail Transfer Agent"},{"text":"Mail Transport Agent"}],"definitions":null},{"term":"MTC","link":"https://csrc.nist.gov/glossary/term/mtc","abbrSyn":[{"text":"Mobile Threat Catalogue","link":"https://csrc.nist.gov/glossary/term/mobile_threat_catalogue"}],"definitions":null},{"term":"MTD","link":"https://csrc.nist.gov/glossary/term/mtd","abbrSyn":[{"text":"Maximum Tolerable Downtime","link":"https://csrc.nist.gov/glossary/term/maximum_tolerable_downtime"},{"text":"Mobile Threat Defense","link":"https://csrc.nist.gov/glossary/term/mobile_threat_defense"},{"text":"Moving Target Defense"}],"definitions":[{"text":"The amount of time mission/business process can be disrupted without causing significant harm to the organization’s mission.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Maximum Tolerable Downtime "}]}]},{"term":"MTE","link":"https://csrc.nist.gov/glossary/term/mte","abbrSyn":[{"text":"Memory Tagging Extension","link":"https://csrc.nist.gov/glossary/term/memory_tagging_extension"}],"definitions":null},{"term":"MTI","link":"https://csrc.nist.gov/glossary/term/mti","abbrSyn":[{"text":"Mobile Threat Intelligence","link":"https://csrc.nist.gov/glossary/term/mobile_threat_intelligence"}],"definitions":null},{"term":"mTLS","link":"https://csrc.nist.gov/glossary/term/mtls","abbrSyn":[{"text":"mutual TLS","link":"https://csrc.nist.gov/glossary/term/mutual_tls"},{"text":"mutual Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/mutual_transport_layer_security"}],"definitions":null},{"term":"MTP","link":"https://csrc.nist.gov/glossary/term/mtp","abbrSyn":[{"text":"Mobile Threat Posture","link":"https://csrc.nist.gov/glossary/term/mobile_threat_posture"},{"text":"Mobile Threat Protection","link":"https://csrc.nist.gov/glossary/term/mobile_threat_protection"}],"definitions":null},{"term":"MTS","link":"https://csrc.nist.gov/glossary/term/mts","abbrSyn":[{"text":"Marine Transportation System","link":"https://csrc.nist.gov/glossary/term/marine_transportation_system"}],"definitions":null},{"term":"MTTF","link":"https://csrc.nist.gov/glossary/term/mttf","abbrSyn":[{"text":"Mean Time To Failure","link":"https://csrc.nist.gov/glossary/term/mean_time_to_failure"}],"definitions":null},{"term":"MTU","link":"https://csrc.nist.gov/glossary/term/mtu","abbrSyn":[{"text":"Master Terminal Unit"},{"text":"Maximum Transmission Unit","link":"https://csrc.nist.gov/glossary/term/maximum_transmission_unit"}],"definitions":null},{"term":"MUA","link":"https://csrc.nist.gov/glossary/term/mua","abbrSyn":[{"text":"Mail User Agent"}],"definitions":null},{"term":"MUD","link":"https://csrc.nist.gov/glossary/term/mud","abbrSyn":[{"text":"Manufacturer Usage Description"}],"definitions":null},{"term":"MUD-Capable","link":"https://csrc.nist.gov/glossary/term/mud_capable","definitions":[{"text":"An Internet of Things (IoT) device that can emit a MUD uniform resource locator in compliance with the MUD specification.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]},{"text":"An IoT device that is capable of emitting a MUD uniform resource locator (URL) in compliance with the MUD specification.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Multi-Block Message Test","link":"https://csrc.nist.gov/glossary/term/multi_block_message_test","abbrSyn":[{"text":"MMT","link":"https://csrc.nist.gov/glossary/term/mmt"}],"definitions":null},{"term":"Multicast Domain Name System","link":"https://csrc.nist.gov/glossary/term/multicast_domain_name_system","abbrSyn":[{"text":"mDNS","link":"https://csrc.nist.gov/glossary/term/mdns"}],"definitions":null},{"term":"Multicast Group","link":"https://csrc.nist.gov/glossary/term/multicast_group","abbrSyn":[{"text":"MEC","link":"https://csrc.nist.gov/glossary/term/mec"}],"definitions":null},{"term":"Multicast Security","link":"https://csrc.nist.gov/glossary/term/multicast_security","abbrSyn":[{"text":"MSEC","link":"https://csrc.nist.gov/glossary/term/msec"}],"definitions":null},{"term":"Multicloud Management","link":"https://csrc.nist.gov/glossary/term/multicloud_management","abbrSyn":[{"text":"MCM","link":"https://csrc.nist.gov/glossary/term/mcm"}],"definitions":null},{"term":"Multi-Exit Discriminator (MED)","link":"https://csrc.nist.gov/glossary/term/multi_exit_discriminator","abbrSyn":[{"text":"MED","link":"https://csrc.nist.gov/glossary/term/med"}],"definitions":[{"text":"A BGP attribute used on external links to indicate preferred entry or exit points (among many) for an AS.","sources":[{"text":"NIST SP 800-54","link":"https://doi.org/10.6028/NIST.SP.800-54"}]}]},{"term":"Multifactor","link":"https://csrc.nist.gov/glossary/term/multifactor","abbrSyn":[{"text":"MF","link":"https://csrc.nist.gov/glossary/term/mf"}],"definitions":[{"text":"A characteristic of an authentication system or an authenticator that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17"}]}]},{"term":"Multi-Factor","link":"https://csrc.nist.gov/glossary/term/multi_factor","definitions":[{"text":"A characteristic of an authentication system or an authenticator that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors.\nThe three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A characteristic of an authentication system or an authenticator that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors. \nThe three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A characteristic of an authentication system or a token that uses more than one authentication factor. \nThe three types of authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"multi-factor authentication","link":"https://csrc.nist.gov/glossary/term/multi_factor_authentication","abbrSyn":[{"text":"2FA","link":"https://csrc.nist.gov/glossary/term/2fa"},{"text":"authenticator","link":"https://csrc.nist.gov/glossary/term/authenticator"},{"text":"MFA","link":"https://csrc.nist.gov/glossary/term/mfa"}],"definitions":[{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric).","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under multifactor authentication "}]},{"text":"Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/personal identification number [PIN]); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Multifactor Authentication ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An entity that facilitates authentication of other entities attached to the same LAN using a public key certificate."},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under authenticator "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric). See authenticator.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The means used to confirm the identity of a user, process, or device (e.g., user password or token).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authenticator ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under multifactor authentication ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An authentication system that requires more than one distinct authentication factor for successful authentication. Multifactor authentication can be performed using a multifactor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Multifactor Authentication "}]},{"text":"Authentication using two or more factors to achieve authentication. Factors are (i) something you know (e.g., password/personal identification number); (ii) something you have (e.g., cryptographic identification device, token); and (iii) something you are (e.g., biometric).","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under multifactor authentication "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See authenticator.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under multifactor authentication "}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multifactor Authentication "}]},{"text":"Something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authenticator "}]},{"text":"An authentication system or an authenticator that requires more than one authentication factor for successful authentication. Multi-factor authentication can be performed using a single authenticator that provides more than one factor or by a combination of authenticators that provide different factors.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The three authentication factors are something you know, something you have, and something you are. See authenticator.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric). See authenticator.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]},{"text":"Authentication using two or more different factors to achieve authentication. Factors include something you know (e.g., PIN, password); something you have (e.g., cryptographic identification device, token); or something you are (e.g., biometric). See also Authenticator.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under multifactor authentication "}]}],"seeAlso":[{"text":"authenticator","link":"authenticator"},{"text":"Authenticator"}]},{"term":"Multifactor Authenticator","link":"https://csrc.nist.gov/glossary/term/multifactor_authenticator","definitions":[{"text":"An authenticator that provides more than one distinct authentication factor, such as a cryptographic authentication device with an integrated biometric sensor that is required to activate the device.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"}]}]},{"term":"Multi-Factor Authenticator","link":"https://csrc.nist.gov/glossary/term/multi_factor_authenticator","definitions":[{"text":"An authenticator that provides more than one distinct authentication factor, such as a cryptographic authentication device with an integrated biometric sensor that is required to activate the device.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"multi-level cross domain solution","link":"https://csrc.nist.gov/glossary/term/multi_level_cross_domain_solution","definitions":[{"text":"A type of cross domain solution (CDS) that uses trusted labeling to store data at different classifications and allows users to access the data based upon their security domain and credentials.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"multilevel device","link":"https://csrc.nist.gov/glossary/term/multilevel_device","definitions":[{"text":"Equipment trusted to properly maintain and separate data of different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Multilevel Secure","link":"https://csrc.nist.gov/glossary/term/multilevel_secure","abbrSyn":[{"text":"MLS","link":"https://csrc.nist.gov/glossary/term/mls"}],"definitions":null},{"term":"multi-level security (MLS)","link":"https://csrc.nist.gov/glossary/term/multi_level_security","abbrSyn":[{"text":"MLS","link":"https://csrc.nist.gov/glossary/term/mls"}],"definitions":[{"text":"Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multilevel Security ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under multilevel security ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Multi-level security domain","link":"https://csrc.nist.gov/glossary/term/multi_level_security_domain","definitions":[{"text":"A security domain that supports information protection at more than one impact-level.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"multi-level solution","link":"https://csrc.nist.gov/glossary/term/multi_level_solution","definitions":[{"text":"Store data in multiple security domains at varied security levels and allow users to access the data at an appropriate security level.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Multimedia Card","link":"https://csrc.nist.gov/glossary/term/multimedia_card","abbrSyn":[{"text":"MMC","link":"https://csrc.nist.gov/glossary/term/mmc"}],"definitions":null},{"term":"Multimedia Messaging Service (MMS)","link":"https://csrc.nist.gov/glossary/term/multimedia_messaging_service","abbrSyn":[{"text":"MMS","link":"https://csrc.nist.gov/glossary/term/mms"}],"definitions":[{"text":"An accepted standard for messaging that lets users send and receive messages formatted with text, graphics, photographs, audio, and video clips.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Multimedia Messaging Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Multimedia Messaging Service "}]}]},{"term":"multi-party computation","link":"https://csrc.nist.gov/glossary/term/multi_party_computation","abbrSyn":[{"text":"MPC","link":"https://csrc.nist.gov/glossary/term/mpc"}],"definitions":null},{"term":"multipath","link":"https://csrc.nist.gov/glossary/term/multipath","definitions":[{"text":"The propagation phenomenon that results in signals reaching the receiving antenna by two or more paths. When two or more signals arrive simultaneously, wave interference results. The received signal fades if the wave interference is time varying or if one of the terminals is in motion.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning","note":" - Appendix E"}]}]}]},{"term":"multiple security levels (MSL)","link":"https://csrc.nist.gov/glossary/term/multiple_security_levels","abbrSyn":[{"text":"MSL","link":"https://csrc.nist.gov/glossary/term/msl"}],"definitions":[{"text":"Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Multiple Security Levels ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Capability of a system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under multiple security levels ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Multiple-center group","link":"https://csrc.nist.gov/glossary/term/multiple_center_group","definitions":[{"text":"As used in this Recommendation, a set of two or more key centers that have agreed to work together to provide cryptographic keying services to their subscribers.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Multiple-System Operator","link":"https://csrc.nist.gov/glossary/term/multiple_system_operator","abbrSyn":[{"text":"MSO","link":"https://csrc.nist.gov/glossary/term/mso"}],"definitions":null},{"term":"Multiprotocol Label Switching","link":"https://csrc.nist.gov/glossary/term/multiprotocol_label_switching","abbrSyn":[{"text":"MPLS","link":"https://csrc.nist.gov/glossary/term/mpls"}],"definitions":null},{"term":"Multipurpose Internet Mail Extensions (MIME)","link":"https://csrc.nist.gov/glossary/term/multipurpose_internet_mail_extensions","abbrSyn":[{"text":"MIME","link":"https://csrc.nist.gov/glossary/term/mime"}],"definitions":[{"text":"A protocol that makes use of the headers in an IETF RFC 2822 message to describe the structure of rich message content.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"multi-releasable","link":"https://csrc.nist.gov/glossary/term/multi_releasable","definitions":[{"text":"A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Multi-Signature","link":"https://csrc.nist.gov/glossary/term/multi_signature","definitions":[{"text":"A cryptographic signature scheme where the process of signing information (e.g., a transaction) is distributed among multiple private keys.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Multi-tree XMSS","link":"https://csrc.nist.gov/glossary/term/multi_tree_xmss","abbrSyn":[{"text":"XMSSMT","link":"https://csrc.nist.gov/glossary/term/xmss_mt"}],"definitions":null},{"term":"mutual authentication","link":"https://csrc.nist.gov/glossary/term/mutual_authentication","abbrSyn":[{"text":"bidirectional authentication","link":"https://csrc.nist.gov/glossary/term/bidirectional_authentication"}],"definitions":[{"text":"The process of both entities involved in a transaction verifying each other. See bidirectional authentication.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]},{"text":"The process of both entities involved in a transaction verifying each other.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Mutual Authentication "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"Occurs when parties at both ends of a communication activity authenticate each other (see authentication).","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Mutual Authentication "}]},{"text":"Two parties authenticating each other at the same time. Also known as mutual authentication or two-way authentication.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under bidirectional authentication "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under bidirectional authentication "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under bidirectional authentication "}]}],"seeAlso":[{"text":"authentication","link":"authentication"}]},{"term":"mutual TLS","link":"https://csrc.nist.gov/glossary/term/mutual_tls","abbrSyn":[{"text":"mTLS","link":"https://csrc.nist.gov/glossary/term/mtls"}],"definitions":null},{"term":"mutual Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/mutual_transport_layer_security","abbrSyn":[{"text":"mTLS","link":"https://csrc.nist.gov/glossary/term/mtls"}],"definitions":null},{"term":"MVNO","link":"https://csrc.nist.gov/glossary/term/mvno","abbrSyn":[{"text":"Mobile Virtual Network Operator","link":"https://csrc.nist.gov/glossary/term/mobile_virtual_network_operator"}],"definitions":null},{"term":"mW","link":"https://csrc.nist.gov/glossary/term/mw","abbrSyn":[{"text":"Milliwatt","link":"https://csrc.nist.gov/glossary/term/milliwatt"}],"definitions":null},{"term":"MWR","link":"https://csrc.nist.gov/glossary/term/mwr","abbrSyn":[{"text":"Morale, Welfare, and Recreation","link":"https://csrc.nist.gov/glossary/term/morale_welfare_and_recreation"}],"definitions":null},{"term":"MX","link":"https://csrc.nist.gov/glossary/term/mx","abbrSyn":[{"text":"Mail Exchange","link":"https://csrc.nist.gov/glossary/term/mail_exchange"},{"text":"Mail Exchange (Resource Record)"},{"text":"Mail Exchanger","link":"https://csrc.nist.gov/glossary/term/mail_exchanger"}],"definitions":null},{"term":"N/A","link":"https://csrc.nist.gov/glossary/term/n_a","abbrSyn":[{"text":"Not Applicable","link":"https://csrc.nist.gov/glossary/term/not_applicable"}],"definitions":null},{"term":"NaaS","link":"https://csrc.nist.gov/glossary/term/naas","abbrSyn":[{"text":"network as a service","link":"https://csrc.nist.gov/glossary/term/network_as_a_service"}],"definitions":null},{"term":"NAC","link":"https://csrc.nist.gov/glossary/term/nac","abbrSyn":[{"text":"National Agency Check","link":"https://csrc.nist.gov/glossary/term/national_agency_check"},{"text":"Network Access Control"}],"definitions":null},{"term":"NACAM","link":"https://csrc.nist.gov/glossary/term/nacam","abbrSyn":[{"text":"National COMSEC Advisory Memorandum","link":"https://csrc.nist.gov/glossary/term/national_comsec_advisory_memorandum"}],"definitions":null},{"term":"NACI","link":"https://csrc.nist.gov/glossary/term/naci","abbrSyn":[{"text":"National Agency Check and Inquiries"},{"text":"National Agency Check with Inquiries","link":"https://csrc.nist.gov/glossary/term/national_agency_check_with_inquiries"},{"text":"National Agency Check with Written Inquiries","link":"https://csrc.nist.gov/glossary/term/national_agency_check_with_written_inquiries"}],"definitions":null},{"term":"NACSI","link":"https://csrc.nist.gov/glossary/term/nacsi","abbrSyn":[{"text":"National COMSEC Instruction","link":"https://csrc.nist.gov/glossary/term/national_comsec_instruction"}],"definitions":null},{"term":"NACSIM","link":"https://csrc.nist.gov/glossary/term/nacsim","abbrSyn":[{"text":"National COMSEC Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_comsec_information_memorandum"}],"definitions":null},{"term":"NAE","link":"https://csrc.nist.gov/glossary/term/nae","abbrSyn":[{"text":"Nonce-based AE","link":"https://csrc.nist.gov/glossary/term/nonce_based_ae"}],"definitions":null},{"term":"NAESB","link":"https://csrc.nist.gov/glossary/term/naesb","abbrSyn":[{"text":"North American Energy Standards Board","link":"https://csrc.nist.gov/glossary/term/north_american_energy_standards_board"}],"definitions":null},{"term":"NAK","link":"https://csrc.nist.gov/glossary/term/nak","abbrSyn":[{"text":"Negative Acknowledgement","link":"https://csrc.nist.gov/glossary/term/negative_acknowledgement"}],"definitions":null},{"term":"NAM","link":"https://csrc.nist.gov/glossary/term/nam","abbrSyn":[{"text":"National Association of Manufacturers","link":"https://csrc.nist.gov/glossary/term/national_association_of_manufacturers"}],"definitions":null},{"term":"name","link":"https://csrc.nist.gov/glossary/term/name","definitions":[{"text":"A unique identifier associated with a registered object. This register assigns two of names, a numeric name and an alpha-numeric name, to each object.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","refSources":[{"text":"ISO/IEC 8824"}]}]}]},{"term":"Name Server","link":"https://csrc.nist.gov/glossary/term/name_server","abbrSyn":[{"text":"NS","link":"https://csrc.nist.gov/glossary/term/ns"}],"definitions":null},{"term":"Namespace isolation","link":"https://csrc.nist.gov/glossary/term/namespace_isolation","definitions":[{"text":"A form of isolation that limits which resources a container may interact with.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"NANOG","link":"https://csrc.nist.gov/glossary/term/nanog","abbrSyn":[{"text":"North American Network Operators Group","link":"https://csrc.nist.gov/glossary/term/north_american_network_operators_group"}],"definitions":null},{"term":"NANU","link":"https://csrc.nist.gov/glossary/term/nanu","abbrSyn":[{"text":"Notice Advisory to NAVSTAR Users","link":"https://csrc.nist.gov/glossary/term/notice_advisory_to_navstar_users"}],"definitions":null},{"term":"NAP","link":"https://csrc.nist.gov/glossary/term/nap","abbrSyn":[{"text":"Network Access Protection","link":"https://csrc.nist.gov/glossary/term/network_access_protection"}],"definitions":null},{"term":"NAPT","link":"https://csrc.nist.gov/glossary/term/napt","abbrSyn":[{"text":"Network Address and Port Translation"},{"text":"Network Address Port Translation","link":"https://csrc.nist.gov/glossary/term/network_address_port_translation"}],"definitions":null},{"term":"NARA","link":"https://csrc.nist.gov/glossary/term/nara","abbrSyn":[{"text":"National Archives and Records Administration","link":"https://csrc.nist.gov/glossary/term/national_archives_and_records_administration"}],"definitions":null},{"term":"NAS","link":"https://csrc.nist.gov/glossary/term/nas","abbrSyn":[{"text":"Network Access Server","link":"https://csrc.nist.gov/glossary/term/network_access_server"},{"text":"Network Attached Storage"},{"text":"Network-attached Storage"},{"text":"Network-Attached Storage","link":"https://csrc.nist.gov/glossary/term/network_attached_storage"},{"text":"Non-Access Stratum","link":"https://csrc.nist.gov/glossary/term/non_access_stratum"}],"definitions":null},{"term":"NASA","link":"https://csrc.nist.gov/glossary/term/nasa","abbrSyn":[{"text":"National Aeronautics and Space Administration","link":"https://csrc.nist.gov/glossary/term/national_aeronautics_and_space_administration"}],"definitions":null},{"term":"NASIC","link":"https://csrc.nist.gov/glossary/term/nasic","abbrSyn":[{"text":"National Air and Space Intelligence Center","link":"https://csrc.nist.gov/glossary/term/national_air_and_space_intelligence_center"}],"definitions":null},{"term":"NAT","link":"https://csrc.nist.gov/glossary/term/nat","abbrSyn":[{"text":"Network Address Translation"},{"text":"Network Address Translator","link":"https://csrc.nist.gov/glossary/term/network_address_translator"}],"definitions":[{"text":"A mechanism for mapping addresses on one network to addresses on another network, typically private addresses to public addresses.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Network Address Translation "}]},{"text":"The process of mapping addresses on one network to addresses on another network.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Network Address Translation "}]}]},{"term":"National Aeronautics and Space Administration","link":"https://csrc.nist.gov/glossary/term/national_aeronautics_and_space_administration","abbrSyn":[{"text":"NASA","link":"https://csrc.nist.gov/glossary/term/nasa"}],"definitions":null},{"term":"National Agency Check with Inquiries","link":"https://csrc.nist.gov/glossary/term/national_agency_check_with_inquiries","abbrSyn":[{"text":"NACI","link":"https://csrc.nist.gov/glossary/term/naci"}],"definitions":null},{"term":"National Air and Space Intelligence Center","link":"https://csrc.nist.gov/glossary/term/national_air_and_space_intelligence_center","abbrSyn":[{"text":"NASIC","link":"https://csrc.nist.gov/glossary/term/nasic"}],"definitions":null},{"term":"National and Commercial Space Programs Act","link":"https://csrc.nist.gov/glossary/term/national_and_commercial_space_programs_act","abbrSyn":[{"text":"NCSPA","link":"https://csrc.nist.gov/glossary/term/ncspa"}],"definitions":null},{"term":"National Archives and Records Administration","link":"https://csrc.nist.gov/glossary/term/national_archives_and_records_administration","abbrSyn":[{"text":"NARA","link":"https://csrc.nist.gov/glossary/term/nara"}],"definitions":null},{"term":"National Association of Manufacturers","link":"https://csrc.nist.gov/glossary/term/national_association_of_manufacturers","abbrSyn":[{"text":"NAM","link":"https://csrc.nist.gov/glossary/term/nam"}],"definitions":null},{"term":"National Association of Water Companies","link":"https://csrc.nist.gov/glossary/term/national_association_of_water_companies","abbrSyn":[{"text":"NAWC","link":"https://csrc.nist.gov/glossary/term/nawc"}],"definitions":null},{"term":"National Center for Biotechnology Information","link":"https://csrc.nist.gov/glossary/term/national_center_for_biotechnology_information","abbrSyn":[{"text":"NCBI","link":"https://csrc.nist.gov/glossary/term/ncbi"}],"definitions":null},{"term":"National Centers for Biomedical Computing","link":"https://csrc.nist.gov/glossary/term/national_centers_for_biomedical_computing","abbrSyn":[{"text":"NCBC","link":"https://csrc.nist.gov/glossary/term/ncbc"}],"definitions":null},{"term":"National Centers of Academic Excellence in Cybersecurity","link":"https://csrc.nist.gov/glossary/term/national_centers_of_academic_excellence_in_cybersecurity","abbrSyn":[{"text":"CAE","link":"https://csrc.nist.gov/glossary/term/cae"}],"definitions":null},{"term":"National Checklist Program","link":"https://csrc.nist.gov/glossary/term/national_checklist_program","abbrSyn":[{"text":"NCP","link":"https://csrc.nist.gov/glossary/term/ncp"}],"definitions":null},{"term":"National Checklist Program Repository","link":"https://csrc.nist.gov/glossary/term/national_checklist_program_repository","definitions":[{"text":"A NIST-maintained repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"National COMSEC Advisory Memorandum","link":"https://csrc.nist.gov/glossary/term/national_comsec_advisory_memorandum","abbrSyn":[{"text":"NACAM","link":"https://csrc.nist.gov/glossary/term/nacam"}],"definitions":null},{"term":"National COMSEC Incident Reporting System (NCIRS)","link":"https://csrc.nist.gov/glossary/term/national_comsec_incident_reporting_system","abbrSyn":[{"text":"NCIRS","link":"https://csrc.nist.gov/glossary/term/ncirs"}],"definitions":[{"text":"System established by the National Security Agency (NSA) as a means of ensuring that all reported incidents are evaluated so that actions can be taken to minimize any adverse impact on national security. The NCIRS is comprised of the organizations within the NSS community (NSA, heads of Department or Agency, material controlling authorities, and product resource managers) responsible for the reporting and evaluation of COMSEC incidents.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4003","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"National COMSEC Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_comsec_information_memorandum","abbrSyn":[{"text":"NACSIM","link":"https://csrc.nist.gov/glossary/term/nacsim"}],"definitions":null},{"term":"National COMSEC Instruction","link":"https://csrc.nist.gov/glossary/term/national_comsec_instruction","abbrSyn":[{"text":"NACSI","link":"https://csrc.nist.gov/glossary/term/nacsi"}],"definitions":null},{"term":"National Coordinating Center for Communications","link":"https://csrc.nist.gov/glossary/term/national_coordinating_center_for_communications","abbrSyn":[{"text":"NCC","link":"https://csrc.nist.gov/glossary/term/ncc"}],"definitions":null},{"term":"National Crime Information Center","link":"https://csrc.nist.gov/glossary/term/national_crime_information_center","abbrSyn":[{"text":"NCIC","link":"https://csrc.nist.gov/glossary/term/ncic"}],"definitions":null},{"term":"National Cyber Awareness System","link":"https://csrc.nist.gov/glossary/term/national_cyber_awareness_system","abbrSyn":[{"text":"NCAS","link":"https://csrc.nist.gov/glossary/term/ncas"}],"definitions":null},{"term":"National Cyber Security Alliance","link":"https://csrc.nist.gov/glossary/term/national_cyber_security_alliance","abbrSyn":[{"text":"NCSA","link":"https://csrc.nist.gov/glossary/term/ncsa"}],"definitions":null},{"term":"National Cybersecurity and Communications Integration Center","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_and_communications_integration_center","abbrSyn":[{"text":"NCCIC","link":"https://csrc.nist.gov/glossary/term/nccic"}],"definitions":null},{"term":"National Cybersecurity Center of Excellence","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_center_of_excellence","abbrSyn":[{"text":"NCCoE","link":"https://csrc.nist.gov/glossary/term/nccoe"}],"definitions":null},{"term":"National Cybersecurity Excellence Partnership","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_excellence_partnership","abbrSyn":[{"text":"NCEP","link":"https://csrc.nist.gov/glossary/term/ncep"}],"definitions":null},{"term":"National Defense Industrial Association","link":"https://csrc.nist.gov/glossary/term/national_defense_industrial_association","abbrSyn":[{"text":"NDIA","link":"https://csrc.nist.gov/glossary/term/ndia"}],"definitions":null},{"term":"National Electric Sector Cybersecurity Resource","link":"https://csrc.nist.gov/glossary/term/national_electric_sector_cybersecurity_resource","abbrSyn":[{"text":"NESCOR","link":"https://csrc.nist.gov/glossary/term/nescor"}],"definitions":null},{"term":"National Electrical Manufacturers Association","link":"https://csrc.nist.gov/glossary/term/national_electrical_manufacturers_association","abbrSyn":[{"text":"NEMA","link":"https://csrc.nist.gov/glossary/term/nema"}],"definitions":null},{"term":"National Environmental Satellite, Data, and Information Service","link":"https://csrc.nist.gov/glossary/term/national_environmental_satellite_data_and_information_service","abbrSyn":[{"text":"NESDIS","link":"https://csrc.nist.gov/glossary/term/nesdis"}],"definitions":null},{"term":"National Essential Functions","link":"https://csrc.nist.gov/glossary/term/national_essential_functions","abbrSyn":[{"text":"NEF","link":"https://csrc.nist.gov/glossary/term/nef"}],"definitions":null},{"term":"National Farmers Union","link":"https://csrc.nist.gov/glossary/term/national_farmers_union","abbrSyn":[{"text":"NFU","link":"https://csrc.nist.gov/glossary/term/nfu"}],"definitions":null},{"term":"National Finance Center","link":"https://csrc.nist.gov/glossary/term/national_finance_center","abbrSyn":[{"text":"NFC","link":"https://csrc.nist.gov/glossary/term/nfc"}],"definitions":null},{"term":"National Fire Protection Association","link":"https://csrc.nist.gov/glossary/term/national_fire_protection_association","abbrSyn":[{"text":"NFPA","link":"https://csrc.nist.gov/glossary/term/nfpa"}],"definitions":null},{"term":"National Geodetic Survey","link":"https://csrc.nist.gov/glossary/term/national_geodetic_survey","abbrSyn":[{"text":"NGS","link":"https://csrc.nist.gov/glossary/term/ngs"}],"definitions":null},{"term":"National Geospatial-Intelligence Agency","link":"https://csrc.nist.gov/glossary/term/national_geospatial_intelligence_agency","abbrSyn":[{"text":"NGA","link":"https://csrc.nist.gov/glossary/term/nga"}],"definitions":null},{"term":"National Highway Traffic Safety Administration","link":"https://csrc.nist.gov/glossary/term/national_highway_traffic_safety_administration","abbrSyn":[{"text":"NHTSA","link":"https://csrc.nist.gov/glossary/term/nhtsa"}],"definitions":null},{"term":"National Identity Exchange Federation","link":"https://csrc.nist.gov/glossary/term/national_identity_exchange_federation","abbrSyn":[{"text":"NIEF","link":"https://csrc.nist.gov/glossary/term/nief"}],"definitions":null},{"term":"National Incident Management System","link":"https://csrc.nist.gov/glossary/term/national_incident_management_system","abbrSyn":[{"text":"NIMS","link":"https://csrc.nist.gov/glossary/term/nims"}],"definitions":null},{"term":"National Industrial Security Program Operating Manual","link":"https://csrc.nist.gov/glossary/term/national_industrial_security_program_operating_manual","abbrSyn":[{"text":"NISPOM","link":"https://csrc.nist.gov/glossary/term/nispom"}],"definitions":null},{"term":"National Information Assurance Partnership (NIAP)","link":"https://csrc.nist.gov/glossary/term/national_information_assurance_partnership","abbrSyn":[{"text":"NIAP","link":"https://csrc.nist.gov/glossary/term/niap"}],"definitions":[{"text":"A U.S. Government initiative established to promote the use of evaluated information systems products and champion the development and use of national and international standards for information technology security. NIAP was originally established as collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under P.L. 100-235 (Computer Security Act of 1987). NIST officially withdrew from the partnership in 2007 but NSA continues to manage and operate the program. The key operational component of NIAP is the Common Criteria Evaluation and Validation Scheme (CCEVS) which is the only U.S. Government- sponsored and endorsed program for conducting internationally-recognized security evaluations of commercial off-the-shelf (COTS) information assurance (IA) and IA-enabled information technology products. NIAP employs the CCEVS to provide government oversight or “validation” to U.S. Common Criteria (CC) evaluations to ensure correct conformance to the International Common Criteria for IT Security Evaluation (ISO/IEC 15408).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"national information infrastructure (NII)","link":"https://csrc.nist.gov/glossary/term/national_information_infrastructure","abbrSyn":[{"text":"NII","link":"https://csrc.nist.gov/glossary/term/nii"}],"definitions":[{"text":"Nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the internet, the public switched network, and cable, wireless, and satellite communications.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"National Infrastructure Advisory Council","link":"https://csrc.nist.gov/glossary/term/national_infrastructure_advisory_council","abbrSyn":[{"text":"NIAC","link":"https://csrc.nist.gov/glossary/term/niac"}],"definitions":null},{"term":"National Infrastructure Protection Plan","link":"https://csrc.nist.gov/glossary/term/national_infrastructure_protection_plan","abbrSyn":[{"text":"NIPP","link":"https://csrc.nist.gov/glossary/term/nipp"}],"definitions":null},{"term":"National Initiative for Cybersecurity Education","link":"https://csrc.nist.gov/glossary/term/national_initiative_for_cybersecurity_education","abbrSyn":[{"text":"NICE","link":"https://csrc.nist.gov/glossary/term/nice"}],"definitions":null},{"term":"National Institute of Justice","link":"https://csrc.nist.gov/glossary/term/national_institute_of_justice","abbrSyn":[{"text":"NIJ","link":"https://csrc.nist.gov/glossary/term/nij"}],"definitions":null},{"term":"National Institute of Standards and Technology","link":"https://csrc.nist.gov/glossary/term/national_institute_of_standards_and_technology","abbrSyn":[{"text":"NIST","link":"https://csrc.nist.gov/glossary/term/nist"}],"definitions":null},{"term":"National Institutes of Health","link":"https://csrc.nist.gov/glossary/term/national_institutes_of_health","abbrSyn":[{"text":"NIH","link":"https://csrc.nist.gov/glossary/term/nih"}],"definitions":null},{"term":"National Institutes of Health Information Technology Acquisition and Assessment Center","link":"https://csrc.nist.gov/glossary/term/national_institutes_of_hit_acquisition_assessment_ctr","abbrSyn":[{"text":"NITAAC","link":"https://csrc.nist.gov/glossary/term/nitaac"}],"definitions":null},{"term":"National Interest Determination","link":"https://csrc.nist.gov/glossary/term/national_interest_determination","abbrSyn":[{"text":"NID","link":"https://csrc.nist.gov/glossary/term/nid"}],"definitions":null},{"term":"National Law Enforcement and Corrections Technology Center–North East","link":"https://csrc.nist.gov/glossary/term/national_law_enforcement_corrections_technology_center_northeast","abbrSyn":[{"text":"NLECTC-NE","link":"https://csrc.nist.gov/glossary/term/nlectc_ne"}],"definitions":null},{"term":"National Oceanic and Atmospheric Administration","link":"https://csrc.nist.gov/glossary/term/national_oceanic_and_atmospheric_administration","abbrSyn":[{"text":"NOAA","link":"https://csrc.nist.gov/glossary/term/noaa"}],"definitions":null},{"term":"National Online Informative References Program","link":"https://csrc.nist.gov/glossary/term/national_online_informative_references_program","abbrSyn":[{"text":"OLIR","link":"https://csrc.nist.gov/glossary/term/olir"}],"definitions":null},{"term":"National Public Safety Broadband Network","link":"https://csrc.nist.gov/glossary/term/national_public_safety_broadband_network","abbrSyn":[{"text":"NPSBN","link":"https://csrc.nist.gov/glossary/term/npsbn"}],"definitions":null},{"term":"National Public Safety Telecommunications Council","link":"https://csrc.nist.gov/glossary/term/national_public_safety_telecommunications_council","abbrSyn":[{"text":"NPSTC","link":"https://csrc.nist.gov/glossary/term/npstc"}],"definitions":null},{"term":"National Renewable Energy Laboratory","link":"https://csrc.nist.gov/glossary/term/national_renewable_energy_laboratory","abbrSyn":[{"text":"NREL","link":"https://csrc.nist.gov/glossary/term/nrel"}],"definitions":null},{"term":"National Science Foundation","link":"https://csrc.nist.gov/glossary/term/national_science_foundation","abbrSyn":[{"text":"NSF","link":"https://csrc.nist.gov/glossary/term/nsf"}],"definitions":null},{"term":"National Security Agency","link":"https://csrc.nist.gov/glossary/term/national_security_agency","abbrSyn":[{"text":"NSA","link":"https://csrc.nist.gov/glossary/term/nsa"}],"definitions":null},{"term":"National Security Agency/Central Security Service","link":"https://csrc.nist.gov/glossary/term/national_security_agency_central_security_service","abbrSyn":[{"text":"NSA/CSS","link":"https://csrc.nist.gov/glossary/term/nsa_css"}],"definitions":null},{"term":"National Security and Emergency Preparedness","link":"https://csrc.nist.gov/glossary/term/national_security_and_emergency_preparedness","abbrSyn":[{"text":"NS/EP","link":"https://csrc.nist.gov/glossary/term/ns_ep"}],"definitions":null},{"term":"National Security Council","link":"https://csrc.nist.gov/glossary/term/national_security_council","abbrSyn":[{"text":"NSC","link":"https://csrc.nist.gov/glossary/term/nsc"}],"definitions":null},{"term":"National Security Council’s Cyber Interagency Policy Committee","link":"https://csrc.nist.gov/glossary/term/national_security_councils_cyber_interagency_policy_committee","abbrSyn":[{"text":"NSC’s Cyber IPC","link":"https://csrc.nist.gov/glossary/term/nsc_cyber_ipc"}],"definitions":null},{"term":"National Security Decision Directive","link":"https://csrc.nist.gov/glossary/term/national_security_decision_directive","abbrSyn":[{"text":"NSDD","link":"https://csrc.nist.gov/glossary/term/nsdd"}],"definitions":null},{"term":"National Security Directive","link":"https://csrc.nist.gov/glossary/term/national_security_directive","abbrSyn":[{"text":"NSD","link":"https://csrc.nist.gov/glossary/term/nsd"}],"definitions":null},{"term":"National Security Emergency Preparedness Telecommunications Services","link":"https://csrc.nist.gov/glossary/term/national_security_emergency_preparedness_telecommunications_services","definitions":[{"text":"Telecommunications services that are used to maintain a state of readiness or to respond to and manage any event or crisis (local, national, or international) that causes or could cause injury or harm to the population, damage to or loss of property, or degrade or threaten the national security or emergency preparedness posture of the United States.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under national security emergency preparedness telecommunications services ","refSources":[{"text":"47 C.F.R., Part 64 Appendix A","link":"https://www.ecfr.gov/cgi-bin/text-idx?node=pt47.3.64&rgn=div5#ap47.3.64_16308.a"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","refSources":[{"text":"47 C.F.R., Part 64 Appendix A","link":"https://www.ecfr.gov/cgi-bin/text-idx?node=pt47.3.64&rgn=div5#ap47.3.64_16308.a"}]}]}]},{"term":"national security information (NSI)","link":"https://csrc.nist.gov/glossary/term/national_security_information","abbrSyn":[{"text":"classified national security information","link":"https://csrc.nist.gov/glossary/term/classified_national_security_information"},{"text":"NSI","link":"https://csrc.nist.gov/glossary/term/nsi"}],"definitions":[{"text":"Information that has been determined pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under NATIONAL SECURITY INFORMATION "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under National Security Information "}]},{"text":"Information that has been determined pursuant to Executive Order (E.O.) 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under classified national security information ","refSources":[{"text":"E.O. 13526","link":"https://www.govinfo.gov/app/details/CFR-2010-title3-vol1/CFR-2010-title3-vol1-eo13526"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under classified national security information ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under classified national security information ","refSources":[{"text":"E.O. 13526","link":"https://www.govinfo.gov/app/details/CFR-2010-title3-vol1/CFR-2010-title3-vol1-eo13526"}]}]},{"text":"Information that Executive Order 13526, \"Classified National Security Information,\" December 29, 2009 (3 CFR, 2010 Comp., p. 298), or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended, requires agencies to mark with classified markings and protect against unauthorized disclosure. ","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"classified information","link":"classified_information"}]},{"term":"National Security Presidential Directive","link":"https://csrc.nist.gov/glossary/term/national_security_presidential_directive","abbrSyn":[{"text":"NSPD","link":"https://csrc.nist.gov/glossary/term/nspd"}],"definitions":null},{"term":"national security system (NSS)","link":"https://csrc.nist.gov/glossary/term/national_security_system","abbrSyn":[{"text":"NSS","link":"https://csrc.nist.gov/glossary/term/nss"}],"definitions":[{"text":"(A) Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency— (i) the function, operation, or use of which— (I) involves intelligence activities; (II) involves cryptologic activities related to national security; (III) involves command and control of military forces; (IV) involves equipment that is an integral part of a weapon or weapons system; or (V) subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (B) Subparagraph (A) (i) (V) does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under national security system ","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(2)","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency— (i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under NATIONAL SECURITY SYSTEM ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"(A) Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency— \n(i) the function, operation, or use of which— \n(I) involves intelligence activities; \n(II) involves cryptologic activities related to national security; \n(III) involves command and control of military forces; \n(IV) involves equipment that is an integral part of a weapon or weapons system; or \n(V) subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or \n(ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. \n(B) Subparagraph (A) (i) (V) does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"44 U.S.C., Sec. 3542 (b)(2)","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under national security system ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under national security system ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under national security system ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under national security system ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency (i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor on behalf of an agency, or any other organization on behalf of an agency –\n(i) the function, operation, or use of which: involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapon system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example payroll, finance, logistics, and personnel management applications); or \n(ii) is protected at all times by procedures established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"those telecommunications and information systems operated by the U.S. Government, its contractors,\nor agents, that contain classified information or, as set forth in 10 U.S.C. 2315, that involves intelligence activities, involves cryptologic activities related to national security, involves command and control of military forces, involves equipment that is an integral part of a weapon or weapon system, or involves equipment that is critical to the direct\nfulfillment of military or intelligence missions.","sources":[{"text":"NIST SP 800-12","link":"https://doi.org/10.6028/NIST.SP.800-12","note":" [Superseded]","underTerm":" under national security systems ","refSources":[{"text":"National Security Directive 42"}]}]}]},{"term":"National Security Telecommunications Advisory Committee","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_advisory_committee","abbrSyn":[{"text":"NSTAC","link":"https://csrc.nist.gov/glossary/term/nstac"}],"definitions":null},{"term":"National Security Telecommunications and Information Systems Security Advisory/Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_advisory_information_memorandum","abbrSyn":[{"text":"NSTISSAM","link":"https://csrc.nist.gov/glossary/term/nstissam"}],"definitions":null},{"term":"National Security Telecommunications and Information Systems Security Committee","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_committee","abbrSyn":[{"text":"NSTISSC","link":"https://csrc.nist.gov/glossary/term/nstissc"}],"definitions":null},{"term":"National Security Telecommunications and Information Systems Security Directive","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_directive","abbrSyn":[{"text":"NSTISSD","link":"https://csrc.nist.gov/glossary/term/nstissd"}],"definitions":null},{"term":"National Security Telecommunications and Information Systems Security Instruction","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_instruction","abbrSyn":[{"text":"NSTISSI","link":"https://csrc.nist.gov/glossary/term/nstissi"}],"definitions":null},{"term":"National Security Telecommunications and Information Systems Security Policy","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_policy","abbrSyn":[{"text":"NSTISSP","link":"https://csrc.nist.gov/glossary/term/nstissp"}],"definitions":null},{"term":"National Software Reference Library","link":"https://csrc.nist.gov/glossary/term/national_software_reference_library","abbrSyn":[{"text":"NSRL","link":"https://csrc.nist.gov/glossary/term/nsrl"}],"definitions":null},{"term":"National Strategic Computing Initiative","link":"https://csrc.nist.gov/glossary/term/national_strategic_computing_initiative","abbrSyn":[{"text":"NSCI","link":"https://csrc.nist.gov/glossary/term/nsci"}],"definitions":null},{"term":"National Technology Transfer and Advancement Act","link":"https://csrc.nist.gov/glossary/term/national_technology_transfer_and_advancement_act","abbrSyn":[{"text":"NTTAA","link":"https://csrc.nist.gov/glossary/term/nttaa"}],"definitions":null},{"term":"National Telecommunications and Information Administration","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_administration","abbrSyn":[{"text":"NTIA","link":"https://csrc.nist.gov/glossary/term/ntia"}],"definitions":null},{"term":"National Telecommunications and Information Systems Security Advisory/Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_advisory_information_memorandum","abbrSyn":[{"text":"NTISSAM","link":"https://csrc.nist.gov/glossary/term/ntissam"}],"definitions":null},{"term":"National Telecommunications and Information Systems Security Directive","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_directive","abbrSyn":[{"text":"NTISSD","link":"https://csrc.nist.gov/glossary/term/ntissd"}],"definitions":null},{"term":"National Telecommunications and Information Systems Security Instruction","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_instruction","abbrSyn":[{"text":"NTISSI","link":"https://csrc.nist.gov/glossary/term/ntissi"}],"definitions":null},{"term":"National Telecommunications and Information Systems Security Policy","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_policy","abbrSyn":[{"text":"NTISSP","link":"https://csrc.nist.gov/glossary/term/ntissp"}],"definitions":null},{"term":"National Transportation Safety Board","link":"https://csrc.nist.gov/glossary/term/national_transportation_safety_board","abbrSyn":[{"text":"NTSB","link":"https://csrc.nist.gov/glossary/term/ntsb"}],"definitions":null},{"term":"National Voluntary Laboratory Accreditation Program","link":"https://csrc.nist.gov/glossary/term/national_voluntary_laboratory_accreditation_program","abbrSyn":[{"text":"NVLAP","link":"https://csrc.nist.gov/glossary/term/nvlap"}],"definitions":null},{"term":"National Vulnerability Database","link":"https://csrc.nist.gov/glossary/term/national_vulnerability_database","abbrSyn":[{"text":"NVD","link":"https://csrc.nist.gov/glossary/term/nvd"}],"definitions":[{"text":"The U.S. Government repository of standards-based vulnerability management data, enabling automation of vulnerability management, security measurement, and compliance (e.g., FISMA).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NVD","link":"https://nvd.nist.gov/"}]}]},{"text":"The U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data informs automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"},{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4","refSources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]}]},{"term":"National White Collar Crime Center","link":"https://csrc.nist.gov/glossary/term/national_white_collar_crime_center","abbrSyn":[{"text":"NW3C","link":"https://csrc.nist.gov/glossary/term/nw3c"}],"definitions":null},{"term":"National Agency Check with Written Inquiries","link":"https://csrc.nist.gov/glossary/term/national_agency_check_with_written_inquiries","abbrSyn":[{"text":"NACI","link":"https://csrc.nist.gov/glossary/term/naci"}],"definitions":null},{"term":"National Criminal History Check","link":"https://csrc.nist.gov/glossary/term/national_criminal_history_check","abbrSyn":[{"text":"NCHC","link":"https://csrc.nist.gov/glossary/term/nchc"}],"definitions":null},{"term":"NATO","link":"https://csrc.nist.gov/glossary/term/nato","abbrSyn":[{"text":"North Atlantic Treaty Organization","link":"https://csrc.nist.gov/glossary/term/north_atlantic_treaty_organization"}],"definitions":null},{"term":"Natural Language Policy","link":"https://csrc.nist.gov/glossary/term/natural_language_policy","abbrSyn":[{"text":"NLP","link":"https://csrc.nist.gov/glossary/term/nlp"}],"definitions":null},{"term":"Naval Sea Systems Command","link":"https://csrc.nist.gov/glossary/term/naval_sea_systems_command","abbrSyn":[{"text":"NAVSEA","link":"https://csrc.nist.gov/glossary/term/navsea"}],"definitions":null},{"term":"Naval Surface Warfare Center","link":"https://csrc.nist.gov/glossary/term/naval_surface_warfare_center","abbrSyn":[{"text":"NSWC","link":"https://csrc.nist.gov/glossary/term/nswc"}],"definitions":null},{"term":"NAVCEN","link":"https://csrc.nist.gov/glossary/term/navcen","abbrSyn":[{"text":"U.S. Coast Guard Navigation Center","link":"https://csrc.nist.gov/glossary/term/us_coast_guard_navigation_center"}],"definitions":null},{"term":"navigation","link":"https://csrc.nist.gov/glossary/term/navigation","definitions":[{"text":"The ability to determine a current and desired position (relative or absolute) and apply corrections to course, orientation, and speed to attain a desired position. Navigation coverage requirements could be global, from sub-surface to surface and from surface to space.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"What is PNT (DOT)","link":"https://www.transportation.gov/pnt/what-positioning-navigation-and-timing-pnt"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"What is PNT (DOT)","link":"https://www.transportation.gov/pnt/what-positioning-navigation-and-timing-pnt","note":" - adapted"}]}]}]},{"term":"NAVSEA","link":"https://csrc.nist.gov/glossary/term/navsea","abbrSyn":[{"text":"Naval Sea Systems Command","link":"https://csrc.nist.gov/glossary/term/naval_sea_systems_command"}],"definitions":null},{"term":"NAWC","link":"https://csrc.nist.gov/glossary/term/nawc","abbrSyn":[{"text":"National Association of Water Companies","link":"https://csrc.nist.gov/glossary/term/national_association_of_water_companies"}],"definitions":null},{"term":"NC","link":"https://csrc.nist.gov/glossary/term/nc","abbrSyn":[{"text":"Nonce"},{"text":"Non-component","link":"https://csrc.nist.gov/glossary/term/non_component"}],"definitions":[{"text":"A varying value that has, at most, a negligible chance of repeating; for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating – for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Nonce "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating; for example, a random value that is generated anew for each use, a time-stamp, a sequence number, or some combination of these. It can be a secret or non-secret value.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Nonce "}]},{"text":"A value that is used only once.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Nonce "}]},{"text":"A value that is used only once within a specified context.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Nonce "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Nonce "}]},{"text":"A randomly generated value used to defeat “playback” attacks in communication protocols. One party randomly generates a nonce and sends it to the other party. The receiver encrypts it using the agreed upon secret key and returns it to the sender. Because the sender randomly generated the nonce, this defeats playback attacks because the replayer cannot know in advance the nonce the sender will generate. The receiver denies connections that do not have the correctly encrypted nonce.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most an acceptably small chance of repeating. For example, the nonce may be a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols SHALL not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating, e.g., a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Nonce "}]},{"text":"A time-varying value that has an acceptably small chance of repeating. For example, a nonce is a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Nonce "}]},{"text":"A time-varying value that has (at most) an acceptably small chance of repeating. For example, the nonce may be a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Nonce "}]},{"text":"See Cryptographic Nonce","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Nonce "}]},{"text":"A time-varying value that has, at most, an acceptably small chance of repeating. For example, a nonce is a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols must not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Nonce "}]}]},{"term":"NCAS","link":"https://csrc.nist.gov/glossary/term/ncas","abbrSyn":[{"text":"National Cyber Awareness System","link":"https://csrc.nist.gov/glossary/term/national_cyber_awareness_system"}],"definitions":null},{"term":"NCBC","link":"https://csrc.nist.gov/glossary/term/ncbc","abbrSyn":[{"text":"National Centers for Biomedical Computing","link":"https://csrc.nist.gov/glossary/term/national_centers_for_biomedical_computing"}],"definitions":null},{"term":"NCBI","link":"https://csrc.nist.gov/glossary/term/ncbi","abbrSyn":[{"text":"National Center for Biotechnology Information","link":"https://csrc.nist.gov/glossary/term/national_center_for_biotechnology_information"}],"definitions":null},{"term":"NCC","link":"https://csrc.nist.gov/glossary/term/ncc","abbrSyn":[{"text":"National Coordinating Center for Communications","link":"https://csrc.nist.gov/glossary/term/national_coordinating_center_for_communications"}],"definitions":null},{"term":"NCC FSWG","link":"https://csrc.nist.gov/glossary/term/nccfswg","abbrSyn":[{"text":"NIST Cloud Computing Forensic Science Working Group","link":"https://csrc.nist.gov/glossary/term/nist_cloud_computing_forensic_science_working_group"}],"definitions":null},{"term":"NCCIC","link":"https://csrc.nist.gov/glossary/term/nccic","abbrSyn":[{"text":"National Cybersecurity & Communications Integration Center"},{"text":"National Cybersecurity and Communications Integration Center","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_and_communications_integration_center"}],"definitions":null},{"term":"NCCoE","link":"https://csrc.nist.gov/glossary/term/nccoe","abbrSyn":[{"text":"National Cybersecurity Center of Excellence","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_center_of_excellence"}],"definitions":null},{"term":"NCCP","link":"https://csrc.nist.gov/glossary/term/nccp","abbrSyn":[{"text":"NIST Cloud Computing Program","link":"https://csrc.nist.gov/glossary/term/nist_cloud_computing_program"}],"definitions":null},{"term":"NCEP","link":"https://csrc.nist.gov/glossary/term/ncep","abbrSyn":[{"text":"National Cybersecurity Excellence Partnership","link":"https://csrc.nist.gov/glossary/term/national_cybersecurity_excellence_partnership"}],"definitions":null},{"term":"NCES","link":"https://csrc.nist.gov/glossary/term/nces","abbrSyn":[{"text":"NetCentric Enterprise Services","link":"https://csrc.nist.gov/glossary/term/netcentric_enterprise_services"}],"definitions":null},{"term":"NCF","link":"https://csrc.nist.gov/glossary/term/ncf","abbrSyn":[{"text":"network configuration feature","link":"https://csrc.nist.gov/glossary/term/network_configuration_feature"}],"definitions":null},{"term":"NCHC","link":"https://csrc.nist.gov/glossary/term/nchc","abbrSyn":[{"text":"National Criminal History Check","link":"https://csrc.nist.gov/glossary/term/national_criminal_history_check"}],"definitions":null},{"term":"NCIC","link":"https://csrc.nist.gov/glossary/term/ncic","abbrSyn":[{"text":"National Crime Information Center","link":"https://csrc.nist.gov/glossary/term/national_crime_information_center"}],"definitions":null},{"term":"NCIRS","link":"https://csrc.nist.gov/glossary/term/ncirs","abbrSyn":[{"text":"National COMSEC Incident Reporting System"}],"definitions":null},{"term":"NCP","link":"https://csrc.nist.gov/glossary/term/ncp","abbrSyn":[{"text":"National Checklist Program","link":"https://csrc.nist.gov/glossary/term/national_checklist_program"}],"definitions":null},{"term":"NCSA","link":"https://csrc.nist.gov/glossary/term/ncsa","abbrSyn":[{"text":"National Cyber Security Alliance","link":"https://csrc.nist.gov/glossary/term/national_cyber_security_alliance"}],"definitions":null},{"term":"NCSPA","link":"https://csrc.nist.gov/glossary/term/ncspa","abbrSyn":[{"text":"National and Commercial Space Programs Act","link":"https://csrc.nist.gov/glossary/term/national_and_commercial_space_programs_act"}],"definitions":null},{"term":"ND","link":"https://csrc.nist.gov/glossary/term/nd","abbrSyn":[{"text":"Neighbor Discovery","link":"https://csrc.nist.gov/glossary/term/neighbor_discovery"}],"definitions":null},{"term":"NDA","link":"https://csrc.nist.gov/glossary/term/nda","abbrSyn":[{"text":"Non-disclosure Agreement"},{"text":"Non-Disclosure Agreement"}],"definitions":null},{"term":"NDAC","link":"https://csrc.nist.gov/glossary/term/ndac","abbrSyn":[{"text":"Next-generation Database Access Control","link":"https://csrc.nist.gov/glossary/term/next_generation_database_access_control"},{"text":"non-discretionary access control","link":"https://csrc.nist.gov/glossary/term/non_discretionary_access_control"}],"definitions":[{"text":"See mandatory access control (MAC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under non-discretionary access control "}]}]},{"term":"NDI","link":"https://csrc.nist.gov/glossary/term/ndi","abbrSyn":[{"text":"Non-Developmental Item","link":"https://csrc.nist.gov/glossary/term/non_developmental_item"},{"text":"Non-Developmental Items","link":"https://csrc.nist.gov/glossary/term/non_developmental_items"}],"definitions":null},{"term":"NDIA","link":"https://csrc.nist.gov/glossary/term/ndia","abbrSyn":[{"text":"National Defense Industrial Association","link":"https://csrc.nist.gov/glossary/term/national_defense_industrial_association"}],"definitions":null},{"term":"NDMP","link":"https://csrc.nist.gov/glossary/term/ndmp","abbrSyn":[{"text":"Network Data Management Protocol","link":"https://csrc.nist.gov/glossary/term/network_data_management_protocol"}],"definitions":null},{"term":"NDS/IP","link":"https://csrc.nist.gov/glossary/term/nds_ip","abbrSyn":[{"text":"Network Domain Security / Internet Protocol","link":"https://csrc.nist.gov/glossary/term/network_domain_security___internet_protocol"}],"definitions":null},{"term":"NEA","link":"https://csrc.nist.gov/glossary/term/nea","abbrSyn":[{"text":"Network Endpoint Assessment","link":"https://csrc.nist.gov/glossary/term/network_endpoint_assessment"},{"text":"Nuclear Energy Agency","link":"https://csrc.nist.gov/glossary/term/nuclear_energy_agency"}],"definitions":null},{"term":"Near Field Communication (NFC)","link":"https://csrc.nist.gov/glossary/term/near_field_communication","abbrSyn":[{"text":"NFC","link":"https://csrc.nist.gov/glossary/term/nfc"}],"definitions":[{"text":"A form of contactless, close proximity, radio communications based on radio-frequency identification (RFID) technology.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"need-to-know","link":"https://csrc.nist.gov/glossary/term/need_to_know","definitions":[{"text":"A determination within the executive branch in accordance with directives issued pursuant to this order that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"E.O. 13526","link":"https://www.govinfo.gov/app/details/CFR-2010-title3-vol1/CFR-2010-title3-vol1-eo13526"}]}]},{"text":"Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under need-to-know determination "}]}]},{"term":"NEF","link":"https://csrc.nist.gov/glossary/term/nef","abbrSyn":[{"text":"National Essential Functions","link":"https://csrc.nist.gov/glossary/term/national_essential_functions"}],"definitions":null},{"term":"Negative Acknowledgement","link":"https://csrc.nist.gov/glossary/term/negative_acknowledgement","abbrSyn":[{"text":"NAK","link":"https://csrc.nist.gov/glossary/term/nak"}],"definitions":null},{"term":"negative risk","link":"https://csrc.nist.gov/glossary/term/negative_risk","abbrSyn":[{"text":"threat","link":"https://csrc.nist.gov/glossary/term/threat"}],"definitions":[{"text":"Any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.","sources":[{"text":"NIST SP 1800-30B","link":"https://doi.org/10.6028/NIST.SP.1800-30","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","note":" - adapted"}]}]},{"text":"Potential cause of unacceptable asset loss and the undesirable consequences or impact of such a loss.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, or denial of service.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service; the potential for a threat source to successfully exploit a particular information system vulnerability.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact agency operations (including safety, mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under threat ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations.","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221","underTerm":" under threat "}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under threat ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under threat ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The potential for a “threat source” (defined below) to exploit (intentional) or trigger (accidental) a specific vulnerability.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under threat "}]},{"text":"potential cause of an unwanted incident, which may result in harm to a system or organization","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under threat ","refSources":[{"text":"ISO/IEC 27000:2014"}]}]},{"text":"Any circumstance or event with the potential to harm an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Threats arise from human actions and natural events.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under threat "}]},{"text":"An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss. \nNote: The specific causes of asset loss, and for which the consequences of asset loss are assessed, can arise from a variety of conditions and events related to adversity, typically referred to as disruptions, hazards, or threats. Regardless of the specific term used, the basis of asset loss constitutes all forms of intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness, defect, fault, and/or failure events and associated conditions.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat "}]},{"text":"An event or condition that has the potential for causing asset loss and the undesirable consequences or impact from such loss.\nNote: The specific causes of asset loss, and for which the consequences of asset loss are assessed, can arise from a variety of conditions and events related to adversity, typically referred to as disruptions, hazards, or threats. Regardless of the specific term used, the basis of asset loss constitutes all forms of intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness, defect, fault, and/or failure events and associated conditions.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat "}]}]},{"term":"nei","link":"https://csrc.nist.gov/glossary/term/nei","abbrSyn":[{"text":"Nuclear Energy Institute","link":"https://csrc.nist.gov/glossary/term/nuclear_energy_institute"}],"definitions":null},{"term":"Neighbor Discovery","link":"https://csrc.nist.gov/glossary/term/neighbor_discovery","abbrSyn":[{"text":"ND","link":"https://csrc.nist.gov/glossary/term/nd"}],"definitions":null},{"term":"NEMA","link":"https://csrc.nist.gov/glossary/term/nema","abbrSyn":[{"text":"National Electrical Manufacturers Association","link":"https://csrc.nist.gov/glossary/term/national_electrical_manufacturers_association"}],"definitions":null},{"term":"NERC","link":"https://csrc.nist.gov/glossary/term/nerc","abbrSyn":[{"text":"North American Electric Reliability Corporation","link":"https://csrc.nist.gov/glossary/term/north_american_electric_reliability_corporation"},{"text":"North American Electric Reliability Council"}],"definitions":null},{"term":"NERC CIP","link":"https://csrc.nist.gov/glossary/term/nerc_cip","abbrSyn":[{"text":"North American Electric Reliability Corporation Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/north_american_electric_reliability_corporation_critical_infrastructure_protection"}],"definitions":null},{"term":"NESAG","link":"https://csrc.nist.gov/glossary/term/nesag","abbrSyn":[{"text":"Network Equipment Security Assurance Group","link":"https://csrc.nist.gov/glossary/term/network_equipment_security_assurance_group"}],"definitions":null},{"term":"NESCOR","link":"https://csrc.nist.gov/glossary/term/nescor","abbrSyn":[{"text":"National Electric Sector Cybersecurity Resource","link":"https://csrc.nist.gov/glossary/term/national_electric_sector_cybersecurity_resource"}],"definitions":null},{"term":"NESDIS","link":"https://csrc.nist.gov/glossary/term/nesdis","abbrSyn":[{"text":"National Environmental Satellite, Data, and Information Service","link":"https://csrc.nist.gov/glossary/term/national_environmental_satellite_data_and_information_service"}],"definitions":null},{"term":"Nessus Network Monitor","link":"https://csrc.nist.gov/glossary/term/nessus_network_monitor","abbrSyn":[{"text":"NNM","link":"https://csrc.nist.gov/glossary/term/nnm"}],"definitions":null},{"term":"NetBEUI","link":"https://csrc.nist.gov/glossary/term/netbeui","abbrSyn":[{"text":"NetBIOS Extended User Interface","link":"https://csrc.nist.gov/glossary/term/netbios_extended_user_interface"}],"definitions":null},{"term":"NetBIOS","link":"https://csrc.nist.gov/glossary/term/netbios","abbrSyn":[{"text":"Network Basic Input/Output System","link":"https://csrc.nist.gov/glossary/term/network_basic_input_output_system"}],"definitions":null},{"term":"NetBIOS Extended User Interface","link":"https://csrc.nist.gov/glossary/term/netbios_extended_user_interface","abbrSyn":[{"text":"NetBEUI","link":"https://csrc.nist.gov/glossary/term/netbeui"}],"definitions":null},{"term":"NetCentric Enterprise Services","link":"https://csrc.nist.gov/glossary/term/netcentric_enterprise_services","abbrSyn":[{"text":"NCES","link":"https://csrc.nist.gov/glossary/term/nces"}],"definitions":null},{"term":"NETCONF","link":"https://csrc.nist.gov/glossary/term/netconf","abbrSyn":[{"text":"Network Configuration Protocol","link":"https://csrc.nist.gov/glossary/term/network_configuration_protocol"}],"definitions":null},{"term":"Netscape Server Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/netscape_server_application_programming_interface","abbrSyn":[{"text":"NSAPI","link":"https://csrc.nist.gov/glossary/term/nsapi"}],"definitions":null},{"term":"network","link":"https://csrc.nist.gov/glossary/term/network","definitions":[{"text":"Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Network ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A system implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"An open communications medium, typically the Internet, used to transport messages between the claimant and other parties. Unless otherwise stated, no assumptions are made about the network’s security; it is assumed to be open and subject to active (e.g., impersonation, man-in-the- middle, session hijacking) and passive (e.g., eavesdropping) attack at any point between the parties (e.g., claimant, verifier, CSP, RP).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Network "}]},{"text":"An open communications medium, typically the Internet, used to transport messages between the claimant and other parties. Unless otherwise stated, no assumptions are made about the network’s security; it is assumed to be open and subject to active (e.g., impersonation, man-in-the-middle, session hijacking) and passive (e.g., eavesdropping) attack at any point between the parties (e.g., claimant, verifier, CSP, RP).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Network "}]},{"text":"A system implemented with a collection of connected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"An information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Network "}]},{"text":"An open communications medium, typically the Internet, that is used to transport messages between the Claimant and other parties. Unless otherwise stated, no assumptions are made about the security of the network; it is assumed to be open and subject to active (i.e., impersonation, man-in-the-middle, session hijacking) and passive (i.e., eavesdropping) attack at any point between the parties (e.g., Claimant, Verifier, CSP or RP).","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Network "}]}]},{"term":"network access","link":"https://csrc.nist.gov/glossary/term/network_access","definitions":[{"text":"Access to a system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, the internet).","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Access to a system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"Access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Network Access "}]},{"text":"Access to a system by a user (or a process acting on behalf of a user) communicating through a network (e.g., a local area network, a wide area network, and Internet).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"Access to a system by a user (or a process acting on behalf of a user) communicating through a network, including a local area network, a wide area network, and the Internet.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"any access across a network connection in lieu of local access (i.e., user being physically present at the device).","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Network Access "},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Network Access "},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Network Access "},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Network Access "},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Network Access "}]}]},{"term":"Network Access Control (NAC)","link":"https://csrc.nist.gov/glossary/term/network_access_control","abbrSyn":[{"text":"NAC","link":"https://csrc.nist.gov/glossary/term/nac"}],"definitions":[{"text":"A feature provided by some firewalls that allows access based on a user’s credentials and the results of health checks performed on the telework client device.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Network Access Protection","link":"https://csrc.nist.gov/glossary/term/network_access_protection","abbrSyn":[{"text":"NAP","link":"https://csrc.nist.gov/glossary/term/nap"}],"definitions":null},{"term":"Network Access Server","link":"https://csrc.nist.gov/glossary/term/network_access_server","abbrSyn":[{"text":"NAS","link":"https://csrc.nist.gov/glossary/term/nas"}],"definitions":null},{"term":"Network Address Port Translation","link":"https://csrc.nist.gov/glossary/term/network_address_port_translation","abbrSyn":[{"text":"NAPT","link":"https://csrc.nist.gov/glossary/term/napt"}],"definitions":null},{"term":"Network Address Translation (NAT)","link":"https://csrc.nist.gov/glossary/term/network_address_translation","abbrSyn":[{"text":"NAT","link":"https://csrc.nist.gov/glossary/term/nat"}],"definitions":[{"text":"A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]},{"text":"A mechanism for mapping addresses on one network to addresses on another network, typically private addresses to public addresses.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Network Address Translation "}]},{"text":"The process of mapping addresses on one network to addresses on another network.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Network Address Translation "}]},{"text":"A function by which internet protocol addresses within a packet are replaced with different IP addresses. This function is most commonly performed by either routers or firewalls. It enables private IP networks that use unregistered IP addresses to connect to the internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]},{"text":"A function by which internet protocol (IP) addresses within a packet are replaced with different IP addresses. This function is most commonly performed by either routers or firewalls. It enables private IP networks that use unregistered IP addresses to connect to the internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Network Address Translator","link":"https://csrc.nist.gov/glossary/term/network_address_translator","abbrSyn":[{"text":"NAT","link":"https://csrc.nist.gov/glossary/term/nat"}],"definitions":null},{"term":"Network Administrator","link":"https://csrc.nist.gov/glossary/term/network_administrator","definitions":[{"text":"A person who manages a local area network (LAN) within an organization. Responsibilities include ensuring network security, installing new applications, distributing software upgrades, monitoring daily activity, enforcing licensing agreements, developing a storage management program, and providing for routine backups.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"A person who manages a network within an organization. Responsibilities include network security, installing new applications, distributing software upgrades, monitoring daily activity, enforcing licensing agreements, developing a storage management program, and providing for routine backups.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"network as a service","link":"https://csrc.nist.gov/glossary/term/network_as_a_service","abbrSyn":[{"text":"NaaS","link":"https://csrc.nist.gov/glossary/term/naas"}],"definitions":null},{"term":"Network Basic Input/Output System","link":"https://csrc.nist.gov/glossary/term/network_basic_input_output_system","abbrSyn":[{"text":"NetBIOS","link":"https://csrc.nist.gov/glossary/term/netbios"},{"text":"NETBIOS"}],"definitions":null},{"term":"network configuration feature","link":"https://csrc.nist.gov/glossary/term/network_configuration_feature","abbrSyn":[{"text":"NCF","link":"https://csrc.nist.gov/glossary/term/ncf"}],"definitions":null},{"term":"Network Configuration Protocol","link":"https://csrc.nist.gov/glossary/term/network_configuration_protocol","abbrSyn":[{"text":"NETCONF","link":"https://csrc.nist.gov/glossary/term/netconf"}],"definitions":null},{"term":"Network Data Management Protocol","link":"https://csrc.nist.gov/glossary/term/network_data_management_protocol","note":"(used in backup)","abbrSyn":[{"text":"NDMP","link":"https://csrc.nist.gov/glossary/term/ndmp"}],"definitions":null},{"term":"network defense","link":"https://csrc.nist.gov/glossary/term/network_defense","definitions":[{"text":"Programs, activities, and the use of tools necessary to facilitate them (including those governed by NSPD-54/HSPD-23 and NSD-42) conducted on a computer, network, or information or communications system by the owner or with the consent of the owner and, as appropriate, the users for the primary purpose of protecting (1) that computer, network, or system; (2) data stored on, processed on, or transiting that computer, network, or system; or (3) physical and virtual infrastructure controlled by that computer, network, or system. Network defense does not involve or require accessing or conducting activities on computers, networks, or information or communications systems without authorization from the owners or exceeding access authorized by the owners.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"PPD-20"}]}]}]},{"term":"Network Discovery","link":"https://csrc.nist.gov/glossary/term/network_discovery","definitions":[{"text":"The process of discovering active and responding hosts on a network, identifying weaknesses, and learning how the network operates.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Network Domain Security / Internet Protocol","link":"https://csrc.nist.gov/glossary/term/network_domain_security___internet_protocol","abbrSyn":[{"text":"NDS/IP","link":"https://csrc.nist.gov/glossary/term/nds_ip"}],"definitions":null},{"term":"Network Endpoint Assessment","link":"https://csrc.nist.gov/glossary/term/network_endpoint_assessment","abbrSyn":[{"text":"NEA","link":"https://csrc.nist.gov/glossary/term/nea"}],"definitions":null},{"term":"Network Equipment Security Assurance Group","link":"https://csrc.nist.gov/glossary/term/network_equipment_security_assurance_group","abbrSyn":[{"text":"NESAG","link":"https://csrc.nist.gov/glossary/term/nesag"}],"definitions":null},{"term":"Network Extension","link":"https://csrc.nist.gov/glossary/term/network_extension","definitions":[{"text":"A method of providing partial or complete network access to remote users.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"Network File Share","link":"https://csrc.nist.gov/glossary/term/network_file_share","abbrSyn":[{"text":"NFS","link":"https://csrc.nist.gov/glossary/term/nfs"}],"definitions":null},{"term":"Network File Sharing","link":"https://csrc.nist.gov/glossary/term/network_file_sharing","abbrSyn":[{"text":"NFS","link":"https://csrc.nist.gov/glossary/term/nfs"}],"definitions":null},{"term":"Network File System","link":"https://csrc.nist.gov/glossary/term/network_file_system","abbrSyn":[{"text":"NFS","link":"https://csrc.nist.gov/glossary/term/nfs"}],"definitions":null},{"term":"Network Forensic Analysis Tool","link":"https://csrc.nist.gov/glossary/term/network_forensic_analysis_tool","abbrSyn":[{"text":"NFAT","link":"https://csrc.nist.gov/glossary/term/nfat"}],"definitions":null},{"term":"Network Function Virtualization","link":"https://csrc.nist.gov/glossary/term/network_function_virtualization","abbrSyn":[{"text":"NFV","link":"https://csrc.nist.gov/glossary/term/nfv"}],"definitions":null},{"term":"Network Functions Virtualization","link":"https://csrc.nist.gov/glossary/term/network_functions_virtualization","abbrSyn":[{"text":"NFV","link":"https://csrc.nist.gov/glossary/term/nfv"}],"definitions":null},{"term":"Network Information System","link":"https://csrc.nist.gov/glossary/term/network_information_system","abbrSyn":[{"text":"NIS","link":"https://csrc.nist.gov/glossary/term/nis"}],"definitions":null},{"term":"network interconnection","link":"https://csrc.nist.gov/glossary/term/network_interconnection","definitions":[{"text":"A physical or virtual communications link between two or more networks operated by different organizations or operated within the same organization but within different authorization boundaries.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"Network Interface","link":"https://csrc.nist.gov/glossary/term/network_interface","definitions":[{"text":"An interface that connects an IoT device to a network (e.g., Ethernet, Wi-Fi, Bluetooth, Long-Term Evolution [LTE], Zigbee, Ultra-Wideband [UWB]).","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"}]},{"text":"An interface that connects the IoT device to a network.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Network Interface Capability","link":"https://csrc.nist.gov/glossary/term/network_interface_capability","definitions":[{"text":"The ability to interface with a communication network for the purpose of communicating data to or from an IoT device. A network interface capability allows a device to be connected to and use a communication network. Every IoT device has at least one network interface capability and may have more than one.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Network Interface Controller","link":"https://csrc.nist.gov/glossary/term/network_interface_controller","abbrSyn":[{"text":"NIC","link":"https://csrc.nist.gov/glossary/term/nic"}],"definitions":null},{"term":"Network Intrusion Detection System","link":"https://csrc.nist.gov/glossary/term/network_intrusion_detection_system","abbrSyn":[{"text":"NIDS","link":"https://csrc.nist.gov/glossary/term/nids"}],"definitions":[{"text":"Software that performs packet sniffing and network traffic analysis to identify suspicious activity and record relevant information.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Network Layer","link":"https://csrc.nist.gov/glossary/term/network_layer","definitions":[{"text":"Layer of the TCP/IP protocol stack that is responsible for routing packets across networks.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]}]},{"term":"Network Layer Routing Information (synonymous with prefix)","link":"https://csrc.nist.gov/glossary/term/network_layer_routing_information","abbrSyn":[{"text":"NLRI","link":"https://csrc.nist.gov/glossary/term/nlri"}],"definitions":null},{"term":"Network Layer Security","link":"https://csrc.nist.gov/glossary/term/network_layer_security","definitions":[{"text":"Protecting network communications at the layer of the TCP/IP model that is responsible for routing packets across networks.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"Protecting network communications at the layer of the IP model that is responsible for routing packets across networks.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"network map","link":"https://csrc.nist.gov/glossary/term/network_map","definitions":[{"text":"A representation of the internal network topologies and components down to the host/device level to include but not limited to: connection, sub-network, enclave, and host information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"network mapping","link":"https://csrc.nist.gov/glossary/term/network_mapping","definitions":[{"text":"A process that discovers, collects, and displays the physical and logical information required to produce a network map.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1012","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Network of Things","link":"https://csrc.nist.gov/glossary/term/network_of_things","abbrSyn":[{"text":"NoT","link":"https://csrc.nist.gov/glossary/term/not"}],"definitions":null},{"term":"Network Policy Server","link":"https://csrc.nist.gov/glossary/term/network_policy_server","abbrSyn":[{"text":"NPS","link":"https://csrc.nist.gov/glossary/term/nps"}],"definitions":null},{"term":"network resilience","link":"https://csrc.nist.gov/glossary/term/network_resilience","definitions":[{"text":"A computing infrastructure that provides continuous business operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged), rapid recovery if failure does occur, and the ability to scale to meet rapid or unpredictable demands.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Network Service Provider","link":"https://csrc.nist.gov/glossary/term/network_service_provider","abbrSyn":[{"text":"NSP","link":"https://csrc.nist.gov/glossary/term/nsp"}],"definitions":null},{"term":"Network Sniffing","link":"https://csrc.nist.gov/glossary/term/network_sniffing","definitions":[{"text":"A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. It is both a review technique and a target identification and analysis technique.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Network Time Protocol","link":"https://csrc.nist.gov/glossary/term/network_time_protocol","abbrSyn":[{"text":"NTP","link":"https://csrc.nist.gov/glossary/term/ntp"}],"definitions":null},{"term":"Network Time Protocol Version 4","link":"https://csrc.nist.gov/glossary/term/network_time_protocol_version_4","abbrSyn":[{"text":"NTPv4","link":"https://csrc.nist.gov/glossary/term/ntpv4"}],"definitions":null},{"term":"Network Traffic","link":"https://csrc.nist.gov/glossary/term/network_traffic","definitions":[{"text":"Computer network communications that are carried over wired or wireless networks between hosts.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","refSources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]}]},{"term":"Network Trust Link","link":"https://csrc.nist.gov/glossary/term/network_trust_link","abbrSyn":[{"text":"NTL","link":"https://csrc.nist.gov/glossary/term/ntl"}],"definitions":null},{"term":"Network Trust Link Service","link":"https://csrc.nist.gov/glossary/term/network_trust_link_service","abbrSyn":[{"text":"NTLS","link":"https://csrc.nist.gov/glossary/term/ntls"}],"definitions":null},{"term":"Network Virtualization Overlay","link":"https://csrc.nist.gov/glossary/term/network_virtualization_overlay","abbrSyn":[{"text":"NVO3","link":"https://csrc.nist.gov/glossary/term/nvo3"}],"definitions":null},{"term":"Network-Attached Storage","link":"https://csrc.nist.gov/glossary/term/network_attached_storage","abbrSyn":[{"text":"NAS","link":"https://csrc.nist.gov/glossary/term/nas"}],"definitions":null},{"term":"network-based intrusion detection and prevention system","link":"https://csrc.nist.gov/glossary/term/network_based_intrusion_detection_and_prevention_system","definitions":[{"text":"An intrusion detection and prevention system that monitors network traffic for particular network segments or devices and analyzes the network and application protocol activity to identify and stop suspicious activity.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Network-Based Intrusion Detection and Prevention System ","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94"}]}]}]},{"term":"Networking and Information Technology Research and Development","link":"https://csrc.nist.gov/glossary/term/networking_and_information_technology_research_and_development","abbrSyn":[{"text":"NITRD","link":"https://csrc.nist.gov/glossary/term/nitrd"}],"definitions":null},{"term":"New Technologies Inc.","link":"https://csrc.nist.gov/glossary/term/new_technologies","abbrSyn":[{"text":"NTI","link":"https://csrc.nist.gov/glossary/term/nti"}],"definitions":null},{"term":"New Technology File System","link":"https://csrc.nist.gov/glossary/term/new_technology_file_system","abbrSyn":[{"text":"NTFS","link":"https://csrc.nist.gov/glossary/term/ntfs"}],"definitions":null},{"term":"Next Generation Access Control","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control","abbrSyn":[{"text":"NGAC","link":"https://csrc.nist.gov/glossary/term/ngac"}],"definitions":null},{"term":"Next Generation Access Control Functional Architecture","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_functional_architecture","abbrSyn":[{"text":"NGAC-FA","link":"https://csrc.nist.gov/glossary/term/ngac_fa"}],"definitions":null},{"term":"Next Generation Access Control Generic Operations and Abstract Data Structures","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_generic_operations_and_abstract_data_structures","abbrSyn":[{"text":"NGAC-GOADS","link":"https://csrc.nist.gov/glossary/term/ngac_goads"}],"definitions":null},{"term":"Next Generation Access Control-Implementation Requirements, Protocols and API Definitions","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_implementation_requirements_protocols_and_api_definitions","abbrSyn":[{"text":"NGAC-IRPADS","link":"https://csrc.nist.gov/glossary/term/ngac_irpads"}],"definitions":null},{"term":"Next Generation Firewall","link":"https://csrc.nist.gov/glossary/term/next_generation_firewall","abbrSyn":[{"text":"NGFW","link":"https://csrc.nist.gov/glossary/term/ngfw"}],"definitions":null},{"term":"Next Hop","link":"https://csrc.nist.gov/glossary/term/next_hop","abbrSyn":[{"text":"NH","link":"https://csrc.nist.gov/glossary/term/nh"}],"definitions":null},{"term":"Next Secure","link":"https://csrc.nist.gov/glossary/term/next_secure","abbrSyn":[{"text":"NSEC","link":"https://csrc.nist.gov/glossary/term/nsec"}],"definitions":null},{"term":"Next Unit of Computing","link":"https://csrc.nist.gov/glossary/term/next_unit_of_computing","abbrSyn":[{"text":"NUC","link":"https://csrc.nist.gov/glossary/term/nuc"}],"definitions":null},{"term":"Next-generation Database Access Control","link":"https://csrc.nist.gov/glossary/term/next_generation_database_access_control","abbrSyn":[{"text":"NDAC","link":"https://csrc.nist.gov/glossary/term/ndac"}],"definitions":null},{"term":"Next-Generation Sequencing","link":"https://csrc.nist.gov/glossary/term/next_generation_sequencing","abbrSyn":[{"text":"NGS","link":"https://csrc.nist.gov/glossary/term/ngs"}],"definitions":null},{"term":"NFAT","link":"https://csrc.nist.gov/glossary/term/nfat","abbrSyn":[{"text":"Network Forensic Analysis Tool","link":"https://csrc.nist.gov/glossary/term/network_forensic_analysis_tool"}],"definitions":null},{"term":"NFC","link":"https://csrc.nist.gov/glossary/term/nfc","abbrSyn":[{"text":"National Finance Center","link":"https://csrc.nist.gov/glossary/term/national_finance_center"},{"text":"Near Field Communication"},{"text":"Near Field Communications"},{"text":"Near-Field Communication"}],"definitions":null},{"term":"NFIQ","link":"https://csrc.nist.gov/glossary/term/nfiq","definitions":[{"text":"NIST Fingerprint Image Quality – an automated algorithm for quantifying good fingerprint images; available as open-source.","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"NFPA","link":"https://csrc.nist.gov/glossary/term/nfpa","abbrSyn":[{"text":"National Fire Protection Association","link":"https://csrc.nist.gov/glossary/term/national_fire_protection_association"}],"definitions":null},{"term":"NFS","link":"https://csrc.nist.gov/glossary/term/nfs","abbrSyn":[{"text":"Network File Share","link":"https://csrc.nist.gov/glossary/term/network_file_share"},{"text":"Network File Sharing","link":"https://csrc.nist.gov/glossary/term/network_file_sharing"},{"text":"Network File System","link":"https://csrc.nist.gov/glossary/term/network_file_system"}],"definitions":null},{"term":"NFSR","link":"https://csrc.nist.gov/glossary/term/nfsr","abbrSyn":[{"text":"Non-linear Feedback Shift Register","link":"https://csrc.nist.gov/glossary/term/non_linear_feedback_shift_register"}],"definitions":null},{"term":"NFT","link":"https://csrc.nist.gov/glossary/term/nft","abbrSyn":[{"text":"non-fungible token","link":"https://csrc.nist.gov/glossary/term/non_fungible_token"},{"text":"Nonfungible Token"}],"definitions":[{"text":"An owned, transferable, and indivisible data record that is a digital representation of a physical or virtual linked asset. The data record is created and managed by a smart contract on a blockchain.","sources":[{"text":"NIST IR 8472","link":"https://doi.org/10.6028/NIST.IR.8472","underTerm":" under non-fungible token "}]}]},{"term":"NFU","link":"https://csrc.nist.gov/glossary/term/nfu","abbrSyn":[{"text":"National Farmers Union","link":"https://csrc.nist.gov/glossary/term/national_farmers_union"}],"definitions":null},{"term":"NFV","link":"https://csrc.nist.gov/glossary/term/nfv","abbrSyn":[{"text":"Network Function Virtualization","link":"https://csrc.nist.gov/glossary/term/network_function_virtualization"},{"text":"Network Functions Virtualization","link":"https://csrc.nist.gov/glossary/term/network_functions_virtualization"}],"definitions":null},{"term":"NGA","link":"https://csrc.nist.gov/glossary/term/nga","abbrSyn":[{"text":"National Geospatial-Intelligence Agency","link":"https://csrc.nist.gov/glossary/term/national_geospatial_intelligence_agency"}],"definitions":null},{"term":"NGAC","link":"https://csrc.nist.gov/glossary/term/ngac","abbrSyn":[{"text":"Next Generation Access Control","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control"},{"text":"Next-Generation Access Control"}],"definitions":null},{"term":"NGAC-FA","link":"https://csrc.nist.gov/glossary/term/ngac_fa","abbrSyn":[{"text":"Next Generation Access Control Functional Architecture","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_functional_architecture"}],"definitions":null},{"term":"NGAC-GOADS","link":"https://csrc.nist.gov/glossary/term/ngac_goads","abbrSyn":[{"text":"Next Generation Access Control – Generic Operations & Abstract Data Structures"},{"text":"Next Generation Access Control Generic Operations and Abstract Data Structures","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_generic_operations_and_abstract_data_structures"}],"definitions":null},{"term":"NGAC-IRPADS","link":"https://csrc.nist.gov/glossary/term/ngac_irpads","abbrSyn":[{"text":"Next Generation Access Control-Implementation Requirements, Protocols and API Definitions","link":"https://csrc.nist.gov/glossary/term/next_generation_access_control_implementation_requirements_protocols_and_api_definitions"}],"definitions":null},{"term":"NGFW","link":"https://csrc.nist.gov/glossary/term/ngfw","abbrSyn":[{"text":"Next Generation Firewall","link":"https://csrc.nist.gov/glossary/term/next_generation_firewall"}],"definitions":null},{"term":"NGS","link":"https://csrc.nist.gov/glossary/term/ngs","abbrSyn":[{"text":"National Geodetic Survey","link":"https://csrc.nist.gov/glossary/term/national_geodetic_survey"},{"text":"Next-Generation Sequencing","link":"https://csrc.nist.gov/glossary/term/next_generation_sequencing"}],"definitions":null},{"term":"NH","link":"https://csrc.nist.gov/glossary/term/nh","abbrSyn":[{"text":"Next Hop","link":"https://csrc.nist.gov/glossary/term/next_hop"}],"definitions":null},{"term":"NHTSA","link":"https://csrc.nist.gov/glossary/term/nhtsa","abbrSyn":[{"text":"National Highway Traffic Safety Administration","link":"https://csrc.nist.gov/glossary/term/national_highway_traffic_safety_administration"}],"definitions":null},{"term":"NIAC","link":"https://csrc.nist.gov/glossary/term/niac","abbrSyn":[{"text":"National Infrastructure Advisory Council","link":"https://csrc.nist.gov/glossary/term/national_infrastructure_advisory_council"}],"definitions":null},{"term":"NIAP","link":"https://csrc.nist.gov/glossary/term/niap","abbrSyn":[{"text":"National Information Assurance Partnership"}],"definitions":null},{"term":"NIC","link":"https://csrc.nist.gov/glossary/term/nic","abbrSyn":[{"text":"Network Interface Card"},{"text":"Network Interface Controller","link":"https://csrc.nist.gov/glossary/term/network_interface_controller"},{"text":"Network Interface Controller/Card"}],"definitions":null},{"term":"NICE","link":"https://csrc.nist.gov/glossary/term/nice","abbrSyn":[{"text":"National Initiative for Cybersecurity Education","link":"https://csrc.nist.gov/glossary/term/national_initiative_for_cybersecurity_education"}],"definitions":null},{"term":"niche cross domain solution (CDS)","link":"https://csrc.nist.gov/glossary/term/niche_cross_domain_solution","definitions":[{"text":"Cross domain solution that may (1) serve a specific narrow purpose, or (2) be built on very specialized hardware, or (3) be used in a special access program, and not appropriate for broader deployment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"NID","link":"https://csrc.nist.gov/glossary/term/nid","abbrSyn":[{"text":"National Interest Determination","link":"https://csrc.nist.gov/glossary/term/national_interest_determination"}],"definitions":null},{"term":"NIDS","link":"https://csrc.nist.gov/glossary/term/nids","abbrSyn":[{"text":"Network Intrusion Detection System","link":"https://csrc.nist.gov/glossary/term/network_intrusion_detection_system"}],"definitions":[{"text":"Software that performs packet sniffing and network traffic analysis to identify suspicious activity and record relevant information.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Network Intrusion Detection System "}]}]},{"term":"NIEF","link":"https://csrc.nist.gov/glossary/term/nief","abbrSyn":[{"text":"National Identity Exchange Federation","link":"https://csrc.nist.gov/glossary/term/national_identity_exchange_federation"}],"definitions":null},{"term":"NIH","link":"https://csrc.nist.gov/glossary/term/nih","abbrSyn":[{"text":"National Institutes of Health","link":"https://csrc.nist.gov/glossary/term/national_institutes_of_health"}],"definitions":null},{"term":"NII","link":"https://csrc.nist.gov/glossary/term/nii","abbrSyn":[{"text":"National Information Infrastructure"}],"definitions":null},{"term":"NIJ","link":"https://csrc.nist.gov/glossary/term/nij","abbrSyn":[{"text":"National Institute of Justice","link":"https://csrc.nist.gov/glossary/term/national_institute_of_justice"}],"definitions":null},{"term":"NIMS","link":"https://csrc.nist.gov/glossary/term/nims","abbrSyn":[{"text":"National Incident Management System","link":"https://csrc.nist.gov/glossary/term/national_incident_management_system"}],"definitions":null},{"term":"NIPP","link":"https://csrc.nist.gov/glossary/term/nipp","abbrSyn":[{"text":"National Infrastructure Protection Plan","link":"https://csrc.nist.gov/glossary/term/national_infrastructure_protection_plan"}],"definitions":null},{"term":"NIS","link":"https://csrc.nist.gov/glossary/term/nis","abbrSyn":[{"text":"Network Information System","link":"https://csrc.nist.gov/glossary/term/network_information_system"}],"definitions":null},{"term":"NISPOM","link":"https://csrc.nist.gov/glossary/term/nispom","abbrSyn":[{"text":"National Industrial Security Program Operating Manual","link":"https://csrc.nist.gov/glossary/term/national_industrial_security_program_operating_manual"}],"definitions":null},{"term":"NIST","link":"https://csrc.nist.gov/glossary/term/nist","abbrSyn":[{"text":"National Institute of Standards and Technology","link":"https://csrc.nist.gov/glossary/term/national_institute_of_standards_and_technology"}],"definitions":null},{"term":"NIST Checklist Repository","link":"https://csrc.nist.gov/glossary/term/nist_checklist_repository","definitions":[{"text":"The website that maintains the checklists, the descriptions of the checklists, and other information regarding the National Checklist Program. Also known as the repository. https://checklists.nist.gov","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"NIST Cloud Computing Forensic Science Working Group","link":"https://csrc.nist.gov/glossary/term/nist_cloud_computing_forensic_science_working_group","abbrSyn":[{"text":"NCC FSWG","link":"https://csrc.nist.gov/glossary/term/nccfswg"}],"definitions":null},{"term":"NIST Cloud Computing Program","link":"https://csrc.nist.gov/glossary/term/nist_cloud_computing_program","abbrSyn":[{"text":"NCCP","link":"https://csrc.nist.gov/glossary/term/nccp"}],"definitions":null},{"term":"NIST Cybersecurity Framework Core","link":"https://csrc.nist.gov/glossary/term/nist_cybersecurity_framework_core","abbrSyn":[{"text":"CFC","link":"https://csrc.nist.gov/glossary/term/cfc"}],"definitions":null},{"term":"NIST Framework for Improving Critical Infrastructure Cybersecurity","link":"https://csrc.nist.gov/glossary/term/nist_framework_for_improving_critical_infrastructure_cybersecurity","abbrSyn":[{"text":"CSF","link":"https://csrc.nist.gov/glossary/term/csf"}],"definitions":null},{"term":"NIST Interagency or Internal Report","link":"https://csrc.nist.gov/glossary/term/nist_interagency_or_internal_report","abbrSyn":[{"text":"IR","link":"https://csrc.nist.gov/glossary/term/ir"},{"text":"NIST IR","link":"https://csrc.nist.gov/glossary/term/nist_ir"},{"text":"NISTIR"}],"definitions":null,"seeAlso":[{"text":"IT","link":"it"}]},{"term":"NIST IR","link":"https://csrc.nist.gov/glossary/term/nist_ir","abbrSyn":[{"text":"National Institute of Standards and Technology Interagency or Internal Report"},{"text":"National Institute of Standards and Technology Interagency or Internal Reports"},{"text":"National Institute of Standards and Technology Interagency Report"},{"text":"National Institute of Standards and Technology Interagency/Internal Report"},{"text":"National Institute of Standards and Technology Internal Report"},{"text":"NIST Interagency or Internal Report","link":"https://csrc.nist.gov/glossary/term/nist_interagency_or_internal_report"},{"text":"NIST Interagency Report"},{"text":"NIST Internal / Interagency Report"},{"text":"NIST Internal Report"}],"definitions":null},{"term":"NIST Personal Identity Verification Program","link":"https://csrc.nist.gov/glossary/term/nist_personal_identity_verification_program","abbrSyn":[{"text":"NPIVP","link":"https://csrc.nist.gov/glossary/term/npivp"}],"definitions":null},{"term":"NIST Risk Management Framework","link":"https://csrc.nist.gov/glossary/term/nist_risk_management_framework","abbrSyn":[{"text":"RMF","link":"https://csrc.nist.gov/glossary/term/rmf"}],"definitions":null},{"term":"NIST SP","link":"https://csrc.nist.gov/glossary/term/nist_sp","abbrSyn":[{"text":"NIST Special Publication","link":"https://csrc.nist.gov/glossary/term/nist_special_publication"}],"definitions":null},{"term":"NIST Special Publication","link":"https://csrc.nist.gov/glossary/term/nist_special_publication","abbrSyn":[{"text":"NIST SP","link":"https://csrc.nist.gov/glossary/term/nist_sp"},{"text":"SP","link":"https://csrc.nist.gov/glossary/term/sp"}],"definitions":[{"text":"Include proceedings of conferences sponsored by NIST, NIST annual reports, and other special publications appropriate to this grouping such as wall charts, pocket cards, and bibliographies.","sources":[{"text":"NIST SP 800-19","link":"https://doi.org/10.6028/NIST.SP.800-19","note":" [Withdrawn]","underTerm":" under Special Publications "}]},{"text":"A type of publication issued by NIST. Specifically, the SP 800-series reports on the Information Technology Laboratory’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Special Publication (SP) "}]},{"text":"A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. The 1800 series reports the results of NCCoE demonstration projects.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "}]},{"text":"A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. The 1800 series reports the results of National Cybersecurity Center of Excellence demonstration projects.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "}]},{"text":"A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Special Publication (SP) "}]}]},{"term":"NIST Special Publication 800 series document","link":"https://csrc.nist.gov/glossary/term/nist_special_publication_800_series_document","abbrSyn":[{"text":"SP 800-XXX"}],"definitions":null},{"term":"NIST standard","link":"https://csrc.nist.gov/glossary/term/nist_standard","definitions":[{"text":"Federal Information Processing Standard (FIPS) or Special Publication (SP).","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"NIST standards","link":"https://csrc.nist.gov/glossary/term/nist_standards","definitions":[{"text":"Federal Information Processing Standards (FIPS) and NIST Recommendations.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"NIST-allowed","link":"https://csrc.nist.gov/glossary/term/nist_allowed","definitions":[{"text":"Specified in a list of allowed security functions (e.g., in an annex to [FIPS 140]).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"NIST-approved","link":"https://csrc.nist.gov/glossary/term/nist_approved","definitions":[{"text":"FIPS-approved or NIST-Recommended.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"NITAAC","link":"https://csrc.nist.gov/glossary/term/nitaac","abbrSyn":[{"text":"National Institutes of Health Information Technology Acquisition and Assessment Center","link":"https://csrc.nist.gov/glossary/term/national_institutes_of_hit_acquisition_assessment_ctr"}],"definitions":null},{"term":"NITRD","link":"https://csrc.nist.gov/glossary/term/nitrd","abbrSyn":[{"text":"Networking and Information Technology Research and Development","link":"https://csrc.nist.gov/glossary/term/networking_and_information_technology_research_and_development"}],"definitions":null},{"term":"NLECTC-NE","link":"https://csrc.nist.gov/glossary/term/nlectc_ne","abbrSyn":[{"text":"National Law Enforcement and Corrections Technology Center–North East","link":"https://csrc.nist.gov/glossary/term/national_law_enforcement_corrections_technology_center_northeast"}],"definitions":null},{"term":"NLP","link":"https://csrc.nist.gov/glossary/term/nlp","abbrSyn":[{"text":"Natural Language Policy","link":"https://csrc.nist.gov/glossary/term/natural_language_policy"}],"definitions":null},{"term":"NLRI","link":"https://csrc.nist.gov/glossary/term/nlri","abbrSyn":[{"text":"Network Layer Routing Information (synonymous with prefix)","link":"https://csrc.nist.gov/glossary/term/network_layer_routing_information"}],"definitions":null},{"term":"NLZ","link":"https://csrc.nist.gov/glossary/term/nlz","abbrSyn":[{"text":"No-Lone Zone"}],"definitions":null},{"term":"NNAS","link":"https://csrc.nist.gov/glossary/term/nnas","abbrSyn":[{"text":"Nok Nok Authentication Server","link":"https://csrc.nist.gov/glossary/term/nok_nok_authentication_server"}],"definitions":null},{"term":"NNM","link":"https://csrc.nist.gov/glossary/term/nnm","abbrSyn":[{"text":"Nessus Network Monitor","link":"https://csrc.nist.gov/glossary/term/nessus_network_monitor"}],"definitions":null},{"term":"NOAA","link":"https://csrc.nist.gov/glossary/term/noaa","abbrSyn":[{"text":"National Oceanic and Atmospheric Administration","link":"https://csrc.nist.gov/glossary/term/national_oceanic_and_atmospheric_administration"}],"definitions":null},{"term":"Node","link":"https://csrc.nist.gov/glossary/term/node","definitions":[{"text":"An individual system within the blockchain network.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"NOFORN","link":"https://csrc.nist.gov/glossary/term/noforn","abbrSyn":[{"text":"Not Releasable to Foreign Nationals","link":"https://csrc.nist.gov/glossary/term/not_releasable_to_foreign_nationals"}],"definitions":null},{"term":"noise injection","link":"https://csrc.nist.gov/glossary/term/noise_injection","abbrSyn":[{"text":"noise addition","link":"https://csrc.nist.gov/glossary/term/noise_addition"}],"definitions":[{"text":"A de-identification technique that modifies a dataset by adding random values to the values of a selected attribute.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under noise addition ","refSources":[{"text":"ISO/IEC 20889:2018","link":"https://www.iso.org/standard/69373.html"}]}]}]},{"term":"Nok Nok Authentication Server","link":"https://csrc.nist.gov/glossary/term/nok_nok_authentication_server","abbrSyn":[{"text":"NNAS","link":"https://csrc.nist.gov/glossary/term/nnas"}],"definitions":null},{"term":"no-lone zone (NLZ)","link":"https://csrc.nist.gov/glossary/term/no_lone_zone","abbrSyn":[{"text":"NLZ","link":"https://csrc.nist.gov/glossary/term/nlz"}],"definitions":[{"text":"An area, room, or space that, when staffed, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. See two-person integrity (TPI).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - NSA/CSS Manual Number 3-16 (COMSEC) "}]}]}],"seeAlso":[{"text":"two-person integrity","link":"two_person_integrity"}]},{"term":"nominal frequency","link":"https://csrc.nist.gov/glossary/term/nominal_frequency","definitions":[{"text":"An ideal frequency with zero uncertainty. The nominal frequency is the frequency labeled on an oscillator’s output. For this reason, it is sometimes called the nameplate frequency. For example, an oscillator whose nameplate or label reads 5 MHz has a nominal frequency of 5 MHz. The difference between the nominal frequency and the actual output frequency of the oscillator is the frequency offset.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Non Volatile Memory","link":"https://csrc.nist.gov/glossary/term/non_volatile_memory","abbrSyn":[{"text":"NVM","link":"https://csrc.nist.gov/glossary/term/nvm"}],"definitions":null},{"term":"Non Volatile Memory express","link":"https://csrc.nist.gov/glossary/term/non_volatile_memory_express","note":"(logical-device interface specification for non-volatile storage media attached via PCI Express bus)","abbrSyn":[{"text":"NVMe","link":"https://csrc.nist.gov/glossary/term/nvme"}],"definitions":null},{"term":"Non-Access Stratum","link":"https://csrc.nist.gov/glossary/term/non_access_stratum","abbrSyn":[{"text":"NAS","link":"https://csrc.nist.gov/glossary/term/nas"}],"definitions":null},{"term":"non-adversarial threat","link":"https://csrc.nist.gov/glossary/term/non_adversarial_threat","definitions":[{"text":"A threat associated with accident or human error, structural failure, or environmental causes.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]},{"text":"A threat associated with accident or human error, structural failure, or environmental causes. Note: See Appendix D of [SP 800-30].","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"}]}]},{"term":"Non-assurance message","link":"https://csrc.nist.gov/glossary/term/non_assurance_message","definitions":[{"text":"A signed message that does not contain all information required for an assurance message.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Non-Automated Checklist","link":"https://csrc.nist.gov/glossary/term/non_automated_checklist","definitions":[{"text":"A checklist that is designed to be used manually, such as English prose instructions that describe the steps an administrator should take to secure a system or to verify its security settings.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"nonce","link":"https://csrc.nist.gov/glossary/term/nonce","abbrSyn":[{"text":"Cryptographic Nonce"},{"text":"NC","link":"https://csrc.nist.gov/glossary/term/nc"}],"definitions":[{"text":"A time-varying value that has – at most – a negligible chance of repeating; for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"A varying value that has, at most, a negligible chance of repeating; for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Nonce "}]},{"text":"A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating – for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Nonce "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating; for example, a random value that is generated anew for each use, a time-stamp, a sequence number, or some combination of these. It can be a secret or non-secret value.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Nonce "}]},{"text":"A value that is used only once.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Nonce "}]},{"text":"A value that is used only once within a specified context.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Nonce "},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Nonce "}]},{"text":"A randomly generated value used to defeat “playback” attacks in communication protocols. One party randomly generates a nonce and sends it to the other party. The receiver encrypts it using the agreed upon secret key and returns it to the sender. Because the sender randomly generated the nonce, this defeats playback attacks because the replayer cannot know in advance the nonce the sender will generate. The receiver denies connections that do not have the correctly encrypted nonce.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most an acceptably small chance of repeating. For example, the nonce may be a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols SHALL not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Nonce "}]},{"text":"A time-varying value that has at most a negligible chance of repeating, e.g., a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Nonce "}]},{"text":"A time-varying value that has an acceptably small chance of repeating. For example, a nonce is a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Nonce "}]},{"text":"A time-varying value that has (at most) an acceptably small chance of repeating. For example, the nonce may be a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Nonce "}]},{"text":"A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols are not repeated until the authentication keys are changed. Otherwise, there is a possibility of a replay attack.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"See Nonce","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Cryptographic Nonce ","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"text":"See Cryptographic Nonce","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Nonce "}]},{"text":"A time-varying value that has, at most, an acceptably small chance of repeating. For example, a nonce is a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Nonce "}]},{"text":"A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols must not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Nonce "}]}]},{"term":"Nonce Misuse-Resistant AE","link":"https://csrc.nist.gov/glossary/term/nonce_misuse_resistant_ae","abbrSyn":[{"text":"MRAE","link":"https://csrc.nist.gov/glossary/term/mrae"}],"definitions":null},{"term":"Nonce-based AE","link":"https://csrc.nist.gov/glossary/term/nonce_based_ae","abbrSyn":[{"text":"NAE","link":"https://csrc.nist.gov/glossary/term/nae"}],"definitions":null},{"term":"Non-component","link":"https://csrc.nist.gov/glossary/term/non_component","abbrSyn":[{"text":"NC","link":"https://csrc.nist.gov/glossary/term/nc"}],"definitions":null},{"term":"Non-Custodial","link":"https://csrc.nist.gov/glossary/term/non_custodial","definitions":[{"text":"Refers to an application or process that does not require users to relinquish any control over their data or private keys.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"non-deterministic noise","link":"https://csrc.nist.gov/glossary/term/non_deterministic_noise","definitions":[{"text":"A random value that cannot be predicted.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"a random value that cannot be predicted","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Non-Developmental Items","link":"https://csrc.nist.gov/glossary/term/non_developmental_items","abbrSyn":[{"text":"NDI","link":"https://csrc.nist.gov/glossary/term/ndi"}],"definitions":null},{"term":"non-disclosure agreement","link":"https://csrc.nist.gov/glossary/term/non_disclosure_agreement","abbrSyn":[{"text":"NDA","link":"https://csrc.nist.gov/glossary/term/nda"}],"definitions":[{"text":"Delineates specific information, materials, or knowledge that the signatories agree not to release or divulge to any other parties.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"non-discretionary access control","link":"https://csrc.nist.gov/glossary/term/non_discretionary_access_control","abbrSyn":[{"text":"Mandatory Access Control"},{"text":"mandatory access control (MAC)","link":"https://csrc.nist.gov/glossary/term/mandatory_access_control"},{"text":"NDAC","link":"https://csrc.nist.gov/glossary/term/ndac"}],"definitions":[{"text":"A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. Mandatory Access Control is a type of nondiscretionary access control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. A subject that has been granted access to information is constrained from doing any of the following: (i) passing the information to unauthorized subjects or objects; (ii) granting its privileges to other subjects; (iii) changing one or more security attributes on subjects, objects, the information system, or system components; (iv) choosing the security attributes to be associated with newly-created or modified objects; or (v) changing the rules governing access control. Organization-defined subjects may explicitly be granted organization-defined privileges (i.e., they are trusted subjects) such that they are not limited by some or all of the above constraints.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under mandatory access control (MAC) ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Mandatory Access Control "}]},{"text":"See mandatory access control (MAC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Mandatory Access Control "}]},{"text":"See Mandatory Access Control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Nondiscretionary Access Control "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under nondiscretionary access control "}]}]},{"term":"nonfederal organization","link":"https://csrc.nist.gov/glossary/term/nonfederal_organization","abbrSyn":[{"text":"NFO","link":"https://csrc.nist.gov/glossary/term/nfo"}],"definitions":[{"text":"An entity that owns, operates, or maintains a nonfederal system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"nonfederal system","link":"https://csrc.nist.gov/glossary/term/nonfederal_system","definitions":[{"text":"A system that does not meet the criteria for a federal system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"Nonfungible","link":"https://csrc.nist.gov/glossary/term/nonfungible","definitions":[{"text":"Refers to something that is uniquely identifiable (i.e., not replaceable or interchangeable).","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"non-fungible token","link":"https://csrc.nist.gov/glossary/term/non_fungible_token","abbrSyn":[{"text":"NFT","link":"https://csrc.nist.gov/glossary/term/nft"}],"definitions":[{"text":"An owned, transferable, and indivisible data record that is a digital representation of a physical or virtual linked asset. The data record is created and managed by a smart contract on a blockchain.","sources":[{"text":"NIST IR 8472","link":"https://doi.org/10.6028/NIST.IR.8472"}]}]},{"term":"non-ignorable bias","link":"https://csrc.nist.gov/glossary/term/non_ignorable_bias","definitions":[{"text":"In the context of de-identification, a bias that results from the suppression or redaction of data based on the value of the suppressed data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Non-linear Feedback Shift Register","link":"https://csrc.nist.gov/glossary/term/non_linear_feedback_shift_register","abbrSyn":[{"text":"NFSR","link":"https://csrc.nist.gov/glossary/term/nfsr"}],"definitions":null},{"term":"Non-local Connection","link":"https://csrc.nist.gov/glossary/term/non_local_connection","definitions":[{"text":"A connection to the manufacturing system affording the user access to system resources and system functionality while physically not present.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"nonlocal maintenance","link":"https://csrc.nist.gov/glossary/term/nonlocal_maintenance","definitions":[{"text":"Maintenance activities conducted by individuals communicating through an external network (e.g., the internet) or an internal network.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Maintenance activities conducted by individuals communicating through a network; either an external network (e.g., the Internet) or an internal network.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under non-local maintenance ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Maintenance activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Nonlocal Maintenance "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"Maintenance activities conducted by individuals who communicate through either an internal or external network.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Non-MUD-Capable","link":"https://csrc.nist.gov/glossary/term/non_mud_capable","definitions":[{"text":"An IoT device that is not capable of emitting a MUD URL in compliance with the MUD specification.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"RFC 8520","link":"https://doi.org/10.17487/RFC8520"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"RFC 8520","link":"https://doi.org/10.17487/RFC8520"}]}]}]},{"term":"non-organizational user","link":"https://csrc.nist.gov/glossary/term/non_organizational_user","definitions":[{"text":"A user who is not an organizational user (including public users).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Non-Organizational User "}]}],"seeAlso":[{"text":"User"}]},{"term":"Non-Owner","link":"https://csrc.nist.gov/glossary/term/non_owner","definitions":[{"text":"An OLIR produced by anyone other than the owner of the Reference Document.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"}]},{"text":"An Informative Reference produced by anyone who is NOT the owner of the Reference Document.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"}]}]},{"term":"non-person entity (NPE)","link":"https://csrc.nist.gov/glossary/term/non_person_entity","abbrSyn":[{"text":"NPE","link":"https://csrc.nist.gov/glossary/term/npe"}],"definitions":[{"text":"An entity with a digital identity that acts in cyberspace, but is not a human actor. This can include organizations, hardware devices, software applications, and information artifacts.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DHS OIG 11-121","link":"https://www.oig.dhs.gov/index.php?option=com_content&view=article&id=95&Itemid=131"}]}]}]},{"term":"Non-Public Personal Information","link":"https://csrc.nist.gov/glossary/term/non_public_personal_information","abbrSyn":[{"text":"NPPI","link":"https://csrc.nist.gov/glossary/term/nppi"}],"definitions":[{"text":"Information about a person that is not publicly known; called “private information” in some other publications.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"non-repudiation","link":"https://csrc.nist.gov/glossary/term/non_repudiation","definitions":[{"text":"A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory).","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Non-repudiation "}]},{"text":"Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Non-repudiation ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Non-repudiation ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Non-repudiation ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Non-repudiation ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Protection against an individual falsely denying having performed a particular action. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Non-repudiation "}]},{"text":"A service that may be afforded by the appropriate application of a digital signature. Non-repudiation refers to the assurance that the owner of a signature key pair that was capable of generating an existing signature corresponding to certain data cannot convincingly deny having signed the data.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Non-repudiation "}]},{"text":"A service using a digital signature that is used to support a determination of whether a message was actually signed by a given entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Non-repudiation "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Non-repudiation "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Non-repudiation "}]},{"text":"In a general information security context, assurance that the sender of information is provided with proof of delivery, and the recipient is provided with proof of the sender's identity, so neither can later deny having process the information .","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Non-repudiation "}]},{"text":"A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed signatory. In a general information security context, assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Non-repudiation ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"A service using a digital signature that is used to support a determination by a third party of whether a message was actually signed by a given entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Non-repudiation "}]},{"text":"Protection against an individual who falsely denies having performed a certain action and provides the capability to determine whether an individual took a certain action, such as creating information, sending a message, approving information, or receiving a message.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"The inability to deny responsibility for performing a specific act.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Non-repudiation "}]},{"text":"A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed signatory.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Non-repudiation "}]}],"seeAlso":[{"text":"data origin authentication","link":"data_origin_authentication"}]},{"term":"Non-Secure World","link":"https://csrc.nist.gov/glossary/term/non_secure_world","abbrSyn":[{"text":"NW","link":"https://csrc.nist.gov/glossary/term/nw"}],"definitions":null},{"term":"Non-Technical Supporting Capability","link":"https://csrc.nist.gov/glossary/term/non_technical_supporting_capability","definitions":[{"text":"Non-technical supporting capabilities are actions an organization performs in support of the cybersecurity of an IoT device.","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425","underTerm":" under non-technical supporting capability "}]},{"text":"Non-technical supporting capabilities are actions an organization performs in support of the cybersecurity of an IoT device.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Non-Technical Supporting Capability Core Baseline","link":"https://csrc.nist.gov/glossary/term/non_technical_supporting_capability_core_baseline","definitions":[{"text":"The non-technical supporting capability core baseline is a set of non-technical supporting capabilities generally needed from manufacturers or other third parties to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213"}]}]},{"term":"Non-Technology-Based Input Product","link":"https://csrc.nist.gov/glossary/term/non_technology_based_input_product","definitions":[{"text":"Manufactured component parts or materials used in the organization manufacturing process that do not incorporate information technology and are provided by third-parties.","sources":[{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"Non-Uniform Memory Access","link":"https://csrc.nist.gov/glossary/term/non_uniform_memory_access","abbrSyn":[{"text":"NUMA","link":"https://csrc.nist.gov/glossary/term/numa"}],"definitions":null},{"term":"Nonvalidating DNSSEC-Aware Stub Resolver","link":"https://csrc.nist.gov/glossary/term/nonvalidating_dnssec_aware_stub_resolver","definitions":[{"text":"A DNSSEC-aware stub resolver that trusts one or more DNSSEC-aware recursive name servers to perform most of the tasks discussed in this document set on its behalf. In particular, a nonvalidating DNSSEC-aware stub resolver is an entity that sends DNS queries, receives DNS responses, and is capable of establishing an appropriately secured channel to a DNSSEC-aware recursive name server that will provide these services on behalf of the DNSSEC-aware stub resolver. See also “DNSSEC-aware stub resolver” and “validating DNSSEC-aware stub resolver.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}],"seeAlso":[{"text":"DNSSEC-aware stub resolver"},{"text":"validating DNSSEC-aware stub resolver","link":"validating_dnssec_aware_stub_resolver"}]},{"term":"Non-vendor-directed","link":"https://csrc.nist.gov/glossary/term/non_vendor_directed","definitions":[{"text":"This term is used to indicate that any sample chosen for testing is selected by the testing laboratory without the input or knowledge of the product vendor.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Non-Volatile Data","link":"https://csrc.nist.gov/glossary/term/non_volatile_data","definitions":[{"text":"Data that persists even after a computer is powered down.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Non-Volatile Dual In-Line Memory Module","link":"https://csrc.nist.gov/glossary/term/non_volatile_dual_in_line_memory_module","abbrSyn":[{"text":"NVDIMM","link":"https://csrc.nist.gov/glossary/term/nvdimm"}],"definitions":null},{"term":"Non-Volatile Random-Access Memory","link":"https://csrc.nist.gov/glossary/term/non_volatile_random_access_memory","abbrSyn":[{"text":"NVRAM","link":"https://csrc.nist.gov/glossary/term/nvram"}],"definitions":null},{"term":"Normal (Gaussian) Distribution","link":"https://csrc.nist.gov/glossary/term/normal_distribution","definitions":[{"text":"A continuous distribution whose density function is given by f(x;μ;σ)=1/√(〖2πσ〗^2 ) e^(-〖1/2 ((x-μ)/σ)〗^2 ) , where μ and σ are location and scale parameters.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Normal Operation","link":"https://csrc.nist.gov/glossary/term/normal_operation","definitions":[{"text":"The process of using a system.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","refSources":[{"text":"ITSEC Ver. 1.2"}]}]}]},{"term":"Normal World","link":"https://csrc.nist.gov/glossary/term/normal_world","abbrSyn":[{"text":"NW","link":"https://csrc.nist.gov/glossary/term/nw"}],"definitions":null},{"term":"Normalization","link":"https://csrc.nist.gov/glossary/term/normalization","abbrSyn":[{"text":"Log Normalization","link":"https://csrc.nist.gov/glossary/term/log_normalization"}],"definitions":[{"text":"Converting each log data field to a particular data representation and categorizing it consistently.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Log Normalization "}]},{"text":"See “Log Normalization”.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]},{"text":"The conversion of information into consistent representations and categorizations.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Normalization strategy","link":"https://csrc.nist.gov/glossary/term/normalization_strategy","definitions":[{"text":"The similarity function can follow one of two normalization strategies, depending on whether the algorithm describes resemblance or containment. For resemblance queries, the number of matching features will be weighed against the total number of features in both objects. In the case of containment queries, the algorithm may disregard unmatched features in the larger of the objects’ two-feature sets.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Normalize","link":"https://csrc.nist.gov/glossary/term/normalize","definitions":[{"text":"The process by which differently formatted data is converted into a standardized format and labeled consistently.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"North American Electric Reliability Corporation","link":"https://csrc.nist.gov/glossary/term/north_american_electric_reliability_corporation","abbrSyn":[{"text":"NERC","link":"https://csrc.nist.gov/glossary/term/nerc"}],"definitions":null},{"term":"North American Electric Reliability Corporation Critical Infrastructure Protection","link":"https://csrc.nist.gov/glossary/term/north_american_electric_reliability_corporation_critical_infrastructure_protection","abbrSyn":[{"text":"NERC CIP","link":"https://csrc.nist.gov/glossary/term/nerc_cip"}],"definitions":null},{"term":"North American Energy Standards Board","link":"https://csrc.nist.gov/glossary/term/north_american_energy_standards_board","abbrSyn":[{"text":"NAESB","link":"https://csrc.nist.gov/glossary/term/naesb"}],"definitions":null},{"term":"North American Network Operators Group","link":"https://csrc.nist.gov/glossary/term/north_american_network_operators_group","abbrSyn":[{"text":"NANOG","link":"https://csrc.nist.gov/glossary/term/nanog"}],"definitions":null},{"term":"North Atlantic Treaty Organization","link":"https://csrc.nist.gov/glossary/term/north_atlantic_treaty_organization","abbrSyn":[{"text":"NATO","link":"https://csrc.nist.gov/glossary/term/nato"}],"definitions":null},{"term":"NoSQL","link":"https://csrc.nist.gov/glossary/term/nosql","abbrSyn":[{"text":"non-SQL"},{"text":"not only SQL"}],"definitions":null},{"term":"NoT","link":"https://csrc.nist.gov/glossary/term/not","abbrSyn":[{"text":"Network of Things","link":"https://csrc.nist.gov/glossary/term/network_of_things"}],"definitions":null},{"term":"Not Applicable","link":"https://csrc.nist.gov/glossary/term/not_applicable","abbrSyn":[{"text":"N/A","link":"https://csrc.nist.gov/glossary/term/n_a"}],"definitions":null},{"term":"Not Releasable to Foreign Nationals","link":"https://csrc.nist.gov/glossary/term/not_releasable_to_foreign_nationals","abbrSyn":[{"text":"NOFORN","link":"https://csrc.nist.gov/glossary/term/noforn"}],"definitions":null},{"term":"NOTAM","link":"https://csrc.nist.gov/glossary/term/notam","abbrSyn":[{"text":"Notice to Airmen","link":"https://csrc.nist.gov/glossary/term/notice_to_airmen"},{"text":"Notices to Air Missions","link":"https://csrc.nist.gov/glossary/term/notices_to_air_missions"}],"definitions":null},{"term":"Notary","link":"https://csrc.nist.gov/glossary/term/notary","definitions":[{"text":"A trusted entity that submits transactions across blockchains on behalf of users, often with respect to tokens the users have previously locked up.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Notice Advisory to NAVSTAR Users","link":"https://csrc.nist.gov/glossary/term/notice_advisory_to_navstar_users","abbrSyn":[{"text":"NANU","link":"https://csrc.nist.gov/glossary/term/nanu"}],"definitions":null},{"term":"Notices to Air Missions","link":"https://csrc.nist.gov/glossary/term/notices_to_air_missions","abbrSyn":[{"text":"NOTAM","link":"https://csrc.nist.gov/glossary/term/notam"}],"definitions":null},{"term":"NPE","link":"https://csrc.nist.gov/glossary/term/npe","abbrSyn":[{"text":"Non-Person Entity"}],"definitions":null},{"term":"NPIVP","link":"https://csrc.nist.gov/glossary/term/npivp","abbrSyn":[{"text":"NIST Personal Identity Verification Program","link":"https://csrc.nist.gov/glossary/term/nist_personal_identity_verification_program"}],"definitions":null},{"term":"NPPI","link":"https://csrc.nist.gov/glossary/term/nppi","abbrSyn":[{"text":"Non-Public Personal Information","link":"https://csrc.nist.gov/glossary/term/non_public_personal_information"}],"definitions":[{"text":"Information about a person that is not publicly known; called “private information” in some other publications.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under Non-Public Personal Information "}]}]},{"term":"NPS","link":"https://csrc.nist.gov/glossary/term/nps","abbrSyn":[{"text":"Network Policy Server","link":"https://csrc.nist.gov/glossary/term/network_policy_server"}],"definitions":null},{"term":"NPSBN","link":"https://csrc.nist.gov/glossary/term/npsbn","abbrSyn":[{"text":"National Public Safety Broadband Network","link":"https://csrc.nist.gov/glossary/term/national_public_safety_broadband_network"},{"text":"Nationwide Public Safety Broadband Network"}],"definitions":null},{"term":"NPSTC","link":"https://csrc.nist.gov/glossary/term/npstc","abbrSyn":[{"text":"National Public Safety Telecommunications Council","link":"https://csrc.nist.gov/glossary/term/national_public_safety_telecommunications_council"}],"definitions":null},{"term":"NRBG","link":"https://csrc.nist.gov/glossary/term/nrbg","abbrSyn":[{"text":"Non-deterministic Random Bit Generator"}],"definitions":null,"seeAlso":[{"text":"Deterministic Random Bit Generator","link":"deterministic_random_bit_generator"}]},{"term":"NRC","link":"https://csrc.nist.gov/glossary/term/nrc","abbrSyn":[{"text":"United States Nuclear Regulatory Commission","link":"https://csrc.nist.gov/glossary/term/us_nuclear_regulatory_commission"}],"definitions":null},{"term":"NREL","link":"https://csrc.nist.gov/glossary/term/nrel","abbrSyn":[{"text":"National Renewable Energy Laboratory","link":"https://csrc.nist.gov/glossary/term/national_renewable_energy_laboratory"}],"definitions":null},{"term":"NS","link":"https://csrc.nist.gov/glossary/term/ns","abbrSyn":[{"text":"Name Server","link":"https://csrc.nist.gov/glossary/term/name_server"}],"definitions":null},{"term":"NS/EP","link":"https://csrc.nist.gov/glossary/term/ns_ep","abbrSyn":[{"text":"National Security and Emergency Preparedness","link":"https://csrc.nist.gov/glossary/term/national_security_and_emergency_preparedness"}],"definitions":null},{"term":"NSA","link":"https://csrc.nist.gov/glossary/term/nsa","abbrSyn":[{"text":"National Security Agency","link":"https://csrc.nist.gov/glossary/term/national_security_agency"}],"definitions":null},{"term":"NSA/CSS","link":"https://csrc.nist.gov/glossary/term/nsa_css","abbrSyn":[{"text":"National Security Agency/Central Security Service","link":"https://csrc.nist.gov/glossary/term/national_security_agency_central_security_service"}],"definitions":null},{"term":"NSA/CSS Technical Cyber Threat Framework","link":"https://csrc.nist.gov/glossary/term/nsa_css_technical_cyber_threat_framework","abbrSyn":[{"text":"NTCTF","link":"https://csrc.nist.gov/glossary/term/ntctf"}],"definitions":null},{"term":"NSA-approved commercial solution","link":"https://csrc.nist.gov/glossary/term/nsa_approved_commercial_solution","definitions":[{"text":"The combination of multiple commercial-off-the-shelf (COTS) information assurance (IA) products in a layered configuration that satisfies the security requirements of an operational use case, when properly implemented in accordance with NSA-approved requirements and standards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM IA-01-12"}]}]}]},{"term":"NSA-approved cryptography","link":"https://csrc.nist.gov/glossary/term/nsa_approved_cryptography","definitions":[{"text":"Cryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information in a particular environment; and (iii) a supporting key management infrastructure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Cryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information and/or controlled unclassified information in a particular environment; and (iii) a supporting key management infrastructure.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under NSA-Approved Cryptography "}]},{"text":"Cryptography that consists of an approved algorithm, an implementation that has been approved for the protection of classified information and/or controlled unclassified information in a specific environment, and a supporting key management infrastructure.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]}],"seeAlso":[{"text":"Federal Information Processing Standards (FIPS)-validated cryptography"},{"text":"FIPS-validated cryptography","link":"fips_validated_cryptography"},{"text":"FIPS-Validated Cryptography"}]},{"term":"NSA-approved product","link":"https://csrc.nist.gov/glossary/term/nsa_approved_product","definitions":[{"text":"Cryptographic equipment, assembly or component classified or certified by the National Security Agency (NSA) for encrypting and decrypting classified national security information and sensitive information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"NSAPI","link":"https://csrc.nist.gov/glossary/term/nsapi","abbrSyn":[{"text":"Netscape Server Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/netscape_server_application_programming_interface"}],"definitions":null},{"term":"NSC","link":"https://csrc.nist.gov/glossary/term/nsc","abbrSyn":[{"text":"National Security Council","link":"https://csrc.nist.gov/glossary/term/national_security_council"}],"definitions":null},{"term":"NSC’s Cyber IPC","link":"https://csrc.nist.gov/glossary/term/nsc_cyber_ipc","abbrSyn":[{"text":"National Security Council’s Cyber Interagency Policy Committee","link":"https://csrc.nist.gov/glossary/term/national_security_councils_cyber_interagency_policy_committee"}],"definitions":null},{"term":"NSCI","link":"https://csrc.nist.gov/glossary/term/nsci","abbrSyn":[{"text":"National Strategic Computing Initiative","link":"https://csrc.nist.gov/glossary/term/national_strategic_computing_initiative"}],"definitions":null},{"term":"NSD","link":"https://csrc.nist.gov/glossary/term/nsd","abbrSyn":[{"text":"National Security Directive","link":"https://csrc.nist.gov/glossary/term/national_security_directive"}],"definitions":null},{"term":"NSDD","link":"https://csrc.nist.gov/glossary/term/nsdd","abbrSyn":[{"text":"National Security Decision Directive","link":"https://csrc.nist.gov/glossary/term/national_security_decision_directive"}],"definitions":null},{"term":"NSEC","link":"https://csrc.nist.gov/glossary/term/nsec","abbrSyn":[{"text":"Next Secure","link":"https://csrc.nist.gov/glossary/term/next_secure"}],"definitions":null},{"term":"NSEC3","link":"https://csrc.nist.gov/glossary/term/nsec3","abbrSyn":[{"text":"Hashed Next Secure","link":"https://csrc.nist.gov/glossary/term/hashed_next_secure"}],"definitions":null},{"term":"NSF","link":"https://csrc.nist.gov/glossary/term/nsf","abbrSyn":[{"text":"National Science Foundation","link":"https://csrc.nist.gov/glossary/term/national_science_foundation"}],"definitions":null},{"term":"NSI","link":"https://csrc.nist.gov/glossary/term/nsi","abbrSyn":[{"text":"National Security Information"}],"definitions":[{"text":"Information that has been determined pursuant to Executive Order 12958 as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under National Security Information "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under National Security Information "}]}]},{"term":"NSP","link":"https://csrc.nist.gov/glossary/term/nsp","abbrSyn":[{"text":"Network Service Provider","link":"https://csrc.nist.gov/glossary/term/network_service_provider"}],"definitions":null},{"term":"NSPD","link":"https://csrc.nist.gov/glossary/term/nspd","abbrSyn":[{"text":"National Security Presidential Directive","link":"https://csrc.nist.gov/glossary/term/national_security_presidential_directive"}],"definitions":null},{"term":"NSRL","link":"https://csrc.nist.gov/glossary/term/nsrl","abbrSyn":[{"text":"National Software Reference Library","link":"https://csrc.nist.gov/glossary/term/national_software_reference_library"}],"definitions":null},{"term":"NSS","link":"https://csrc.nist.gov/glossary/term/nss","abbrSyn":[{"text":"National Security System"}],"definitions":[{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency— (i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency (i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"Any information system (including any telecommunications system) used or operated by an agency or by a contractor on behalf of an agency, or any other organization on behalf of an agency –\n(i) the function, operation, or use of which: involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapon system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example payroll, finance, logistics, and personnel management applications); or \n(ii) is protected at all times by procedures established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under National Security System ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]}]},{"term":"NSS baselines","link":"https://csrc.nist.gov/glossary/term/nss_baselines","definitions":[{"text":"The combination of NIST SP 800-53 baselines (represented by an “X”) and the additional NIST SP 800-53 security controls required for National Security System (NSS) (represented by a “+”) that are applicable to NSS.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"NSTAC","link":"https://csrc.nist.gov/glossary/term/nstac","abbrSyn":[{"text":"National Security Telecommunications Advisory Committee","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_advisory_committee"},{"text":"President’s National Security Telecommunications Advisory Committee","link":"https://csrc.nist.gov/glossary/term/presidents_national_security_telecommunications_advisory_committee"}],"definitions":null},{"term":"NSTISSAM","link":"https://csrc.nist.gov/glossary/term/nstissam","abbrSyn":[{"text":"National Security Telecommunications and Information Systems Security Advisory/Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_advisory_information_memorandum"}],"definitions":null},{"term":"NSTISSC","link":"https://csrc.nist.gov/glossary/term/nstissc","abbrSyn":[{"text":"National Security Telecommunications and Information Systems Security Committee","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_committee"}],"definitions":null},{"term":"NSTISSD","link":"https://csrc.nist.gov/glossary/term/nstissd","abbrSyn":[{"text":"National Security Telecommunications and Information Systems Security Directive","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_directive"}],"definitions":null},{"term":"NSTISSI","link":"https://csrc.nist.gov/glossary/term/nstissi","abbrSyn":[{"text":"National Security Telecommunications and Information System Security Instruction","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_system_security_instruction"},{"text":"National Security Telecommunications and Information Systems Security Instruction","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_instruction"}],"definitions":null},{"term":"NSTISSP","link":"https://csrc.nist.gov/glossary/term/nstissp","abbrSyn":[{"text":"National Security Telecommunications and Information Systems Security Policy","link":"https://csrc.nist.gov/glossary/term/national_security_telecommunications_and_information_systems_security_policy"}],"definitions":null},{"term":"NSWC","link":"https://csrc.nist.gov/glossary/term/nswc","abbrSyn":[{"text":"Naval Surface Warfare Center","link":"https://csrc.nist.gov/glossary/term/naval_surface_warfare_center"}],"definitions":null},{"term":"NSX for vSphere","link":"https://csrc.nist.gov/glossary/term/nsx_for_vsphere","abbrSyn":[{"text":"NSX-V","link":"https://csrc.nist.gov/glossary/term/nsx_v"}],"definitions":null},{"term":"NSX-V","link":"https://csrc.nist.gov/glossary/term/nsx_v","abbrSyn":[{"text":"NSX for vSphere","link":"https://csrc.nist.gov/glossary/term/nsx_for_vsphere"}],"definitions":null},{"term":"NT File System","link":"https://csrc.nist.gov/glossary/term/nt_file_system","abbrSyn":[{"text":"NTFS","link":"https://csrc.nist.gov/glossary/term/ntfs"}],"definitions":null},{"term":"NTCTF","link":"https://csrc.nist.gov/glossary/term/ntctf","abbrSyn":[{"text":"NSA/CSS Technical Cyber Threat Framework","link":"https://csrc.nist.gov/glossary/term/nsa_css_technical_cyber_threat_framework"}],"definitions":null},{"term":"NTFS","link":"https://csrc.nist.gov/glossary/term/ntfs","abbrSyn":[{"text":"New Technology File System","link":"https://csrc.nist.gov/glossary/term/new_technology_file_system"},{"text":"NT File System","link":"https://csrc.nist.gov/glossary/term/nt_file_system"},{"text":"Windows NT File System","link":"https://csrc.nist.gov/glossary/term/windows_nt_file_system"}],"definitions":null},{"term":"NTI","link":"https://csrc.nist.gov/glossary/term/nti","abbrSyn":[{"text":"New Technologies Inc.","link":"https://csrc.nist.gov/glossary/term/new_technologies"}],"definitions":null},{"term":"NTIA","link":"https://csrc.nist.gov/glossary/term/ntia","abbrSyn":[{"text":"National Telecommunications and Information Administration","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_administration"}],"definitions":null},{"term":"NTISSAM","link":"https://csrc.nist.gov/glossary/term/ntissam","abbrSyn":[{"text":"National Telecommunications and Information Systems Security Advisory/Information Memorandum","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_advisory_information_memorandum"}],"definitions":null},{"term":"NTISSD","link":"https://csrc.nist.gov/glossary/term/ntissd","abbrSyn":[{"text":"National Telecommunications and Information Systems Security Directive","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_directive"}],"definitions":null},{"term":"NTISSI","link":"https://csrc.nist.gov/glossary/term/ntissi","abbrSyn":[{"text":"National Telecommunications and Information Systems Security Instruction","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_instruction"}],"definitions":null},{"term":"NTISSP","link":"https://csrc.nist.gov/glossary/term/ntissp","abbrSyn":[{"text":"National Telecommunications and Information Systems Security Policy","link":"https://csrc.nist.gov/glossary/term/national_telecommunications_and_information_systems_security_policy"}],"definitions":null},{"term":"NTL","link":"https://csrc.nist.gov/glossary/term/ntl","abbrSyn":[{"text":"Network Trust Link","link":"https://csrc.nist.gov/glossary/term/network_trust_link"}],"definitions":null},{"term":"NTLS","link":"https://csrc.nist.gov/glossary/term/ntls","abbrSyn":[{"text":"Network Trust Link Service","link":"https://csrc.nist.gov/glossary/term/network_trust_link_service"}],"definitions":null},{"term":"NTP","link":"https://csrc.nist.gov/glossary/term/ntp","abbrSyn":[{"text":"Network Time Protocol","link":"https://csrc.nist.gov/glossary/term/network_time_protocol"}],"definitions":null},{"term":"NTP SEC","link":"https://csrc.nist.gov/glossary/term/ntp_sec","abbrSyn":[{"text":"NTP Security Notice","link":"https://csrc.nist.gov/glossary/term/ntp_security_notice"}],"definitions":null},{"term":"NTP Security Notice","link":"https://csrc.nist.gov/glossary/term/ntp_security_notice","abbrSyn":[{"text":"NTP SEC","link":"https://csrc.nist.gov/glossary/term/ntp_sec"}],"definitions":null},{"term":"NTPv4","link":"https://csrc.nist.gov/glossary/term/ntpv4","abbrSyn":[{"text":"Network Time Protocol Version 4","link":"https://csrc.nist.gov/glossary/term/network_time_protocol_version_4"}],"definitions":null},{"term":"NTSB","link":"https://csrc.nist.gov/glossary/term/ntsb","abbrSyn":[{"text":"National Transportation Safety Board","link":"https://csrc.nist.gov/glossary/term/national_transportation_safety_board"}],"definitions":null},{"term":"NTT","link":"https://csrc.nist.gov/glossary/term/ntt","abbrSyn":[{"text":"number theoretic transform","link":"https://csrc.nist.gov/glossary/term/number_theoretic_transform"},{"text":"Number Theoretic Transform"}],"definitions":null},{"term":"NTTAA","link":"https://csrc.nist.gov/glossary/term/nttaa","abbrSyn":[{"text":"National Technology Transfer and Advancement Act","link":"https://csrc.nist.gov/glossary/term/national_technology_transfer_and_advancement_act"}],"definitions":null},{"term":"NUC","link":"https://csrc.nist.gov/glossary/term/nuc","abbrSyn":[{"text":"Next Unit of Computing","link":"https://csrc.nist.gov/glossary/term/next_unit_of_computing"}],"definitions":null},{"term":"Nuclear Command and Control Information Assurance Material (NCCIM)","link":"https://csrc.nist.gov/glossary/term/nuclear_command_and_control_information_assurance_material","definitions":[{"text":"Information Assurance materials necessary to assure release of a nuclear weapon at the direction of the President and to secure against the unauthorized use of a nuclear weapon.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Policy 3-3"}]}]}]},{"term":"Nuclear Energy Agency","link":"https://csrc.nist.gov/glossary/term/nuclear_energy_agency","abbrSyn":[{"text":"NEA","link":"https://csrc.nist.gov/glossary/term/nea"}],"definitions":null},{"term":"Nuclear Energy Institute","link":"https://csrc.nist.gov/glossary/term/nuclear_energy_institute","abbrSyn":[{"text":"nei","link":"https://csrc.nist.gov/glossary/term/nei"}],"definitions":null},{"term":"null","link":"https://csrc.nist.gov/glossary/term/null","definitions":[{"text":"Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"NUMA","link":"https://csrc.nist.gov/glossary/term/numa","abbrSyn":[{"text":"Non-Uniform Memory Access","link":"https://csrc.nist.gov/glossary/term/non_uniform_memory_access"}],"definitions":null},{"term":"number theoretic transform","link":"https://csrc.nist.gov/glossary/term/number_theoretic_transform","abbrSyn":[{"text":"NTT","link":"https://csrc.nist.gov/glossary/term/ntt"}],"definitions":null},{"term":"NVD","link":"https://csrc.nist.gov/glossary/term/nvd","abbrSyn":[{"text":"National Vulnerability Database","link":"https://csrc.nist.gov/glossary/term/national_vulnerability_database"}],"definitions":[{"text":"The U.S. Government repository of standards-based vulnerability management data, enabling automation of vulnerability management, security measurement, and compliance (e.g., FISMA).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under National Vulnerability Database ","refSources":[{"text":"NVD","link":"https://nvd.nist.gov/"}]}]},{"text":"The U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data informs automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under National Vulnerability Database "},{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4","underTerm":" under National Vulnerability Database ","refSources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]}]},{"term":"NVDIMM","link":"https://csrc.nist.gov/glossary/term/nvdimm","abbrSyn":[{"text":"Non-Volatile Dual In-Line Memory Module","link":"https://csrc.nist.gov/glossary/term/non_volatile_dual_in_line_memory_module"}],"definitions":null},{"term":"NVLAP","link":"https://csrc.nist.gov/glossary/term/nvlap","abbrSyn":[{"text":"National Voluntary Laboratory Accreditation Program","link":"https://csrc.nist.gov/glossary/term/national_voluntary_laboratory_accreditation_program"}],"definitions":null},{"term":"NVM","link":"https://csrc.nist.gov/glossary/term/nvm","abbrSyn":[{"text":"Non Volatile Memory","link":"https://csrc.nist.gov/glossary/term/non_volatile_memory"}],"definitions":null},{"term":"NVMe","link":"https://csrc.nist.gov/glossary/term/nvme","abbrSyn":[{"text":"Non Volatile Memory express","link":"https://csrc.nist.gov/glossary/term/non_volatile_memory_express"}],"definitions":null},{"term":"NVMe over Fibre","link":"https://csrc.nist.gov/glossary/term/nvme_over_fibre","abbrSyn":[{"text":"NVMe-oF","link":"https://csrc.nist.gov/glossary/term/nvme_of"}],"definitions":null},{"term":"NVMe-oF","link":"https://csrc.nist.gov/glossary/term/nvme_of","abbrSyn":[{"text":"NVMe over Fibre","link":"https://csrc.nist.gov/glossary/term/nvme_over_fibre"}],"definitions":null},{"term":"NVO3","link":"https://csrc.nist.gov/glossary/term/nvo3","abbrSyn":[{"text":"Network Virtualization Overlay","link":"https://csrc.nist.gov/glossary/term/network_virtualization_overlay"}],"definitions":null},{"term":"NVRAM","link":"https://csrc.nist.gov/glossary/term/nvram","abbrSyn":[{"text":"Non-Volatile Random-Access Memory","link":"https://csrc.nist.gov/glossary/term/non_volatile_random_access_memory"}],"definitions":null},{"term":"NW","link":"https://csrc.nist.gov/glossary/term/nw","abbrSyn":[{"text":"Non-Secure World","link":"https://csrc.nist.gov/glossary/term/non_secure_world"},{"text":"Normal World","link":"https://csrc.nist.gov/glossary/term/normal_world"}],"definitions":null},{"term":"NW3C","link":"https://csrc.nist.gov/glossary/term/nw3c","abbrSyn":[{"text":"National White Collar Crime Center","link":"https://csrc.nist.gov/glossary/term/national_white_collar_crime_center"}],"definitions":null},{"term":"O","link":"https://csrc.nist.gov/glossary/term/o","definitions":[{"text":"Output Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"O/S","link":"https://csrc.nist.gov/glossary/term/o_s","abbrSyn":[{"text":"Organization or Information System","link":"https://csrc.nist.gov/glossary/term/organization_or_information_system"}],"definitions":null},{"term":"O1,…,O64","link":"https://csrc.nist.gov/glossary/term/output_block_bits","definitions":[{"text":"Bits of the Output Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"OA","link":"https://csrc.nist.gov/glossary/term/oa","abbrSyn":[{"text":"Ongoing Authorization"}],"definitions":null},{"term":"OADR","link":"https://csrc.nist.gov/glossary/term/oadr","abbrSyn":[{"text":"Originating Agency’s Determination Required","link":"https://csrc.nist.gov/glossary/term/originating_agency_determination_required"}],"definitions":null},{"term":"OAEP","link":"https://csrc.nist.gov/glossary/term/oaep","abbrSyn":[{"text":"Optimal Asymmetric Encryption Padding","link":"https://csrc.nist.gov/glossary/term/optimal_asymmetric_encryption_padding"}],"definitions":null},{"term":"OAL","link":"https://csrc.nist.gov/glossary/term/oal","abbrSyn":[{"text":"Original Equipment Manufacture Adaptation Layer","link":"https://csrc.nist.gov/glossary/term/original_equipment_manufacture_adaptation_layer"}],"definitions":null},{"term":"OAM","link":"https://csrc.nist.gov/glossary/term/oam","abbrSyn":[{"text":"Operational and Access Management","link":"https://csrc.nist.gov/glossary/term/operational_and_access_management"}],"definitions":null},{"term":"OASIS","link":"https://csrc.nist.gov/glossary/term/oasis","abbrSyn":[{"text":"Open Access Same-Time Information Systems","link":"https://csrc.nist.gov/glossary/term/open_access_same_time_information_systems"},{"text":"Organization for Advancement of Structured Information Standards"},{"text":"Organization for the Advancement of Structured Information Standards","link":"https://csrc.nist.gov/glossary/term/organization_for_the_advancement_of_structured_information_standards"}],"definitions":null},{"term":"OASIS Structured Threat Information Expression","link":"https://csrc.nist.gov/glossary/term/oasis_structured_threat_information_expression","abbrSyn":[{"text":"STIX","link":"https://csrc.nist.gov/glossary/term/stix"}],"definitions":null},{"term":"OASIS Trusted Automated Exchange of Indicator Information","link":"https://csrc.nist.gov/glossary/term/oasis_trusted_automated_exchange_of_indicator_information","abbrSyn":[{"text":"TAXII","link":"https://csrc.nist.gov/glossary/term/taxii"}],"definitions":null},{"term":"OAuth","link":"https://csrc.nist.gov/glossary/term/oauth","abbrSyn":[{"text":"Open Authorization","link":"https://csrc.nist.gov/glossary/term/open_authorization"}],"definitions":null},{"term":"OBD-II","link":"https://csrc.nist.gov/glossary/term/obd_ii","abbrSyn":[{"text":"On-Board Diagnostic II","link":"https://csrc.nist.gov/glossary/term/on_board_diagnostic_ii"}],"definitions":null},{"term":"object","link":"https://csrc.nist.gov/glossary/term/object","abbrSyn":[{"text":"Object, Assessment","link":"https://csrc.nist.gov/glossary/term/object_assessment"},{"text":"Resource"}],"definitions":[{"text":"An entity to be protected from unauthorized use.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]},{"text":"A passive entity that contains or receives information. Note that access to an object potentially implies access to the information it contains.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Object "}]},{"text":"Passive system-related entity, including devices, files, records, tables, processes, programs, and domains that contain or receive information. Access to an object (by a subject) implies access to the information it contains. See subject.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"An operating system abstraction that is visible at the application program interface, has a unique name, and capable of being shared.  In this document, the following are resources: files, programs, directories, databases, mini-disks, and special files.  In this document, the following are not resources: records, blocks, pages, segments, bits, bytes, words, fields, and processors.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Resource "}]},{"text":"the set of passive entities within the system, protected from unauthorized use.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under Object "}]},{"text":"A passive entity that contains or receives information.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Object "}]},{"text":"See Object, Assessment.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Object "}]},{"text":"Assessment objects identify the specific items being assessed, and as such, can have one or more security defects. Assessment objects include specifications, mechanisms, activities, and individuals which in turn may include, but are not limited to, devices, software products, software executables, credentials, accounts, account-privileges, things to which privileges are granted (including data and physical facilities), etc. See SP 800-53A.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Object, Assessment "}]}],"seeAlso":[{"text":"subject","link":"subject"},{"text":"Subject"}]},{"term":"object attribute","link":"https://csrc.nist.gov/glossary/term/object_attribute","abbrSyn":[{"text":"resource attribute"}],"definitions":null},{"term":"Object Identification","link":"https://csrc.nist.gov/glossary/term/object_identification","abbrSyn":[{"text":"OID","link":"https://csrc.nist.gov/glossary/term/oid"}],"definitions":null},{"term":"Object Linking and Embedding","link":"https://csrc.nist.gov/glossary/term/object_linking_and_embedding","abbrSyn":[{"text":"OLE","link":"https://csrc.nist.gov/glossary/term/ole"}],"definitions":null},{"term":"Object Management Group","link":"https://csrc.nist.gov/glossary/term/object_management_group","abbrSyn":[{"text":"OMG","link":"https://csrc.nist.gov/glossary/term/omg"}],"definitions":null},{"term":"Object Naming Service","link":"https://csrc.nist.gov/glossary/term/object_naming_service","abbrSyn":[{"text":"ONS","link":"https://csrc.nist.gov/glossary/term/ons"}],"definitions":[{"text":"An inter-enterprise subsystem for the EPCglobal Network that provides network resolution services that direct EPC queries to the location where information associated with that EPC can be accessed by authorized users.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"object reuse","link":"https://csrc.nist.gov/glossary/term/object_reuse","note":"(C.F.D.)","definitions":[{"text":"Reassignment and reuse of a storage medium containing one or more objects after ensuring no residual data remains on the storage medium. \nRationale: Term has been replaced by the term “residual information protection”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Object, Assessment","link":"https://csrc.nist.gov/glossary/term/object_assessment","abbrSyn":[{"text":"Assessment Object"},{"text":"Object"}],"definitions":[{"text":"The item (i.e., specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment Object "}]},{"text":"The item (specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment Object ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Object "}]},{"text":"the set of passive entities within the system, protected from unauthorized use.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under Object "}]},{"text":"A passive entity that contains or receives information.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Object "}]},{"text":"See Object, Assessment.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Assessment Object "},{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Object "}]},{"text":"Assessment objects identify the specific items being assessed, and as such, can have one or more security defects. Assessment objects include specifications, mechanisms, activities, and individuals which in turn may include, but are not limited to, devices, software products, software executables, credentials, accounts, account-privileges, things to which privileges are granted (including data and physical facilities), etc. See SP 800-53A.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Obligation","link":"https://csrc.nist.gov/glossary/term/obligation","definitions":[{"text":"An operation specified in a policy or policy set that should be performed by the PEP in conjunction with the enforcement of an authorization decision.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"OASIS XACML 2.0 Specification","link":"https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf"}]}]}]},{"term":"obscured data","link":"https://csrc.nist.gov/glossary/term/obscured_data","definitions":[{"text":"data that has been distorted by cryptographic or other means to hide information. It is also referred to as being masked or obfuscated.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Obscured Data "},{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"Observable","link":"https://csrc.nist.gov/glossary/term/observable","definitions":[{"text":"An event (benign or malicious) on a network or system.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"term":"OCB","link":"https://csrc.nist.gov/glossary/term/ocb","abbrSyn":[{"text":"Offset CodeBook","link":"https://csrc.nist.gov/glossary/term/offset_codebook"}],"definitions":null},{"term":"OCC","link":"https://csrc.nist.gov/glossary/term/occ","abbrSyn":[{"text":"On-card Biometric Comparison"},{"text":"On-Card biometric Comparison","link":"https://csrc.nist.gov/glossary/term/on_card_biometric_comparison"},{"text":"On-card comparison","link":"https://csrc.nist.gov/glossary/term/on_card_comparison"},{"text":"On-Card Biometric One-to-One Comparison","link":"https://csrc.nist.gov/glossary/term/on_card_biometric_one_to_one_comparison"}],"definitions":null},{"term":"Occupant Emergency Plan","link":"https://csrc.nist.gov/glossary/term/occupant_emergency_plan","abbrSyn":[{"text":"OEP","link":"https://csrc.nist.gov/glossary/term/oep"}],"definitions":null},{"term":"Occupation Safety and Health Administration","link":"https://csrc.nist.gov/glossary/term/occupation_safety_and_health_administration","abbrSyn":[{"text":"OSHA","link":"https://csrc.nist.gov/glossary/term/osha"}],"definitions":null},{"term":"OCF","link":"https://csrc.nist.gov/glossary/term/ocf","abbrSyn":[{"text":"Open Connectivity Foundation","link":"https://csrc.nist.gov/glossary/term/open_connectivity_foundation"}],"definitions":null},{"term":"OCI","link":"https://csrc.nist.gov/glossary/term/oci","abbrSyn":[{"text":"Open Container Initiative","link":"https://csrc.nist.gov/glossary/term/open_container_initiative"},{"text":"Organizational Conflict of Interest","link":"https://csrc.nist.gov/glossary/term/organizational_conflict_of_interest"}],"definitions":null},{"term":"OCIL","link":"https://csrc.nist.gov/glossary/term/ocil","abbrSyn":[{"text":"Open Checklist Interactive Language"}],"definitions":null},{"term":"OCIO","link":"https://csrc.nist.gov/glossary/term/ocio","abbrSyn":[{"text":"Office of the Chief Information Officer","link":"https://csrc.nist.gov/glossary/term/office_of_the_chief_information_officer"}],"definitions":null},{"term":"OCO","link":"https://csrc.nist.gov/glossary/term/oco","abbrSyn":[{"text":"Offensive Cyberspace Operations"}],"definitions":null},{"term":"OCP","link":"https://csrc.nist.gov/glossary/term/ocp","abbrSyn":[{"text":"OpenShift Container Platform","link":"https://csrc.nist.gov/glossary/term/openshift_container_platform"}],"definitions":null},{"term":"OCPI","link":"https://csrc.nist.gov/glossary/term/ocpi","abbrSyn":[{"text":"Open Charge Point Interface","link":"https://csrc.nist.gov/glossary/term/open_charge_point_interface"}],"definitions":null},{"term":"OCPP","link":"https://csrc.nist.gov/glossary/term/ocpp","abbrSyn":[{"text":"Open Charge Point Protocol","link":"https://csrc.nist.gov/glossary/term/open_charge_point_protocol"}],"definitions":null},{"term":"OCR","link":"https://csrc.nist.gov/glossary/term/ocr","abbrSyn":[{"text":"Office for Civil Rights","link":"https://csrc.nist.gov/glossary/term/office_for_civil_rights"}],"definitions":null},{"term":"OCSP","link":"https://csrc.nist.gov/glossary/term/ocsp","abbrSyn":[{"text":"Online Certificate Status Protocol"}],"definitions":null},{"term":"OCTAVE","link":"https://csrc.nist.gov/glossary/term/octave","abbrSyn":[{"text":"Operationally Critical Threat, Asset, and Vulnerability Evaluation","link":"https://csrc.nist.gov/glossary/term/operationally_critical_threat_asset_and_vulnerability_evaluation"}],"definitions":null},{"term":"octet","link":"https://csrc.nist.gov/glossary/term/octet","definitions":[{"text":"A string of eight bits.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Octet "}]},{"text":"A group of eight binary digits.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Octet "}]},{"text":"A string of eight bits. Often referred to as a byte.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Octet Length","link":"https://csrc.nist.gov/glossary/term/octet_length","definitions":[{"text":"The number of octets in an octet string.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"Octet String","link":"https://csrc.nist.gov/glossary/term/octet_string","definitions":[{"text":"An ordered sequence of octets.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"OD","link":"https://csrc.nist.gov/glossary/term/od","abbrSyn":[{"text":"On-Demand Self-Service"}],"definitions":null},{"term":"ODBC","link":"https://csrc.nist.gov/glossary/term/odbc","abbrSyn":[{"text":"Open Database Connectivity","link":"https://csrc.nist.gov/glossary/term/open_database_connectivity"}],"definitions":null},{"term":"ODM","link":"https://csrc.nist.gov/glossary/term/odm","abbrSyn":[{"text":"Original Design Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_design_manufacturer"},{"text":"Original Device Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_device_manufacturer"}],"definitions":null},{"term":"ODNI","link":"https://csrc.nist.gov/glossary/term/odni","abbrSyn":[{"text":"Office of the Director of National Intelligence","link":"https://csrc.nist.gov/glossary/term/office_of_the_director_of_national_intelligence"}],"definitions":null},{"term":"ODP","link":"https://csrc.nist.gov/glossary/term/odp","abbrSyn":[{"text":"organization-defined parameter","link":"https://csrc.nist.gov/glossary/term/organization_defined_parameter"}],"definitions":[{"text":"The variable part of a control or control enhancement that is instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under organization-defined parameter "}]},{"text":"See assignment operation and selection operation.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under organization-defined parameter "}]},{"text":"The variable part of a security requirement that is instantiated by an organization during the tailoring process by assigning an organization-defined value as part of the requirement.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under organization-defined parameter ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]}]},{"term":"ODV","link":"https://csrc.nist.gov/glossary/term/odv","abbrSyn":[{"text":"Organization-Defined Value","link":"https://csrc.nist.gov/glossary/term/organization_defined_value"}],"definitions":null},{"term":"OECD","link":"https://csrc.nist.gov/glossary/term/oecd","abbrSyn":[{"text":"Organisation for Economic Co-operation and Development","link":"https://csrc.nist.gov/glossary/term/organisation_for_economic_co_operation_and_development"}],"definitions":null},{"term":"OEM","link":"https://csrc.nist.gov/glossary/term/oem","abbrSyn":[{"text":"Original Equipment Manufacture"},{"text":"original equipment manufacturer"},{"text":"Original Equipment Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_equipment_manufacturer"}],"definitions":null},{"term":"OEM Service Release 2","link":"https://csrc.nist.gov/glossary/term/oem_service_release_2","abbrSyn":[{"text":"OSR2","link":"https://csrc.nist.gov/glossary/term/osr2"}],"definitions":null},{"term":"OEP","link":"https://csrc.nist.gov/glossary/term/oep","abbrSyn":[{"text":"Occupant Emergency Plan","link":"https://csrc.nist.gov/glossary/term/occupant_emergency_plan"}],"definitions":null},{"term":"OET","link":"https://csrc.nist.gov/glossary/term/oet","abbrSyn":[{"text":"Office of Engineering and Technology","link":"https://csrc.nist.gov/glossary/term/office_of_engineering_and_technology"}],"definitions":null},{"term":"OFB","link":"https://csrc.nist.gov/glossary/term/ofb","abbrSyn":[{"text":"Output Feedback","link":"https://csrc.nist.gov/glossary/term/output_feedback"},{"text":"Output FeedBack"},{"text":"Output Feedback Block","link":"https://csrc.nist.gov/glossary/term/output_feedback_block"},{"text":"Output Feedback mode"}],"definitions":null},{"term":"OFDM","link":"https://csrc.nist.gov/glossary/term/ofdm","abbrSyn":[{"text":"Orthogonal Frequency Division Multiplexing","link":"https://csrc.nist.gov/glossary/term/orthogonal_frequency_division_multiplexing"},{"text":"Orthogonal Frequency-Division Multiplexing"}],"definitions":null},{"term":"Off-Card","link":"https://csrc.nist.gov/glossary/term/off_card","definitions":[{"text":"Refers to data that is not stored within the PIV Card or to a computation that is not performed by the Integrated Circuit Chip (ICC) of the PIV Card.","sources":[{"text":"FIPS 201","note":" [version unknown]"},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Off-Chain","link":"https://csrc.nist.gov/glossary/term/off_chain","definitions":[{"text":"Refers to data that is stored or a process that is implemented and executed outside of any blockchain system.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"offensive cyberspace operations (OCO)","link":"https://csrc.nist.gov/glossary/term/offensive_cyberspace_operations","abbrSyn":[{"text":"OCO","link":"https://csrc.nist.gov/glossary/term/oco"}],"definitions":[{"text":"Cyberspace operations intended to project power by the application of force in or through cyberspace.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-12","link":"https://www.jcs.mil/Doctrine/"}]}]}]},{"term":"Office for Civil Rights","link":"https://csrc.nist.gov/glossary/term/office_for_civil_rights","abbrSyn":[{"text":"OCR","link":"https://csrc.nist.gov/glossary/term/ocr"}],"definitions":null},{"term":"Office for Human Research Protections","link":"https://csrc.nist.gov/glossary/term/office_for_human_research_protections","abbrSyn":[{"text":"OHRP","link":"https://csrc.nist.gov/glossary/term/ohrp"}],"definitions":null},{"term":"Office of Commercial Space Transportation","link":"https://csrc.nist.gov/glossary/term/office_of_commercial_space_transportation","abbrSyn":[{"text":"AST","link":"https://csrc.nist.gov/glossary/term/ast"}],"definitions":null},{"term":"Office of Engineering and Technology","link":"https://csrc.nist.gov/glossary/term/office_of_engineering_and_technology","abbrSyn":[{"text":"OET","link":"https://csrc.nist.gov/glossary/term/oet"}],"definitions":null},{"term":"Office of Information and Regulatory Affairs","link":"https://csrc.nist.gov/glossary/term/office_of_information_and_regulatory_affairs","abbrSyn":[{"text":"OIRA","link":"https://csrc.nist.gov/glossary/term/oira"}],"definitions":null},{"term":"Office of Information Systems Management","link":"https://csrc.nist.gov/glossary/term/office_of_information_systems_management","abbrSyn":[{"text":"OISM","link":"https://csrc.nist.gov/glossary/term/oism"}],"definitions":null},{"term":"Office of Inspector General","link":"https://csrc.nist.gov/glossary/term/office_of_inspector_general","abbrSyn":[{"text":"OIG","link":"https://csrc.nist.gov/glossary/term/oig"}],"definitions":null},{"term":"Office of Management and Budget","link":"https://csrc.nist.gov/glossary/term/office_of_management_and_budget","abbrSyn":[{"text":"OMB","link":"https://csrc.nist.gov/glossary/term/omb"}],"definitions":null},{"term":"Office of Personnel Management","link":"https://csrc.nist.gov/glossary/term/office_of_personnel_management","abbrSyn":[{"text":"OPM","link":"https://csrc.nist.gov/glossary/term/opm"}],"definitions":null},{"term":"Office of Planning, Research and Evaluation","link":"https://csrc.nist.gov/glossary/term/office_of_planning_research_and_evaluation","abbrSyn":[{"text":"OPRE","link":"https://csrc.nist.gov/glossary/term/opre"}],"definitions":null},{"term":"Office of Safety, Health and Environment","link":"https://csrc.nist.gov/glossary/term/office_of_safety_health_and_environment","abbrSyn":[{"text":"OSHE","link":"https://csrc.nist.gov/glossary/term/oshe"}],"definitions":null},{"term":"Office of Space Commercialization","link":"https://csrc.nist.gov/glossary/term/office_of_space_commercialization","abbrSyn":[{"text":"OSC","link":"https://csrc.nist.gov/glossary/term/osc"}],"definitions":null},{"term":"Office of the Chief Information Officer","link":"https://csrc.nist.gov/glossary/term/office_of_the_chief_information_officer","abbrSyn":[{"text":"OCIO","link":"https://csrc.nist.gov/glossary/term/ocio"}],"definitions":null},{"term":"Office of the Director of National Intelligence","link":"https://csrc.nist.gov/glossary/term/office_of_the_director_of_national_intelligence","abbrSyn":[{"text":"ODNI","link":"https://csrc.nist.gov/glossary/term/odni"}],"definitions":null},{"term":"Office of the Inspector General","link":"https://csrc.nist.gov/glossary/term/office_of_the_inspector_general","abbrSyn":[{"text":"OIG","link":"https://csrc.nist.gov/glossary/term/oig"}],"definitions":null},{"term":"Office of the National Coordinator","link":"https://csrc.nist.gov/glossary/term/office_of_the_national_coordinator","abbrSyn":[{"text":"ONC","link":"https://csrc.nist.gov/glossary/term/onc"}],"definitions":null},{"term":"Official CPE Dictionary","link":"https://csrc.nist.gov/glossary/term/official_cpe_dictionary","definitions":[{"text":"The authoritative repository of identifier names, which is hosted by NIST.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"Official Identifier CPE Name","link":"https://csrc.nist.gov/glossary/term/official_identifier_cpe_name","definitions":[{"text":"Any bound representation of a CPE WFN that uniquely identifies a single product class and is contained within the Official CPE Dictionary.","sources":[{"text":"NISTIR 7697","link":"https://doi.org/10.6028/NIST.IR.7697"}]}]},{"term":"official information","link":"https://csrc.nist.gov/glossary/term/official_information","definitions":[{"text":"All information of any kind, however stored, that is in the custody and control of the Department/Agency (D/A), relates to information in the custody and control of the D/A, or was acquired by D/A employees, or former employees, as part of their official duties or because of their official status within the D/A while such individuals were employed by or served on behalf of the D/A.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"Title 6 CFR 5.41","link":"https://www.govinfo.gov/app/details/CFR-2012-title6-vol1/CFR-2012-title6-vol1-sec5-41"}]}]}]},{"term":"Offline Attack","link":"https://csrc.nist.gov/glossary/term/offline_attack","definitions":[{"text":"An attack where the Attacker obtains some data (typically by eavesdropping on an authentication protocol run or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Off-line Attack "}]}]},{"term":"off-line cryptosystem","link":"https://csrc.nist.gov/glossary/term/off_line_cryptosystem","definitions":[{"text":"Cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Offline Test","link":"https://csrc.nist.gov/glossary/term/offline_test","definitions":[{"text":"Offline tests use previously captured images as inputs to core biometric implementations. Such tests are repeatable and can readily be scaled to very large populations and large numbers of competing products. They institute a level-playing field and produce robust estimates of the core biometric power of an algorithm.  This style of testing is particularly suited to interoperability testing of a fingerprint template (see [ISOSWAP]).","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"Offset CodeBook","link":"https://csrc.nist.gov/glossary/term/offset_codebook","abbrSyn":[{"text":"OCB","link":"https://csrc.nist.gov/glossary/term/ocb"}],"definitions":null},{"term":"Off-The-Shelf","link":"https://csrc.nist.gov/glossary/term/off_the_shelf","abbrSyn":[{"text":"OTS","link":"https://csrc.nist.gov/glossary/term/ots"}],"definitions":null},{"term":"OFW","link":"https://csrc.nist.gov/glossary/term/ofw","abbrSyn":[{"text":"Outer Firewall","link":"https://csrc.nist.gov/glossary/term/outer_firewall"}],"definitions":null},{"term":"OGSA","link":"https://csrc.nist.gov/glossary/term/ogsa","abbrSyn":[{"text":"Open Grid Services Architecture","link":"https://csrc.nist.gov/glossary/term/open_grid_services_architecture"}],"definitions":null},{"term":"OHRP","link":"https://csrc.nist.gov/glossary/term/ohrp","abbrSyn":[{"text":"Office for Human Research Protections","link":"https://csrc.nist.gov/glossary/term/office_for_human_research_protections"}],"definitions":null},{"term":"OID","link":"https://csrc.nist.gov/glossary/term/oid","abbrSyn":[{"text":"Object Identification","link":"https://csrc.nist.gov/glossary/term/object_identification"},{"text":"Object Identifier"}],"definitions":[{"text":"A globally unique identifier of a data object as defined in ISO/IEC 8824-2.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4","underTerm":" under Object Identifier "}]}]},{"term":"OIDC","link":"https://csrc.nist.gov/glossary/term/oidc","abbrSyn":[{"text":"OpenID Connect","link":"https://csrc.nist.gov/glossary/term/openid_connect"}],"definitions":null},{"term":"OIF","link":"https://csrc.nist.gov/glossary/term/oif","abbrSyn":[{"text":"Open Identity Federation","link":"https://csrc.nist.gov/glossary/term/open_identity_federation"}],"definitions":null},{"term":"OIG","link":"https://csrc.nist.gov/glossary/term/oig","abbrSyn":[{"text":"Office of Inspector General","link":"https://csrc.nist.gov/glossary/term/office_of_inspector_general"},{"text":"Office of the Inspector General","link":"https://csrc.nist.gov/glossary/term/office_of_the_inspector_general"}],"definitions":null},{"term":"OIMO","link":"https://csrc.nist.gov/glossary/term/oimo","definitions":[{"text":"Organization Identity Management Official; The individual responsible for overseeing the operations of an issuer in accordance with [FIPS 201-2] and for performing the responsibilities specified in this guideline.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"OIRA","link":"https://csrc.nist.gov/glossary/term/oira","abbrSyn":[{"text":"Office of Information and Regulatory Affairs","link":"https://csrc.nist.gov/glossary/term/office_of_information_and_regulatory_affairs"}],"definitions":null},{"term":"OISM","link":"https://csrc.nist.gov/glossary/term/oism","abbrSyn":[{"text":"Office of Information Systems Management","link":"https://csrc.nist.gov/glossary/term/office_of_information_systems_management"}],"definitions":null},{"term":"OLA","link":"https://csrc.nist.gov/glossary/term/ola","abbrSyn":[{"text":"Operating-Level Agreement","link":"https://csrc.nist.gov/glossary/term/operating_level_agreement"},{"text":"Operations Level Agreement","link":"https://csrc.nist.gov/glossary/term/operations_level_agreement"}],"definitions":null},{"term":"OLE","link":"https://csrc.nist.gov/glossary/term/ole","abbrSyn":[{"text":"Object Linking and Embedding","link":"https://csrc.nist.gov/glossary/term/object_linking_and_embedding"}],"definitions":null},{"term":"OLE for Process Control","link":"https://csrc.nist.gov/glossary/term/ole_for_process_control","abbrSyn":[{"text":"OPC","link":"https://csrc.nist.gov/glossary/term/opc"}],"definitions":null},{"term":"OLIR","link":"https://csrc.nist.gov/glossary/term/olir","abbrSyn":[{"text":"National Online Informative References Program","link":"https://csrc.nist.gov/glossary/term/national_online_informative_references_program"},{"text":"Online Informative Reference"},{"text":"On-Line Informative Reference"},{"text":"Online Informative References"}],"definitions":[{"text":"Relationships between elements of two documents that are recorded in a NIST IR 8278A-compliant format and shared by the OLIR Catalog. There are three types of OLIRs: concept crosswalk, set theory relationship mapping, and supportive relationship mapping.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Online Informative Reference "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Online Informative Reference "}]}]},{"term":"OLIR Catalog","link":"https://csrc.nist.gov/glossary/term/olir_catalog","definitions":[{"text":"The Online Informative References (OLIR) Catalog, which provides information about the Informative References submitted to and accepted by NIST.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204"}]},{"text":"The National OLIR Program’s online site for sharing OLIRs.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"},{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"The OLIR Program’s online site for sharing OLIRs.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"OLIR Developer","link":"https://csrc.nist.gov/glossary/term/olir_developer","abbrSyn":[{"text":"Developer"},{"text":"Informative Reference Developer","link":"https://csrc.nist.gov/glossary/term/informative_reference_developer"}],"definitions":[{"text":"A person, team, or organization that creates an OLIR and submits it to the National OLIR Program.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"A general term that includes: (i) developers or manufacturers of information systems, system components, or information system services; (ii) systems integrators; (iii) vendors; (iv) and product resellers. Development of systems, components, or services can occur internally within organizations (i.e., in-house development) or through external entities.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Developer "}]},{"text":"The party that develops the entire entropy source or the noise source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Developer "}]},{"text":"A general term that includes: (i) developers or manufacturers of information systems, system components, or information system services; (ii) systems integrators; (iii) vendors; and (iv) product resellers. Development of systems, components, or services can occur internally within organizations (i.e., in-house development) or through external entities.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Developer ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Developer "}]},{"text":"A person, team, or organization that creates an Informative Reference.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204","underTerm":" under Developer "}]},{"text":"See Informative Reference Developer.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under Developer "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under Developer "}]},{"text":"A person, team, or organization that creates an Informative Reference and submits it to the National OLIR Program.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under Informative Reference Developer "}]},{"text":"A person, team, or organization that creates an Informative Reference and submits it to the OLIR Program.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under Informative Reference Developer "}]}]},{"term":"OLIR Program","link":"https://csrc.nist.gov/glossary/term/olir_program","definitions":[{"text":"NIST’s Cybersecurity Framework (CSF) Online Informative References Program.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204"}]}]},{"term":"OLIR Template","link":"https://csrc.nist.gov/glossary/term/olir_template","definitions":[{"text":"A spreadsheet that contains the fields necessary for creating a well-formed OLIR for submission to the OLIR Program. It serves as the starting point for the Developer.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"A spreadsheet that contains the fields necessary for creating a well- formed Informative Reference for submission to the OLIR Program. It is available on the Cybersecurity Framework website and serves as the starting point for the Developer.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204"}]},{"text":"A spreadsheet that contains the fields necessary for creating a well-formed Informative Reference for submission to the OLIR Program. It serves as the starting point for the Developer.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"OMA","link":"https://csrc.nist.gov/glossary/term/oma","abbrSyn":[{"text":"Open Mobile Alliance","link":"https://csrc.nist.gov/glossary/term/open_mobile_alliance"}],"definitions":null},{"term":"OMB","link":"https://csrc.nist.gov/glossary/term/omb","abbrSyn":[{"text":"Office of Management and Budget","link":"https://csrc.nist.gov/glossary/term/office_of_management_and_budget"}],"definitions":null},{"term":"OMG","link":"https://csrc.nist.gov/glossary/term/omg","abbrSyn":[{"text":"Object Management Group","link":"https://csrc.nist.gov/glossary/term/object_management_group"}],"definitions":null},{"term":"on behalf of (an agency)","link":"https://csrc.nist.gov/glossary/term/on_behalf_of","definitions":[{"text":"A situation that occurs when: (i) a non-executive branch entity uses or operates an information system or maintains or collects information for the purpose of processing, storing, or transmitting Federal information; and (ii) those activities are not incidental to providing a service or product to the government.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]},{"text":"A situation that occurs when: (i) a non-executive branch entity uses or operates an information system or maintains or collects information for the purpose of processing, storing, or transmitting federal information; and (ii) those activities are not incidental to providing a service or product to the Government.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"32 C.F.R., Sec. 2002","link":"https://www.govinfo.gov/app/details/CFR-2020-title32-vol6/CFR-2020-title32-vol6-part2002"}]}]}]},{"term":"On-Access Scanning","link":"https://csrc.nist.gov/glossary/term/on_access_scanning","definitions":[{"text":"Performing real-time scans on a computer of each file as it is downloaded, opened, or executed.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]"}]},{"text":"Configuring a security tool to perform real-time scans of each file for malware as the file is downloaded, opened, or executed.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]}]},{"term":"On-Board Diagnostic II","link":"https://csrc.nist.gov/glossary/term/on_board_diagnostic_ii","abbrSyn":[{"text":"OBD-II","link":"https://csrc.nist.gov/glossary/term/obd_ii"}],"definitions":null},{"term":"Onboarding","link":"https://csrc.nist.gov/glossary/term/onboarding","definitions":[{"text":"The process by which a device obtains the credentials (e.g., network SSID and password) that it needs in order to gain access to a wired or wireless network.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"ONC","link":"https://csrc.nist.gov/glossary/term/onc","abbrSyn":[{"text":"Office of the National Coordinator","link":"https://csrc.nist.gov/glossary/term/office_of_the_national_coordinator"}],"definitions":null},{"term":"On-Card","link":"https://csrc.nist.gov/glossary/term/on_card","definitions":[{"text":"Refers to data that is stored within the PIV Card or to a computation that is performed by the Integrated Circuit Chip (ICC) of the PIV Card.","sources":[{"text":"FIPS 201","note":" [version unknown]"},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"On-Card biometric Comparison","link":"https://csrc.nist.gov/glossary/term/on_card_biometric_comparison","abbrSyn":[{"text":"OCC","link":"https://csrc.nist.gov/glossary/term/occ"}],"definitions":null},{"term":"On-card comparison","link":"https://csrc.nist.gov/glossary/term/on_card_comparison","abbrSyn":[{"text":"OCC","link":"https://csrc.nist.gov/glossary/term/occ"}],"definitions":null},{"term":"On-Card Biometric One-to-One Comparison","link":"https://csrc.nist.gov/glossary/term/on_card_biometric_one_to_one_comparison","abbrSyn":[{"text":"OCC","link":"https://csrc.nist.gov/glossary/term/occ"}],"definitions":null},{"term":"On-Chain","link":"https://csrc.nist.gov/glossary/term/on_chain","definitions":[{"text":"Refers to data that is stored or a process that is implemented and executed within a blockchain system.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"On-Demand Scanning","link":"https://csrc.nist.gov/glossary/term/on_demand_scanning","definitions":[{"text":"Launching scans of a computer manually as needed.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]"}]},{"text":"Allowing users to launch security tool scans for malware on a computer as desired.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]}]},{"term":"On-demand self-service","link":"https://csrc.nist.gov/glossary/term/on_demand_self_service","abbrSyn":[{"text":"OD","link":"https://csrc.nist.gov/glossary/term/od"}],"definitions":[{"text":"A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"one-part code","link":"https://csrc.nist.gov/glossary/term/one_part_code","definitions":[{"text":"Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One-part codes are normally small codes used to pass small volumes of low-sensitivity information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"one-source mapping","link":"https://csrc.nist.gov/glossary/term/one_source_mapping","definitions":[{"text":"A mapping between concepts within a single concept source.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]}]},{"term":"one-time cryptosystem","link":"https://csrc.nist.gov/glossary/term/one_time_cryptosystem","definitions":[{"text":"Cryptosystem employing key used only once.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"one-time pad (OTP)","link":"https://csrc.nist.gov/glossary/term/one_time_pad","abbrSyn":[{"text":"OTP","link":"https://csrc.nist.gov/glossary/term/otp"}],"definitions":[{"text":"Manual one-time cryptosystem produced in pad form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Onetime Password","link":"https://csrc.nist.gov/glossary/term/onetime_password","abbrSyn":[{"text":"OTP","link":"https://csrc.nist.gov/glossary/term/otp"}],"definitions":null},{"term":"One-time password","link":"https://csrc.nist.gov/glossary/term/one_time_password","abbrSyn":[{"text":"OTP","link":"https://csrc.nist.gov/glossary/term/otp"}],"definitions":null},{"term":"One-time signature","link":"https://csrc.nist.gov/glossary/term/one_time_signature","abbrSyn":[{"text":"OTS","link":"https://csrc.nist.gov/glossary/term/ots"}],"definitions":null},{"term":"one-time tape (OTT)","link":"https://csrc.nist.gov/glossary/term/one_time_tape","abbrSyn":[{"text":"OTT","link":"https://csrc.nist.gov/glossary/term/ott"}],"definitions":[{"text":"Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"One-to-one","link":"https://csrc.nist.gov/glossary/term/one_to_one","definitions":[{"text":"Of or relating to biometric verification in which submitted feature data is compared with that of one, claimed, identity.","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"one-way hash algorithm","link":"https://csrc.nist.gov/glossary/term/one_way_hash_algorithm","definitions":[{"text":"Hash algorithms which map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-49","link":"https://doi.org/10.6028/NIST.SP.800-49"}]}]}]},{"term":"one-way transfer device","link":"https://csrc.nist.gov/glossary/term/one_way_transfer_device","definitions":[{"text":"A hardware or software mechanism that only permits data to move in one direction and does not allow the flow of data in the opposite direction.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"One-way under Chosen-Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/one_way_under_chosen_plaintext_attack","abbrSyn":[{"text":"OW-CPA","link":"https://csrc.nist.gov/glossary/term/ow_cpa"}],"definitions":null},{"term":"ongoing assessment and authorization","link":"https://csrc.nist.gov/glossary/term/ongoing_assessment_and_authorization","abbrSyn":[{"text":"information security continuous monitoring (ISCM)","link":"https://csrc.nist.gov/glossary/term/information_security_continuous_monitoring"},{"text":"OA","link":"https://csrc.nist.gov/glossary/term/oa"}],"definitions":[{"text":"Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. \nNote: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information. \nSee organizational information security continuous monitoring and automated security monitoring.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information security continuous monitoring (ISCM) ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"See information security continuous monitoring (ISCM).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under ongoing authorization "}]},{"text":"The continuous evaluation of the effectiveness of security control or privacy control implementation; with respect to security controls, a subset of Information Security Continuous Monitoring (ISCM) activities.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Ongoing Assessment "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Ongoing Assessment "}]},{"text":"The continuous evaluation of the effectiveness of security control implementation; it is not separate from ISCM but in fact is a subset of ISCM activities.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Ongoing Assessment "}]}]},{"term":"Online Attack","link":"https://csrc.nist.gov/glossary/term/online_attack","definitions":[{"text":"An attack against an authentication protocol where the Attacker either assumes the role of a Claimant with a genuine Verifier or actively alters the authentication channel.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Online Certificate Status Protocol (OCSP)","link":"https://csrc.nist.gov/glossary/term/online_certificate_status_protocol","abbrSyn":[{"text":"OCSP","link":"https://csrc.nist.gov/glossary/term/ocsp"}],"definitions":[{"text":"An online protocol used to determine the status of a public key certificate.","sources":[{"text":"FIPS 201","note":" [version unknown]","refSources":[{"text":"RFC 2560","link":"https://doi.org/10.17487/RFC2560"}]},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","refSources":[{"text":"RFC 6960","link":"https://doi.org/10.17487/RFC6960"}]}]}]},{"term":"Online Certificate Status Protocol responder","link":"https://csrc.nist.gov/glossary/term/online_certificate_status_protocol_responder","definitions":[{"text":"A PKI entity that verifies the revocation status of certificates following the Online Certificate Status Protocol (specified in RFC 6960).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"online cryptosystem","link":"https://csrc.nist.gov/glossary/term/online_cryptosystem","definitions":[{"text":"Cryptographic system in which encryption and decryption are performed in association with the transmitting and receiving functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Online Guessing Attack","link":"https://csrc.nist.gov/glossary/term/online_guessing_attack","definitions":[{"text":"An attack in which an attacker performs repeated logon trials by guessing possible values of the authenticator output.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An attack in which an Attacker performs repeated logon trials by guessing possible values of the token authenticator.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"ONS","link":"https://csrc.nist.gov/glossary/term/ons","abbrSyn":[{"text":"Object Naming Service","link":"https://csrc.nist.gov/glossary/term/object_naming_service"}],"definitions":[{"text":"An inter-enterprise subsystem for the EPCglobal Network that provides network resolution services that direct EPC queries to the location where information associated with that EPC can be accessed by authorized users.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Object Naming Service "}]}]},{"term":"OOB","link":"https://csrc.nist.gov/glossary/term/oob","abbrSyn":[{"text":"Out of Band"},{"text":"Out-of-Band"}],"definitions":[{"text":"Communication between parties utilizing a means or method that differs from the current method of communication (e.g., one party uses U.S. Postal Service mail to communicate with another party where current communication is occurring online).","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Out-of-Band "}]}]},{"term":"OPC","link":"https://csrc.nist.gov/glossary/term/opc","abbrSyn":[{"text":"Object Linking and Embedding for Process Control"},{"text":"OLE for Process Control","link":"https://csrc.nist.gov/glossary/term/ole_for_process_control"},{"text":"Open Platform Communication","link":"https://csrc.nist.gov/glossary/term/open_platform_communication"},{"text":"Open Platform Communications","link":"https://csrc.nist.gov/glossary/term/open_platform_communications"}],"definitions":null},{"term":"OPCODE","link":"https://csrc.nist.gov/glossary/term/opcode","abbrSyn":[{"text":"Operations Code"}],"definitions":null},{"term":"Open Access Same-Time Information Systems","link":"https://csrc.nist.gov/glossary/term/open_access_same_time_information_systems","abbrSyn":[{"text":"OASIS","link":"https://csrc.nist.gov/glossary/term/oasis"}],"definitions":null},{"term":"Open Authorization","link":"https://csrc.nist.gov/glossary/term/open_authorization","abbrSyn":[{"text":"OAuth","link":"https://csrc.nist.gov/glossary/term/oauth"}],"definitions":null},{"term":"Open Charge Point Interface","link":"https://csrc.nist.gov/glossary/term/open_charge_point_interface","abbrSyn":[{"text":"OCPI","link":"https://csrc.nist.gov/glossary/term/ocpi"}],"definitions":null},{"term":"Open Charge Point Protocol","link":"https://csrc.nist.gov/glossary/term/open_charge_point_protocol","abbrSyn":[{"text":"OCPP","link":"https://csrc.nist.gov/glossary/term/ocpp"}],"definitions":null},{"term":"Open Checklist Interactive Language (OCIL)","link":"https://csrc.nist.gov/glossary/term/open_checklist_interactive_language","abbrSyn":[{"text":"OCIL","link":"https://csrc.nist.gov/glossary/term/ocil"}],"definitions":[{"text":"SCAP language for expressing security checks that cannot be evaluated without some human interaction or feedback.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Open Connectivity Foundation","link":"https://csrc.nist.gov/glossary/term/open_connectivity_foundation","abbrSyn":[{"text":"OCF","link":"https://csrc.nist.gov/glossary/term/ocf"}],"definitions":null},{"term":"Open Container Initiative","link":"https://csrc.nist.gov/glossary/term/open_container_initiative","abbrSyn":[{"text":"OCI","link":"https://csrc.nist.gov/glossary/term/oci"}],"definitions":null},{"term":"Open Database Connectivity","link":"https://csrc.nist.gov/glossary/term/open_database_connectivity","abbrSyn":[{"text":"ODBC","link":"https://csrc.nist.gov/glossary/term/odbc"}],"definitions":null},{"term":"Open Grid Services Architecture","link":"https://csrc.nist.gov/glossary/term/open_grid_services_architecture","abbrSyn":[{"text":"OGSA","link":"https://csrc.nist.gov/glossary/term/ogsa"}],"definitions":null},{"term":"Open Group Risk Analysis and Taxonomy","link":"https://csrc.nist.gov/glossary/term/open_group_risk_analysis_and_taxonomy","abbrSyn":[{"text":"OpenFAIR","link":"https://csrc.nist.gov/glossary/term/openfair"}],"definitions":null},{"term":"Open Identity Federation","link":"https://csrc.nist.gov/glossary/term/open_identity_federation","abbrSyn":[{"text":"OIF","link":"https://csrc.nist.gov/glossary/term/oif"}],"definitions":null},{"term":"Open Mobile Alliance","link":"https://csrc.nist.gov/glossary/term/open_mobile_alliance","abbrSyn":[{"text":"OMA","link":"https://csrc.nist.gov/glossary/term/oma"}],"definitions":null},{"term":"Open Platform Communication","link":"https://csrc.nist.gov/glossary/term/open_platform_communication","abbrSyn":[{"text":"OPC","link":"https://csrc.nist.gov/glossary/term/opc"}],"definitions":null},{"term":"Open Platform Communications","link":"https://csrc.nist.gov/glossary/term/open_platform_communications","abbrSyn":[{"text":"OPC","link":"https://csrc.nist.gov/glossary/term/opc"}],"definitions":null},{"term":"Open Pretty Good Privacy (OpenPGP)","link":"https://csrc.nist.gov/glossary/term/open_pretty_good_privacy","abbrSyn":[{"text":"OpenPGP","link":"https://csrc.nist.gov/glossary/term/openpgp"}],"definitions":[{"text":"A protocol defined in IETF RFCs 2440 and 3156 for encrypting messages and creating certificates using public key cryptography. Most mail clients do not support OpenPGP by default; instead, third-party plug-ins can be used in conjunction with the mail clients. OpenPGP uses a “web of trust” model for key management, which relies on users for management and control, making it unsuitable for medium to large implementations.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Open Relay Blacklist","link":"https://csrc.nist.gov/glossary/term/open_relay_blacklist","abbrSyn":[{"text":"ORB","link":"https://csrc.nist.gov/glossary/term/orb"}],"definitions":null},{"term":"Open Security Controls Assessment Language","link":"https://csrc.nist.gov/glossary/term/open_security_controls_assessment_language","abbrSyn":[{"text":"OSCAL","link":"https://csrc.nist.gov/glossary/term/oscal"}],"definitions":null},{"term":"Open Shortest Path First","link":"https://csrc.nist.gov/glossary/term/open_shortest_path_first","abbrSyn":[{"text":"OSPF","link":"https://csrc.nist.gov/glossary/term/ospf"}],"definitions":null},{"term":"Open Source HIDS SECurity","link":"https://csrc.nist.gov/glossary/term/open_source_hids_security","abbrSyn":[{"text":"OSSEC","link":"https://csrc.nist.gov/glossary/term/ossec"}],"definitions":null},{"term":"Open Source Security Testing Methodology Manual","link":"https://csrc.nist.gov/glossary/term/open_source_security_testing_methodology_manual","abbrSyn":[{"text":"OSSTMM","link":"https://csrc.nist.gov/glossary/term/osstmm"}],"definitions":null},{"term":"Open Source Software","link":"https://csrc.nist.gov/glossary/term/open_source_software","abbrSyn":[{"text":"OSS","link":"https://csrc.nist.gov/glossary/term/oss"}],"definitions":null},{"term":"open storage","link":"https://csrc.nist.gov/glossary/term/open_storage","definitions":[{"text":"1. Any storage of classified national security information outside of approved containers. This includes classified information that is resident on information systems media and outside of an approved storage container, regardless of whether or not that media is in use (i.e., unattended operations). Open storage of classified cryptographic material and equipment must be done within an approved COMSEC facility, vault, or secure room when authorized personnel are not present.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"2. Storage of classified information within an approved facility not requiring use of General Services Administration-approved storage containers while the facility is not occupied by authorized personnel.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"Open Supervised Device Protocol","link":"https://csrc.nist.gov/glossary/term/open_supervised_device_protocol","abbrSyn":[{"text":"OSDP","link":"https://csrc.nist.gov/glossary/term/osdp"}],"definitions":null},{"term":"Open System","link":"https://csrc.nist.gov/glossary/term/open_system","definitions":[{"text":"A system that allows entities from different enterprises to access information related to tags used in the system. Open systems use an inter-enterprise subsystem to share information between entities.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Open Systems Interconnection","link":"https://csrc.nist.gov/glossary/term/open_systems_interconnection","abbrSyn":[{"text":"OSI","link":"https://csrc.nist.gov/glossary/term/osi"}],"definitions":null},{"term":"Open Travel Alliance","link":"https://csrc.nist.gov/glossary/term/open_travel_alliance","abbrSyn":[{"text":"OTA","link":"https://csrc.nist.gov/glossary/term/ota"}],"definitions":null},{"term":"Open Trusted Technology Provider Standard","link":"https://csrc.nist.gov/glossary/term/open_trusted_technology_provider_standard","abbrSyn":[{"text":"O-TTPS","link":"https://csrc.nist.gov/glossary/term/o_ttps"}],"definitions":null},{"term":"Open Virtual Appliance","link":"https://csrc.nist.gov/glossary/term/open_virtual_appliance","abbrSyn":[{"text":"OVA","link":"https://csrc.nist.gov/glossary/term/ova"}],"definitions":null},{"term":"Open Virtual Appliance or Application","link":"https://csrc.nist.gov/glossary/term/open_virtual_appliance_or_application","abbrSyn":[{"text":"OVA","link":"https://csrc.nist.gov/glossary/term/ova"}],"definitions":null},{"term":"Open Virtualization Appliance","link":"https://csrc.nist.gov/glossary/term/open_virtualization_appliance","abbrSyn":[{"text":"OVA","link":"https://csrc.nist.gov/glossary/term/ova"}],"definitions":null},{"term":"Open Virtualization Archive","link":"https://csrc.nist.gov/glossary/term/open_virtualization_archive","abbrSyn":[{"text":"OVA","link":"https://csrc.nist.gov/glossary/term/ova"}],"definitions":null},{"term":"Open Virtualization Format","link":"https://csrc.nist.gov/glossary/term/open_virtualization_format","abbrSyn":[{"text":"OVF","link":"https://csrc.nist.gov/glossary/term/ovf"}],"definitions":null},{"term":"Open Vulnerability and Assessment Language (OVAL)","link":"https://csrc.nist.gov/glossary/term/open_vulnerability_and_assessment_language","abbrSyn":[{"text":"OVAL","link":"https://csrc.nist.gov/glossary/term/oval"}],"definitions":[{"text":"A language for representing system configuration information, assessing machine state, and reporting assessment results.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under open vulnerability assessment language (OVAL) ","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"SCAP language for specifying low-level testing procedures used by checklists.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Open Web Application Security Project","link":"https://csrc.nist.gov/glossary/term/open_web_application_security_project","abbrSyn":[{"text":"OWASP","link":"https://csrc.nist.gov/glossary/term/owasp"}],"definitions":null},{"term":"OpenFAIR","link":"https://csrc.nist.gov/glossary/term/openfair","abbrSyn":[{"text":"Open Group Risk Analysis and Taxonomy","link":"https://csrc.nist.gov/glossary/term/open_group_risk_analysis_and_taxonomy"}],"definitions":null},{"term":"OpenFog RA","link":"https://csrc.nist.gov/glossary/term/openfog_ra","abbrSyn":[{"text":"OpenFog Reference Architecture","link":"https://csrc.nist.gov/glossary/term/openfog_reference_architecture"}],"definitions":null},{"term":"OpenFog Reference Architecture","link":"https://csrc.nist.gov/glossary/term/openfog_reference_architecture","abbrSyn":[{"text":"OpenFog RA","link":"https://csrc.nist.gov/glossary/term/openfog_ra"}],"definitions":null},{"term":"OpenID Connect","link":"https://csrc.nist.gov/glossary/term/openid_connect","abbrSyn":[{"text":"OIDC","link":"https://csrc.nist.gov/glossary/term/oidc"}],"definitions":null},{"term":"OpenPGP","link":"https://csrc.nist.gov/glossary/term/openpgp","abbrSyn":[{"text":"Open Pretty Good Privacy"}],"definitions":null},{"term":"OpenShift Container Platform","link":"https://csrc.nist.gov/glossary/term/openshift_container_platform","abbrSyn":[{"text":"OCP","link":"https://csrc.nist.gov/glossary/term/ocp"}],"definitions":null},{"term":"Operating Expenses","link":"https://csrc.nist.gov/glossary/term/operating_expenses","abbrSyn":[{"text":"OpEx","link":"https://csrc.nist.gov/glossary/term/opex"}],"definitions":null},{"term":"Operating System (OS) Fingerprinting","link":"https://csrc.nist.gov/glossary/term/operating_system_fingerprinting","definitions":[{"text":"Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Operating system virtualization","link":"https://csrc.nist.gov/glossary/term/operating_system_virtualization","definitions":[{"text":"A virtual implementation of the operating system interface that can be used to run applications written for the same operating system.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190","refSources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"text":"A virtual implementation of the OS interface that can be used to run applications written for the same OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"Operation","link":"https://csrc.nist.gov/glossary/term/operation","definitions":[{"text":"the set of access modes or types permitted on objects of the system.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192"}]},{"text":"An active process invoked by a subject.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Operation Security","link":"https://csrc.nist.gov/glossary/term/operation_security","abbrSyn":[{"text":"OPSEC","link":"https://csrc.nist.gov/glossary/term/opsec"}],"definitions":null},{"term":"Operational and Access Management","link":"https://csrc.nist.gov/glossary/term/operational_and_access_management","abbrSyn":[{"text":"OAM","link":"https://csrc.nist.gov/glossary/term/oam"}],"definitions":null},{"term":"operational concept","link":"https://csrc.nist.gov/glossary/term/operational_concept","abbrSyn":[{"text":"concept of operations","link":"https://csrc.nist.gov/glossary/term/concept_of_operations"}],"definitions":[{"text":"Verbal and graphic statement, in broad outline, of an organization’s assumptions or intent in regard to an operation or series of operations of new, modified, or existing organizational systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under concept of operations ","refSources":[{"text":"ANSI/AIAA G-043B-2018","link":"https://webstore.ansi.org/standards/aiaa/ansiaiaa043b2018"}]}]},{"text":"Verbal and graphic statement of an organization’s assumptions or intent in regard to an operation or series of operations of a specific system or a related set of specific new, existing, or modified systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ANSI/AIAA G-043B-2018","link":"https://webstore.ansi.org/standards/aiaa/ansiaiaa043b2018"}]}]},{"text":"See security concept of operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under concept of operations "}]}]},{"term":"operational environment","link":"https://csrc.nist.gov/glossary/term/operational_environment","definitions":[{"text":"Context determining the setting and circumstance of all influences on a delivered system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The type of environment in which the checklist is intended to be applied. Types of operational environments are Standalone, Managed, and Custom (including Specialized Security-Limited Functionality, Legacy, and United States Government).","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4","underTerm":" under Operational Environment "}]},{"text":"Standalone, Managed, or Custom (including Specialized Security-Limited Functionality, Legacy, and United Stated Government).","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]","underTerm":" under Operational Environment "}]},{"text":"Standalone, Managed, or Custom (including Specialized Security-Limited Functionality, Legacy, and Sector Specific).","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]","underTerm":" under Operational Environment "}]}]},{"term":"operational key","link":"https://csrc.nist.gov/glossary/term/operational_key","definitions":[{"text":"Key intended for use over-the-air for protection of operational information or for the production or secure electrical transmission of key streams.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"operational margin","link":"https://csrc.nist.gov/glossary/term/operational_margin","abbrSyn":[{"text":"margin","link":"https://csrc.nist.gov/glossary/term/margin"}],"definitions":[{"text":"A spare amount or measure or degree allowed or given for contingencies or special situations. The allowances carried to account for uncertainties and risks.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under margin ","refSources":[{"text":"MTR210263","link":"https://figshare.com/articles/preprint/Design_Principles_for_Cyber_Physical_Systems_pdf/15175605"}]}]},{"text":"The margin that is designed explicitly to provide space between the worst normal operating condition and the point at which failure occurs (derives from physical design margin).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"}]}]}]},{"term":"operational optimization","link":"https://csrc.nist.gov/glossary/term/operational_optimization","definitions":[{"text":"Selection of those risks from the register that are most valuable based upon leadership preferences, mission objectives, stakeholder sentiment (e.g., those of customers, citizens, or shareholders), and other subjective criteria. Another optimization factor is operational and based on an iterative communications cycle of risk reporting and analytics.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"Operational phase","link":"https://csrc.nist.gov/glossary/term/operational_phase","definitions":[{"text":"A phase in the lifecycle of keying material whereby keying material is used for standard cryptographic purposes.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Operational phase (Operational use) "}]},{"text":"A phase in the lifecycle of a cryptographic key whereby the key is used for standard cryptographic purposes.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"operational resilience","link":"https://csrc.nist.gov/glossary/term/operational_resilience","definitions":[{"text":"The ability of systems to resist, absorb, and recover from, or adapt to an adverse occurrence during operation that may cause harm, destruction, or loss of the ability to perform mission-related functions.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The ability of systems to resist, absorb, and recover from or adapt to an adverse occurrence during operation that may cause harm, destruction, or loss of ability to perform mission-related functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Operational Risk","link":"https://csrc.nist.gov/glossary/term/operational_risk","abbrSyn":[{"text":"OpRisk","link":"https://csrc.nist.gov/glossary/term/op_risk"}],"definitions":null},{"term":"Operational Risk Management","link":"https://csrc.nist.gov/glossary/term/operational_risk_management","abbrSyn":[{"text":"ORM","link":"https://csrc.nist.gov/glossary/term/orm"}],"definitions":null},{"term":"Operational storage","link":"https://csrc.nist.gov/glossary/term/operational_storage","definitions":[{"text":"Storage within an FCKMS where the key can be accessed to perform cryptographic functions during normal operations.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The normal storage of operational keying material during its cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The normal storage of operational keying material during the key’s cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A function in the lifecycle of keying material; the normal storage of operational keying material during its cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Operational Test","link":"https://csrc.nist.gov/glossary/term/operational_test","definitions":[{"text":"Operational tests involve a deployed system and are usually conducted to measure in-the- field performance and user-system interaction effects. Such tests require the members of a human test population to transact with biometric sensors. False acceptance rates may not be measurable, depending on the controls instituted.","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"operational waiver","link":"https://csrc.nist.gov/glossary/term/operational_waiver","definitions":[{"text":"Authority for continued use of unmodified COMSEC end-items pending the completion of a mandatory modification.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Operationalization","link":"https://csrc.nist.gov/glossary/term/operationalization","definitions":[{"text":"Putting MUD implementations into operational service in a manner that is both practical and effective.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Operationally Critical Threat, Asset, and Vulnerability Evaluation","link":"https://csrc.nist.gov/glossary/term/operationally_critical_threat_asset_and_vulnerability_evaluation","abbrSyn":[{"text":"OCTAVE","link":"https://csrc.nist.gov/glossary/term/octave"}],"definitions":null},{"term":"operations code (OPCODE)","link":"https://csrc.nist.gov/glossary/term/operations_code","abbrSyn":[{"text":"OPCODE","link":"https://csrc.nist.gov/glossary/term/opcode"}],"definitions":[{"text":"Code composed largely of words and phrases suitable for general communications use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Operations Level Agreement","link":"https://csrc.nist.gov/glossary/term/operations_level_agreement","abbrSyn":[{"text":"OLA","link":"https://csrc.nist.gov/glossary/term/ola"}],"definitions":null},{"term":"operations security (OPSEC)","link":"https://csrc.nist.gov/glossary/term/operations_security","abbrSyn":[{"text":"OPSEC","link":"https://csrc.nist.gov/glossary/term/opsec"}],"definitions":[{"text":"Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Operations Security ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under operations security ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"1. A process of identifying critical information and analyzing friendly actions attendant to military operations and other activities to: identify those actions that can be observed by adversary intelligence systems; determine indicators and vulnerabilities that adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries, and determine which of these represent an unacceptable risk; then select and execute countermeasures that eliminate the risk to friendly actions and operations or reduce it to an acceptable level.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDD 5205.02E","link":"https://www.esd.whs.mil/Directives/issuances/dodd/"}]}]},{"text":"2. A systematic and proven process intended to deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: (1) identification of critical information; (2) analysis of threats; (3) analysis of vulnerabilities; (4) assessment of risks; and (5) application of appropriate countermeasures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"operator","link":"https://csrc.nist.gov/glossary/term/operator","definitions":[{"text":"An FCKMS role that is authorized to operate an FCKMS (e.g., initiate the FCKMS, monitor performance, and perform backups), as directed by the system administrator.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Operator "}]},{"text":"Individual or organization that performs the operations of a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"OpEx","link":"https://csrc.nist.gov/glossary/term/opex","abbrSyn":[{"text":"Operating Expenses","link":"https://csrc.nist.gov/glossary/term/operating_expenses"}],"definitions":null},{"term":"OPM","link":"https://csrc.nist.gov/glossary/term/opm","abbrSyn":[{"text":"Office of Personnel Management","link":"https://csrc.nist.gov/glossary/term/office_of_personnel_management"},{"text":"Ordering Privilege Manager"}],"definitions":null},{"term":"Opportunity","link":"https://csrc.nist.gov/glossary/term/opportunity","definitions":[{"text":"A condition that may result in a beneficial outcome.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"OPRE","link":"https://csrc.nist.gov/glossary/term/opre","abbrSyn":[{"text":"Office of Planning, Research and Evaluation","link":"https://csrc.nist.gov/glossary/term/office_of_planning_research_and_evaluation"}],"definitions":null},{"term":"OpRisk","link":"https://csrc.nist.gov/glossary/term/op_risk","abbrSyn":[{"text":"Operational Risk","link":"https://csrc.nist.gov/glossary/term/operational_risk"}],"definitions":null},{"term":"OPSEC","link":"https://csrc.nist.gov/glossary/term/opsec","abbrSyn":[{"text":"Operation Security","link":"https://csrc.nist.gov/glossary/term/operation_security"},{"text":"Operations Security"}],"definitions":[{"text":"Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Operations Security ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Optical Disk","link":"https://csrc.nist.gov/glossary/term/optical_disk","definitions":[{"text":"A plastic disk that is read using an optical laser device.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Optimal Asymmetric Encryption Padding","link":"https://csrc.nist.gov/glossary/term/optimal_asymmetric_encryption_padding","note":"(RSA mode for key transport)","abbrSyn":[{"text":"OAEP","link":"https://csrc.nist.gov/glossary/term/oaep"}],"definitions":null},{"term":"Option ROM","link":"https://csrc.nist.gov/glossary/term/option_rom","definitions":[{"text":"Firmware that is called by the system BIOS. Option ROMs include BIOS firmware on add-on cards (e.g., video card, hard drive controller, network card) as well as modules which extend the capabilities of the system BIOS.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"optional modification","link":"https://csrc.nist.gov/glossary/term/optional_modification","definitions":[{"text":"National Security Agency (NSA)-approved modification not required for universal implementation by all holders of a COMSEC end-item. This class of modification requires all of the engineering/doctrinal control of mandatory modification but is usually not related to security, safety, TEMPEST, or reliability. See mandatory modification (MAN).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"mandatory modification (MAN)","link":"mandatory_modification"}]},{"term":"ORA","link":"https://csrc.nist.gov/glossary/term/ora","abbrSyn":[{"text":"Organizational Registration Authority"}],"definitions":null},{"term":"Oracle","link":"https://csrc.nist.gov/glossary/term/oracle","definitions":[{"text":"A source of data from outside a blockchain that serves as input for a smart contract.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"ORB","link":"https://csrc.nist.gov/glossary/term/orb","abbrSyn":[{"text":"Open Relay Blacklist","link":"https://csrc.nist.gov/glossary/term/open_relay_blacklist"}],"definitions":null},{"term":"Orchestration","link":"https://csrc.nist.gov/glossary/term/orchestration","definitions":[{"text":"Defines the sequence and conditions in which one Web service invokes other Web services to realize some useful function. An orchestration is the pattern of interactions that a Web service agent must follow to achieve its goal.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"Orchestrator","link":"https://csrc.nist.gov/glossary/term/orchestrator","definitions":[{"text":"A tool that enables DevOps personas or automation working on their behalf to pull images from registries, deploy those images into containers, and manage the running containers. Orchestrators are also responsible for monitoring container resource consumption, job execution, and machine health across hosts.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"ORCON","link":"https://csrc.nist.gov/glossary/term/orcon","abbrSyn":[{"text":"Originator Controlled","link":"https://csrc.nist.gov/glossary/term/originator_controlled"}],"definitions":null},{"term":"ordering privilege manager (OPM)","link":"https://csrc.nist.gov/glossary/term/ordering_privilege_manager","abbrSyn":[{"text":"OPM","link":"https://csrc.nist.gov/glossary/term/opm"}],"definitions":[{"text":"The key management entity (KME) authorized to designate other KME as a short title assignment requester (STAR) or ordering privilege manager (OPM).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Organically Unique Identifier","link":"https://csrc.nist.gov/glossary/term/organically_unique_identifier","abbrSyn":[{"text":"OUI","link":"https://csrc.nist.gov/glossary/term/oui"}],"definitions":null},{"term":"Organisation for Economic Co-operation and Development","link":"https://csrc.nist.gov/glossary/term/organisation_for_economic_co_operation_and_development","abbrSyn":[{"text":"OECD","link":"https://csrc.nist.gov/glossary/term/oecd"}],"definitions":null},{"term":"Organization for the Advancement of Structured Information Standards","link":"https://csrc.nist.gov/glossary/term/organization_for_the_advancement_of_structured_information_standards","abbrSyn":[{"text":"OASIS","link":"https://csrc.nist.gov/glossary/term/oasis"}],"definitions":null},{"term":"Organization or Information System","link":"https://csrc.nist.gov/glossary/term/organization_or_information_system","abbrSyn":[{"text":"O/S","link":"https://csrc.nist.gov/glossary/term/o_s"}],"definitions":null},{"term":"Organization Validated","link":"https://csrc.nist.gov/glossary/term/organization_validated","abbrSyn":[{"text":"OV","link":"https://csrc.nist.gov/glossary/term/ov"}],"definitions":null},{"term":"Organizational Conflict of Interest","link":"https://csrc.nist.gov/glossary/term/organizational_conflict_of_interest","abbrSyn":[{"text":"OCI","link":"https://csrc.nist.gov/glossary/term/oci"}],"definitions":null},{"term":"Organizational Information Security Continuous Monitoring","link":"https://csrc.nist.gov/glossary/term/organizational_information_security_continuous_monitoring","definitions":[{"text":"Ongoing monitoring sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing security control implementation and organizational security status in accordance with organizational risk tolerance – and within a reporting structure designed to make real-time, data-driven risk management decisions.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}],"seeAlso":[{"text":"information security continuous monitoring (ISCM)","link":"information_security_continuous_monitoring"}]},{"term":"organizational registration authority (ORA)","link":"https://csrc.nist.gov/glossary/term/organizational_registration_authority","abbrSyn":[{"text":"ORA","link":"https://csrc.nist.gov/glossary/term/ora"}],"definitions":[{"text":"Entity within the public key infrastructure (PKI) that authenticates the identity and the organizational affiliation of the users.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"an entity that acts an intermediary between the CA and a prospective certificate subject; the CA trusts the ORA to verify the subject's identity and that the subject possesses the private key corresponding to the public key to be bound to that identity in a certificate. Note that equivalent functions are referred to as Local Registration Authority (LRAs) or Registration Authorities (RAs) in some documents.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under Organizational Registration Authority (ORA) "}]}],"seeAlso":[{"text":"accredit","link":"accredit"}]},{"term":"organizational system","link":"https://csrc.nist.gov/glossary/term/organizational_system","definitions":[{"text":"A nonfederal system that processes, stores, or transmits CUI associated with a critical program or high value asset.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"Organizational Unit","link":"https://csrc.nist.gov/glossary/term/organizational_unit","abbrSyn":[{"text":"OU","link":"https://csrc.nist.gov/glossary/term/ou"}],"definitions":null},{"term":"organizational user","link":"https://csrc.nist.gov/glossary/term/organizational_user","definitions":[{"text":"An organizational employee or an individual the organization deemed to have similar status of an employee including, for example, contractor, guest researcher, or individual detailed from another organization.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"An organizational employee or an individual the organization deems to have equivalent status of an employee including, for example, contractor, guest researcher, or individual detailed from another organization.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Organizational Users ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An organizational employee or an individual the organization deems to have equivalent status of an employee including, for example, contractor, guest researcher, individual detailed from another organization. Policy and procedures for granting equivalent status of employees to individuals may include need-to-know, relationship to the organization, and citizenship.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Organizational User "}]},{"text":"An organizational employee or an individual whom the organization deems to have equivalent status of an employee, including a contractor, guest researcher, or individual detailed from another organization. Policies and procedures for granting the equivalent status of employees to individuals may include need-to-know, relationship to the organization, and citizenship.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}],"seeAlso":[{"text":"User"}]},{"term":"organizationally-tailored control baseline","link":"https://csrc.nist.gov/glossary/term/organizationally_tailored_control_baseline","definitions":[{"text":"A control baseline tailored for a defined notional (type of) information system using overlays and/or system-specific control tailoring, and intended for use in selecting controls for multiple systems within one or more organizations.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"organization-defined control parameter","link":"https://csrc.nist.gov/glossary/term/organization_defined_control_parameter","abbrSyn":[{"text":"control parameter","link":"https://csrc.nist.gov/glossary/term/control_parameter"}],"definitions":[{"text":"See organization-defined parameter.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under control parameter "}]},{"text":"See organization-defined control parameter.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under control parameter "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under control parameter "}]},{"text":"The variable part of a control or control enhancement that can be instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a pre-defined list provided as part of the control or control enhancement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The variable part of a control or control enhancement that is instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement. See assignment operation and selection operation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"term":"organization-defined parameter","link":"https://csrc.nist.gov/glossary/term/organization_defined_parameter","abbrSyn":[{"text":"ODP","link":"https://csrc.nist.gov/glossary/term/odp"}],"definitions":[{"text":"The variable part of a control or control enhancement that is instantiated by an organization during the tailoring process by either assigning an organization-defined value or selecting a value from a predefined list provided as part of the control or control enhancement.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"See assignment operation and selection operation.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The variable part of a security requirement that is instantiated by an organization during the tailoring process by assigning an organization-defined value as part of the requirement.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]}]},{"term":"Organization-Defined Value","link":"https://csrc.nist.gov/glossary/term/organization_defined_value","abbrSyn":[{"text":"ODV","link":"https://csrc.nist.gov/glossary/term/odv"}],"definitions":null},{"term":"Original Design Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_design_manufacturer","abbrSyn":[{"text":"ODM","link":"https://csrc.nist.gov/glossary/term/odm"}],"definitions":null},{"term":"Original Device Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_device_manufacturer","abbrSyn":[{"text":"ODM","link":"https://csrc.nist.gov/glossary/term/odm"}],"definitions":null},{"term":"Original Equipment Manufacture Adaptation Layer","link":"https://csrc.nist.gov/glossary/term/original_equipment_manufacture_adaptation_layer","abbrSyn":[{"text":"OAL","link":"https://csrc.nist.gov/glossary/term/oal"}],"definitions":null},{"term":"Original Equipment Manufacturer","link":"https://csrc.nist.gov/glossary/term/original_equipment_manufacturer","abbrSyn":[{"text":"OEM","link":"https://csrc.nist.gov/glossary/term/oem"}],"definitions":null},{"term":"Originating Agency’s Determination Required","link":"https://csrc.nist.gov/glossary/term/originating_agency_determination_required","abbrSyn":[{"text":"OADR","link":"https://csrc.nist.gov/glossary/term/oadr"}],"definitions":null},{"term":"Originator","link":"https://csrc.nist.gov/glossary/term/originator","definitions":[{"text":"An entity that initiates an information exchange or storage event.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Originator Controlled","link":"https://csrc.nist.gov/glossary/term/originator_controlled","abbrSyn":[{"text":"ORCON","link":"https://csrc.nist.gov/glossary/term/orcon"}],"definitions":null},{"term":"Originator-usage period","link":"https://csrc.nist.gov/glossary/term/originator_usage_period","definitions":[{"text":"The period of time in the cryptoperiod of a key during which cryptographic protection may be applied to data using that key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The period of time in the cryptoperiod of a symmetric key during which cryptographic protection may be applied to data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"ORM","link":"https://csrc.nist.gov/glossary/term/orm","abbrSyn":[{"text":"Operational Risk Management","link":"https://csrc.nist.gov/glossary/term/operational_risk_management"}],"definitions":null},{"term":"Orphan block","link":"https://csrc.nist.gov/glossary/term/orphan_block","definitions":[{"text":"Any block that is not in the main chain after a temporary ledger conflict.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"OS","link":"https://csrc.nist.gov/glossary/term/os","abbrSyn":[{"text":"operating system","link":"https://csrc.nist.gov/glossary/term/operating_system"},{"text":"Operating system","link":"https://csrc.nist.gov/glossary/term/operating_system_"},{"text":"Operations System","link":"https://csrc.nist.gov/glossary/term/operations_system"}],"definitions":[{"text":"A collection of software that manages computer hardware resources and provides common services for computer programs.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under operating system "}]},{"text":"The software “master control application” that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under operating system "},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under operating system ","refSources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}]},{"text":"An integrated collection of service routines for supervising the sequencing of programs by a computer. An operating system may perform the functions of input/output control, resource scheduling, and data management. It provides application programs with the fundamental commands for controlling the computer.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under operating system ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under operating system ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]},{"text":"The software “master control application” that runs the computer. It is the first program loaded when the computer is turned on, and its principal component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the mail server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under operating system "}]},{"text":"A program that runs on a computer and provides a software platform on which other programs can run.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under operating system "}]},{"text":"A computer program, implemented in either software or firmware, which acts as an intermediary between users of a computer and the computer hardware. The purpose of an operating system is to provide an environment in which a user can execute applications.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under operating system ","refSources":[{"text":"Operating System Concepts—Third Edition"}]}]}]},{"term":"OSC","link":"https://csrc.nist.gov/glossary/term/osc","abbrSyn":[{"text":"Office of Space Commercialization","link":"https://csrc.nist.gov/glossary/term/office_of_space_commercialization"}],"definitions":null},{"term":"OSCAL","link":"https://csrc.nist.gov/glossary/term/oscal","abbrSyn":[{"text":"Open Security Controls Assessment Language","link":"https://csrc.nist.gov/glossary/term/open_security_controls_assessment_language"}],"definitions":null},{"term":"oscillator","link":"https://csrc.nist.gov/glossary/term/oscillator","definitions":[{"text":"An electronic device used to generate an oscillating signal. The oscillation is based on a periodic event that repeats at a constant rate. The device that controls this event is called a resonator. The resonator needs an energy source so it can sustain oscillation. Taken together, the energy source and resonator form an oscillator. Although many simple types of oscillators (both mechanical and electronic) exist, the two types of oscillators primarily used for time and frequency measurements are quartz oscillators and atomic oscillators.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"OSDP","link":"https://csrc.nist.gov/glossary/term/osdp","abbrSyn":[{"text":"Open Supervised Device Protocol","link":"https://csrc.nist.gov/glossary/term/open_supervised_device_protocol"}],"definitions":null},{"term":"OSHA","link":"https://csrc.nist.gov/glossary/term/osha","abbrSyn":[{"text":"Occupation Safety and Health Administration","link":"https://csrc.nist.gov/glossary/term/occupation_safety_and_health_administration"}],"definitions":null},{"term":"OSHE","link":"https://csrc.nist.gov/glossary/term/oshe","abbrSyn":[{"text":"Office of Safety, Health and Environment","link":"https://csrc.nist.gov/glossary/term/office_of_safety_health_and_environment"}],"definitions":null},{"term":"OSI","link":"https://csrc.nist.gov/glossary/term/osi","abbrSyn":[{"text":"Open System Interconnection"},{"text":"Open Systems Interconnect","link":"https://csrc.nist.gov/glossary/term/open_systems_interconnect"},{"text":"Open Systems Interconnection","link":"https://csrc.nist.gov/glossary/term/open_systems_interconnection"}],"definitions":null},{"term":"OSPF","link":"https://csrc.nist.gov/glossary/term/ospf","abbrSyn":[{"text":"Open Shortest Path First","link":"https://csrc.nist.gov/glossary/term/open_shortest_path_first"}],"definitions":null},{"term":"OSR2","link":"https://csrc.nist.gov/glossary/term/osr2","abbrSyn":[{"text":"OEM Service Release 2","link":"https://csrc.nist.gov/glossary/term/oem_service_release_2"}],"definitions":null},{"term":"OSS","link":"https://csrc.nist.gov/glossary/term/oss","abbrSyn":[{"text":"Open Source Software","link":"https://csrc.nist.gov/glossary/term/open_source_software"}],"definitions":null},{"term":"OSSEC","link":"https://csrc.nist.gov/glossary/term/ossec","abbrSyn":[{"text":"Open Source HIDS SECurity","link":"https://csrc.nist.gov/glossary/term/open_source_hids_security"}],"definitions":null},{"term":"OSSTMM","link":"https://csrc.nist.gov/glossary/term/osstmm","abbrSyn":[{"text":"Open Source Security Testing Methodology Manual","link":"https://csrc.nist.gov/glossary/term/open_source_security_testing_methodology_manual"}],"definitions":null},{"term":"OT","link":"https://csrc.nist.gov/glossary/term/ot","abbrSyn":[{"text":"operational technology","link":"https://csrc.nist.gov/glossary/term/operational_technology"},{"text":"Operational technology"},{"text":"Operational Technology"},{"text":"Operations Technology"}],"definitions":[{"text":"Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment).","sources":[{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Operational Technology ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","note":" - Adapted"}]}]},{"text":"A broad range of programmable systems and devices that interact with the physical environment or manage devices that interact with the physical environment. These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under operational technology "}]},{"text":"Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems/devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under operational technology "}]},{"text":"Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems or devices detect or cause a direct change through the monitoring or control of devices, processes, and events. Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under operational technology "},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under operational technology "}]},{"text":"The hardware, software, and firmware components of a system used to detect or cause changes in physical processes through the direct control and monitoring of physical devices.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under operational technology "}]},{"text":"Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Operational technology ","refSources":[{"text":"Gartner.com","link":"https://www.gartner.com"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Operational technology ","refSources":[{"text":"Gartner.com","link":"https://www.gartner.com"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Operational technology ","refSources":[{"text":"Gartner.com","link":"https://www.gartner.com"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Operational technology ","refSources":[{"text":"Gartner.com","link":"https://www.gartner.com"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Operational technology ","refSources":[{"text":"Gartner.com","link":"https://www.gartner.com"}]}]}]},{"term":"OTA","link":"https://csrc.nist.gov/glossary/term/ota","abbrSyn":[{"text":"Open Travel Alliance","link":"https://csrc.nist.gov/glossary/term/open_travel_alliance"},{"text":"Over the Air","link":"https://csrc.nist.gov/glossary/term/over_the_air"}],"definitions":null},{"term":"OTAD","link":"https://csrc.nist.gov/glossary/term/otad","abbrSyn":[{"text":"Over-the-Air Key Distribution"}],"definitions":null},{"term":"OTAR","link":"https://csrc.nist.gov/glossary/term/otar","abbrSyn":[{"text":"Over-the-Air Rekeying"},{"text":"Over-the-Air-Rekeying"}],"definitions":null},{"term":"OTAT","link":"https://csrc.nist.gov/glossary/term/otat","abbrSyn":[{"text":"Over-the-Air Key Transfer"}],"definitions":null},{"term":"other system","link":"https://csrc.nist.gov/glossary/term/other_system","definitions":[{"text":"A system that the system of interest interacts with in the operational environment. These systems may provide services to the system of interest (i.e., the system of interest is dependent on the other systems) or be the beneficiaries of services provided by the system of interest (i.e., other systems are dependent on the system of interest).","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A system that the system-of-interest interacts with in the operational environment. These systems may provide services to the system-of-interest (i.e., the system-of-interest is dependent on the other systems) or be the beneficiaries of services provided by the system-of-interest (i.e., other systems are dependent on the system-of-interest).","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"OtherInput","link":"https://csrc.nist.gov/glossary/term/otherinput","definitions":[{"text":"Other information for key derivation; a bit string.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"OTP","link":"https://csrc.nist.gov/glossary/term/otp","abbrSyn":[{"text":"One-Time Pad"},{"text":"One-time password","link":"https://csrc.nist.gov/glossary/term/one_time_password"},{"text":"Onetime Password","link":"https://csrc.nist.gov/glossary/term/onetime_password"},{"text":"One-Time Password"}],"definitions":null},{"term":"OTS","link":"https://csrc.nist.gov/glossary/term/ots","abbrSyn":[{"text":"Off-The-Shelf","link":"https://csrc.nist.gov/glossary/term/off_the_shelf"},{"text":"One-time signature","link":"https://csrc.nist.gov/glossary/term/one_time_signature"}],"definitions":null},{"term":"OTT","link":"https://csrc.nist.gov/glossary/term/ott","abbrSyn":[{"text":"One-Time Tape"}],"definitions":null},{"term":"O-TTPS","link":"https://csrc.nist.gov/glossary/term/o_ttps","abbrSyn":[{"text":"Open Trusted Technology Provider Standard","link":"https://csrc.nist.gov/glossary/term/open_trusted_technology_provider_standard"},{"text":"Open Trusted Technology Provider™ Standard"}],"definitions":null},{"term":"OU","link":"https://csrc.nist.gov/glossary/term/ou","abbrSyn":[{"text":"Organizational Unit","link":"https://csrc.nist.gov/glossary/term/organizational_unit"},{"text":"Organizational Units"}],"definitions":null},{"term":"OUI","link":"https://csrc.nist.gov/glossary/term/oui","abbrSyn":[{"text":"Organically Unique Identifier","link":"https://csrc.nist.gov/glossary/term/organically_unique_identifier"}],"definitions":null},{"term":"Outage","link":"https://csrc.nist.gov/glossary/term/outage","definitions":[{"text":"A period when a service or an application is not available or when equipment is not operational.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"outcome","link":"https://csrc.nist.gov/glossary/term/outcome","definitions":[{"text":"Result of the performance (or non-performance) of a function or process(es).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/TR 18307:2001","link":"https://www.iso.org/standard/33396.html"}]}]}]},{"term":"Outer Firewall","link":"https://csrc.nist.gov/glossary/term/outer_firewall","abbrSyn":[{"text":"OFW","link":"https://csrc.nist.gov/glossary/term/ofw"}],"definitions":null},{"term":"Output Block","link":"https://csrc.nist.gov/glossary/term/output_block","definitions":[{"text":"A data block that is an output of either the forward cipher function or the inverse cipher function of the block cipher algorithm.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A"}]}]},{"term":"Output Feedback","link":"https://csrc.nist.gov/glossary/term/output_feedback","abbrSyn":[{"text":"OFB","link":"https://csrc.nist.gov/glossary/term/ofb"}],"definitions":null},{"term":"Output Feedback Block","link":"https://csrc.nist.gov/glossary/term/output_feedback_block","abbrSyn":[{"text":"OFB","link":"https://csrc.nist.gov/glossary/term/ofb"}],"definitions":null},{"term":"Output space","link":"https://csrc.nist.gov/glossary/term/output_space","definitions":[{"text":"The set of all possible distinct bitstrings that may be obtained as samples from a digitized noise source.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"outside(r) threat","link":"https://csrc.nist.gov/glossary/term/outsider_threat","definitions":[{"text":"An unauthorized entity outside the security domain that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" - Adapted"}]}]},{"text":"An unauthorized entity from outside the domain perimeter that has the potential to harm an Information System through destruction, disclosure, modification of data, and/or denial of service.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Outside Threat "}]}]},{"term":"OV","link":"https://csrc.nist.gov/glossary/term/ov","abbrSyn":[{"text":"Organization Validated","link":"https://csrc.nist.gov/glossary/term/organization_validated"}],"definitions":null},{"term":"OVA","link":"https://csrc.nist.gov/glossary/term/ova","abbrSyn":[{"text":"Open Virtual Appliance","link":"https://csrc.nist.gov/glossary/term/open_virtual_appliance"},{"text":"Open Virtual Appliance or Application","link":"https://csrc.nist.gov/glossary/term/open_virtual_appliance_or_application"},{"text":"Open Virtualization Appliance","link":"https://csrc.nist.gov/glossary/term/open_virtualization_appliance"},{"text":"Open Virtualization Archive","link":"https://csrc.nist.gov/glossary/term/open_virtualization_archive"}],"definitions":null},{"term":"OVAL","link":"https://csrc.nist.gov/glossary/term/oval","abbrSyn":[{"text":"Open Vulnerability and Assessment Language"},{"text":"Open Vulnerability Assessment Language"}],"definitions":null},{"term":"OVAL ID","link":"https://csrc.nist.gov/glossary/term/oval_id","definitions":[{"text":"An identifier for a specific OVAL definition that conforms to the format for OVAL IDs.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Over the Air","link":"https://csrc.nist.gov/glossary/term/over_the_air","abbrSyn":[{"text":"OTA","link":"https://csrc.nist.gov/glossary/term/ota"}],"definitions":null},{"term":"overlay","link":"https://csrc.nist.gov/glossary/term/overlay","abbrSyn":[{"text":"Security Control Overlay","link":"https://csrc.nist.gov/glossary/term/security_control_overlay"}],"definitions":[{"text":"A specification of security controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Overlay "}]},{"text":"A set of security controls, control enhancements, supplemental guidance, and other supporting information, that is intended to complement (and further refine) security control baselines to provide greater ability to appropriately tailor security requirements for specific technologies or product groups, circumstances and conditions, and/or operational environments. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Overlay ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]}]},{"text":"See Overlay.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Overlay "}]},{"text":"A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A specification of security or privacy controls, control enhancements, supplemental guidance, and other supporting information employed during the tailoring process, that is intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems. See tailoring.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A fully specified set of security controls, control enhancements, and supplemental guidance derived from tailoring a security baseline to fit the user’s specific environment and mission.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Overlay ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Overlay ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]}],"seeAlso":[{"text":"Enhanced Overlay","link":"enhanced_overlay"}]},{"term":"Overlay network","link":"https://csrc.nist.gov/glossary/term/overlay_network","definitions":[{"text":"A software-defined networking component included in most orchestrators that can be used to isolate communication between applications that share the same physical network.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"overt channel","link":"https://csrc.nist.gov/glossary/term/overt_channel","definitions":[{"text":"Communications path within a computer system or network designed for the authorized transfer of data. See covert channel.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"covert channel","link":"covert_channel"}]},{"term":"Overt Testing","link":"https://csrc.nist.gov/glossary/term/overt_testing","definitions":[{"text":"Security testing performed with the knowledge and consent of the organization’s IT staff.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"over-the-air key distribution (OTAD)","link":"https://csrc.nist.gov/glossary/term/over_the_air_key_distribution","abbrSyn":[{"text":"OTAD","link":"https://csrc.nist.gov/glossary/term/otad"}],"definitions":[{"text":"Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"over-the-air key transfer (OTAT)","link":"https://csrc.nist.gov/glossary/term/over_the_air_key_transfer","abbrSyn":[{"text":"OTAT","link":"https://csrc.nist.gov/glossary/term/otat"}],"definitions":[{"text":"Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"over-the-air rekeying (OTAR)","link":"https://csrc.nist.gov/glossary/term/over_the_air_rekeying","abbrSyn":[{"text":"OTAR","link":"https://csrc.nist.gov/glossary/term/otar"}],"definitions":[{"text":"Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"overwrite","link":"https://csrc.nist.gov/glossary/term/overwrite","definitions":[{"text":"Writing one or more patterns of data on top of the physical location of data stored on the media.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"Writing data on top of the physical location of data stored on the media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Overwrite "}]}]},{"term":"overwrite procedure","link":"https://csrc.nist.gov/glossary/term/overwrite_procedure","note":"(C.F.D.)","definitions":[{"text":"A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns.\nRationale: Definition is obvious based on definition of overwrite.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"OVF","link":"https://csrc.nist.gov/glossary/term/ovf","abbrSyn":[{"text":"Open Virtualization Format","link":"https://csrc.nist.gov/glossary/term/open_virtualization_format"}],"definitions":null},{"term":"OWASP","link":"https://csrc.nist.gov/glossary/term/owasp","abbrSyn":[{"text":"Open Web Application Security Project","link":"https://csrc.nist.gov/glossary/term/open_web_application_security_project"}],"definitions":null},{"term":"OW-CPA","link":"https://csrc.nist.gov/glossary/term/ow_cpa","abbrSyn":[{"text":"One-way under Chosen-Plaintext Attack","link":"https://csrc.nist.gov/glossary/term/one_way_under_chosen_plaintext_attack"}],"definitions":null},{"term":"OWL-S","link":"https://csrc.nist.gov/glossary/term/owl_s","abbrSyn":[{"text":"Web Ontology Language for Web Services","link":"https://csrc.nist.gov/glossary/term/web_ontology_language_for_web_services"}],"definitions":null},{"term":"Owner","link":"https://csrc.nist.gov/glossary/term/owner","definitions":[{"text":"A key pair owner is the entity authorized to use the private key of a key pair.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"An OLIR produced by the owner of the Reference Document.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"}]},{"text":"1. For an asymmetric key pair, consisting of a private key and a public key, the owner is the entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"2. For a symmetric key (i.e., a secret key), the entity or entities that are authorized to share and use the key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"For a static public key, static private key and/ or the static key pair containing those components, the owner is the entity that is authorized to use the static private key corresponding to the static public key, whether that entity generated the static key pair itself or a trusted party generated the key pair for the entity. For an ephemeral key pair, ephemeral private key or ephemeral public key, the owner is the entity that generated the ephemeral key pair and uses the ephemeral private key associated with the public key of that key pair.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"For a key pair, the owner is the entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]},{"text":"For a static key pair, the entity that is associated with the public key and authorized to use the private key. For an ephemeral key pair, the owner is the entity that generated the public/private key pair. For a symmetric key, the owner is any entity that is authorized to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Owner (of a key or key pair) "}]},{"text":"A key pair owner is the entity that is authorized to use the private key of a key pair.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"For a symmetric key (i.e., a secret key), the entity or entities that are authorized to share and use the key.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"For an asymmetric key pair, consisting of a private key and a public key, the owner is the entity that is authorized to use the private key associated with a public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"For an asymmetric key pair consisting of a private key and a public key, the owner is the entity that is authorized to use the private key associated with the public key, whether that entity generated the key pair itself or a trusted party generated the key pair for the entity.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A user who can modify the contents of an access control list.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153"}]},{"text":"An Informative Reference produced by the owner of the Reference Document.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"}]},{"text":"For a static key pair, the entity that is associated with the public key and authorized to use the private key. For an ephemeral key pair, the owner is the entity that generated the public/private key pair. For a symmetric key, any entity that is authorized to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"P.L.","link":"https://csrc.nist.gov/glossary/term/p_l_","abbrSyn":[{"text":"Public Law","link":"https://csrc.nist.gov/glossary/term/public_law"}],"definitions":null},{"term":"P_HASH","link":"https://csrc.nist.gov/glossary/term/p_hash","definitions":[{"text":"A function that uses the HMAC-HASH as the core function in its construction. The specification of this function is in RFCs 2246 and 5246.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"P1,…,P64","link":"https://csrc.nist.gov/glossary/term/plaintext_block_bits","definitions":[{"text":"Bits of the Plaintext Block","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"P25","link":"https://csrc.nist.gov/glossary/term/p25","abbrSyn":[{"text":"Project 25","link":"https://csrc.nist.gov/glossary/term/project_25"}],"definitions":null},{"term":"P2P","link":"https://csrc.nist.gov/glossary/term/p2p","abbrSyn":[{"text":"Peer-to-Peer","link":"https://csrc.nist.gov/glossary/term/peer_to_peer"},{"text":"Point-to-Point","link":"https://csrc.nist.gov/glossary/term/point_to_point"}],"definitions":null},{"term":"PA","link":"https://csrc.nist.gov/glossary/term/pa","abbrSyn":[{"text":"Palo Alto Networks","link":"https://csrc.nist.gov/glossary/term/palo_alto_networks"},{"text":"Personal Authorization","link":"https://csrc.nist.gov/glossary/term/personal_authorization"},{"text":"Policy Administrator","link":"https://csrc.nist.gov/glossary/term/policy_administrator"}],"definitions":null},{"term":"PAA","link":"https://csrc.nist.gov/glossary/term/paa","abbrSyn":[{"text":"Principal Accrediting Authority"}],"definitions":null},{"term":"PaaS","link":"https://csrc.nist.gov/glossary/term/paas","abbrSyn":[{"text":"Platform as a Service"}],"definitions":null},{"term":"PAC","link":"https://csrc.nist.gov/glossary/term/pac","abbrSyn":[{"text":"Physical Access Control","link":"https://csrc.nist.gov/glossary/term/physical_access_control"},{"text":"Pointer Authentication Code","link":"https://csrc.nist.gov/glossary/term/pointer_authentication_code"},{"text":"Privilege Attribute Certificate","link":"https://csrc.nist.gov/glossary/term/privilege_attribute_certificate"},{"text":"Process Access Control","link":"https://csrc.nist.gov/glossary/term/process_access_control"},{"text":"Protected Access Credential","link":"https://csrc.nist.gov/glossary/term/protected_access_credential"},{"text":"Proxy Auto Config","link":"https://csrc.nist.gov/glossary/term/proxy_auto_config"}],"definitions":null},{"term":"PACCOR","link":"https://csrc.nist.gov/glossary/term/paccor","abbrSyn":[{"text":"Platform Attribute Certificate Creator","link":"https://csrc.nist.gov/glossary/term/platform_attribute_certificate_creator"}],"definitions":null},{"term":"Pacific Northwest National Laboratory","link":"https://csrc.nist.gov/glossary/term/pacific_nw_natl_lab","abbrSyn":[{"text":"PNNL","link":"https://csrc.nist.gov/glossary/term/pnnl"}],"definitions":null},{"term":"package management system","link":"https://csrc.nist.gov/glossary/term/package_management_system","definitions":[{"text":"An administrative tool or utility that facilitates the installation and maintenance of software on a given host, device or pool of centrally managed hosts, and the reporting of installed software attributes. May also be referred to as package manager, software manager, application manager, or app manager.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"package manifest","link":"https://csrc.nist.gov/glossary/term/package_manifest","definitions":[{"text":"A listing of the contents of a software package.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Packet","link":"https://csrc.nist.gov/glossary/term/packet","definitions":[{"text":"The logical unit of network communications produced by the transport layer.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Packet Capture","link":"https://csrc.nist.gov/glossary/term/packet_capture","abbrSyn":[{"text":"PCAP","link":"https://csrc.nist.gov/glossary/term/pcap"}],"definitions":null},{"term":"Packet Data Convergence Protocol","link":"https://csrc.nist.gov/glossary/term/packet_data_convergence_protocol","abbrSyn":[{"text":"PDCP","link":"https://csrc.nist.gov/glossary/term/pdcp"}],"definitions":null},{"term":"Packet Data Network","link":"https://csrc.nist.gov/glossary/term/packet_data_network","abbrSyn":[{"text":"PDN","link":"https://csrc.nist.gov/glossary/term/pdn"}],"definitions":null},{"term":"Packet Filter","link":"https://csrc.nist.gov/glossary/term/packet_filter","definitions":[{"text":"A routing device that provides access control functionality for host addresses and communication sessions.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]},{"text":"Specifies which types of traffic should be permitted or denied and how permitted traffic should be protected, if at all.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]}]},{"term":"Packet Gateway","link":"https://csrc.nist.gov/glossary/term/packet_gateway","abbrSyn":[{"text":"P-GW","link":"https://csrc.nist.gov/glossary/term/p_gw"}],"definitions":null},{"term":"Packet Number","link":"https://csrc.nist.gov/glossary/term/packet_number","abbrSyn":[{"text":"PN","link":"https://csrc.nist.gov/glossary/term/pn_acronym"}],"definitions":null},{"term":"packet sniffer","link":"https://csrc.nist.gov/glossary/term/packet_sniffer","definitions":[{"text":"Software that observes and records network traffic.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Software that monitors network traffic on wired or wireless networks and captures packets.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Packet Sniffer "}]}]},{"term":"packet sniffer and passive wiretapping","link":"https://csrc.nist.gov/glossary/term/packet_sniffer_and_passive_wiretapping","abbrSyn":[{"text":"sniffer","link":"https://csrc.nist.gov/glossary/term/sniffer"}],"definitions":[{"text":"See packet sniffer and passive wiretapping.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under sniffer "}]}]},{"term":"PACS","link":"https://csrc.nist.gov/glossary/term/pacs","abbrSyn":[{"text":"Physical Access Control System"},{"text":"Physical Access Control Systems"},{"text":"Picture Archiving and Communication System","link":"https://csrc.nist.gov/glossary/term/picture_archiving_and_communication_system"},{"text":"Picture Archiving and Communication System(s)"}],"definitions":[{"text":"An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Physical Access Control System ","refSources":[{"text":"FICAM Roadmap and IG","link":"https://arch.idmanagement.gov/"}]}]}]},{"term":"PAD","link":"https://csrc.nist.gov/glossary/term/pad","abbrSyn":[{"text":"Peer Authorization Database","link":"https://csrc.nist.gov/glossary/term/peer_authorization_database"},{"text":"Presentation Attack Detection"}],"definitions":null},{"term":"page check","link":"https://csrc.nist.gov/glossary/term/page_check","definitions":[{"text":"The verification of the presence of each required page in a physical publication.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Pairwise Main Key","link":"https://csrc.nist.gov/glossary/term/pairwise_main_key","abbrSyn":[{"text":"PMK","link":"https://csrc.nist.gov/glossary/term/pmk"}],"definitions":null},{"term":"Pairwise Master Key","link":"https://csrc.nist.gov/glossary/term/pairwise_master_key","abbrSyn":[{"text":"PMK","link":"https://csrc.nist.gov/glossary/term/pmk"}],"definitions":null},{"term":"Pairwise Master Key Security Association","link":"https://csrc.nist.gov/glossary/term/pairwise_master_key_security_association","abbrSyn":[{"text":"PMKSA","link":"https://csrc.nist.gov/glossary/term/pmksa"}],"definitions":null},{"term":"Pairwise Pseudonymous Identifier","link":"https://csrc.nist.gov/glossary/term/pairwise_pseudonymous_identifier","definitions":[{"text":"An opaque unguessable subscriber identifier generated by a CSP for use at a specific individual RP. This identifier is only known to and only used by one CSP-RP pair.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Pairwise Transient Key","link":"https://csrc.nist.gov/glossary/term/pairwise_transient_key","abbrSyn":[{"text":"PTK","link":"https://csrc.nist.gov/glossary/term/ptk"}],"definitions":null},{"term":"Pairwise Trust","link":"https://csrc.nist.gov/glossary/term/pairwise_trust","definitions":[{"text":"Establishment of trust by two entities that have direct business agreements with each other.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"OASIS Trust Models Guidelines","link":"https://www.oasis-open.org/committees/download.php/6158/sstc-saml-trustmodels-2.0-draft-01.pdf"}]}]}]},{"term":"PAKE","link":"https://csrc.nist.gov/glossary/term/pake","abbrSyn":[{"text":"password authenticated key exchange","link":"https://csrc.nist.gov/glossary/term/password_authenticated_key_exchange"},{"text":"Password Authenticated Key Exchange"}],"definitions":null},{"term":"Palm data dump/duplicate disk","link":"https://csrc.nist.gov/glossary/term/palm_data_dump_duplicate_disk","abbrSyn":[{"text":"pdd","link":"https://csrc.nist.gov/glossary/term/pdd"}],"definitions":null},{"term":"Palm File Format","link":"https://csrc.nist.gov/glossary/term/palm_file_format","abbrSyn":[{"text":"PFF","link":"https://csrc.nist.gov/glossary/term/pff"}],"definitions":null},{"term":"Palm Operating System Emulator","link":"https://csrc.nist.gov/glossary/term/palm_operating_system_emulator","abbrSyn":[{"text":"POSE","link":"https://csrc.nist.gov/glossary/term/pose"}],"definitions":null},{"term":"Palo Alto Networks","link":"https://csrc.nist.gov/glossary/term/palo_alto_networks","abbrSyn":[{"text":"PA","link":"https://csrc.nist.gov/glossary/term/pa"}],"definitions":null},{"term":"Palo Alto Next-Generation Firewall","link":"https://csrc.nist.gov/glossary/term/palo_alto_next_generation_firewall","abbrSyn":[{"text":"PANW","link":"https://csrc.nist.gov/glossary/term/panw"}],"definitions":null},{"term":"PAM","link":"https://csrc.nist.gov/glossary/term/pam","abbrSyn":[{"text":"Privileged Access Management","link":"https://csrc.nist.gov/glossary/term/privileged_access_management"}],"definitions":null},{"term":"PAN","link":"https://csrc.nist.gov/glossary/term/pan","abbrSyn":[{"text":"Personal Area Network","link":"https://csrc.nist.gov/glossary/term/personal_area_network"},{"text":"Privileged Access Never","link":"https://csrc.nist.gov/glossary/term/privileged_access_never"}],"definitions":null},{"term":"Pandemic Influenza","link":"https://csrc.nist.gov/glossary/term/pandemic_influenza","abbrSyn":[{"text":"PI","link":"https://csrc.nist.gov/glossary/term/pi"}],"definitions":null},{"term":"PANW","link":"https://csrc.nist.gov/glossary/term/panw","abbrSyn":[{"text":"Palo Alto Next-Generation Firewall","link":"https://csrc.nist.gov/glossary/term/palo_alto_next_generation_firewall"}],"definitions":null},{"term":"PAO","link":"https://csrc.nist.gov/glossary/term/pao","abbrSyn":[{"text":"Principal Authorizing Official"}],"definitions":null},{"term":"PAOS","link":"https://csrc.nist.gov/glossary/term/paos","abbrSyn":[{"text":"Reverse SOAP","link":"https://csrc.nist.gov/glossary/term/reverse_soap"}],"definitions":null},{"term":"PAP","link":"https://csrc.nist.gov/glossary/term/pap","abbrSyn":[{"text":"Password Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/password_authentication_protocol"},{"text":"Policy Administration Point","link":"https://csrc.nist.gov/glossary/term/policy_administration_point"}],"definitions":null},{"term":"Paperwork Reduction Act","link":"https://csrc.nist.gov/glossary/term/paperwork_reduction_act","abbrSyn":[{"text":"PRA","link":"https://csrc.nist.gov/glossary/term/pra"}],"definitions":null},{"term":"parallel file system","link":"https://csrc.nist.gov/glossary/term/parallel_file_system","abbrSyn":[{"text":"PFS","link":"https://csrc.nist.gov/glossary/term/pfs"}],"definitions":null},{"term":"Parallel NFS","link":"https://csrc.nist.gov/glossary/term/parallel_nfs","abbrSyn":[{"text":"pNFS","link":"https://csrc.nist.gov/glossary/term/pnfs"}],"definitions":null},{"term":"Parallel Redundancy Protocol","link":"https://csrc.nist.gov/glossary/term/parallel_redundancy_protocol","abbrSyn":[{"text":"PRP","link":"https://csrc.nist.gov/glossary/term/prp"}],"definitions":null},{"term":"parameter","link":"https://csrc.nist.gov/glossary/term/parameter","definitions":[{"text":"A value that is used to control the operation of a function or that is used by a function to compute one or more outputs.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Parameter "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Parameter "}]},{"text":"See organization-defined control parameter.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Paravirtualization","link":"https://csrc.nist.gov/glossary/term/paravirtualization","definitions":[{"text":"A method for a hypervisor to offer interfaces to a guest OS that the guest OS can use instead of the normal hardware interfaces.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"parent assessment element","link":"https://csrc.nist.gov/glossary/term/parent_assessment_element","definitions":[{"text":"The assessment element in a prior process step from which the current element was derived.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"Paring Code","link":"https://csrc.nist.gov/glossary/term/paring_code","definitions":[{"text":"An 8 digit code used to establish a relationship between the PIV Card and a device for the purpose of creating the virtual contact interface after secure messaging has been established.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"parity","link":"https://csrc.nist.gov/glossary/term/parity","note":"(C.F.D.)","definitions":[{"text":"Bit(s) used to determine whether a block of data has been altered. \nRationale: Term has been replaced by the term “parity bit”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"parity bit","link":"https://csrc.nist.gov/glossary/term/parity_bit","note":"(C.F.D.)","definitions":[{"text":"A checksum that is computed on a block of bits by computing the binary sum of the individual bits in the block and then discarding all but the low-order bit of the sum. See checksum.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"checksum","link":"checksum"}]},{"term":"Parsec","link":"https://csrc.nist.gov/glossary/term/parsec","abbrSyn":[{"text":"Platform AbstRaction for SECurity","link":"https://csrc.nist.gov/glossary/term/platform_abstraction_for_security"}],"definitions":null},{"term":"Participant Guide","link":"https://csrc.nist.gov/glossary/term/participant_guide","definitions":[{"text":"An exercise document that typically contains the exercise’s purpose, scope, objectives, and scenario, and a copy of the IT plan being exercised","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Partition","link":"https://csrc.nist.gov/glossary/term/partition","definitions":[{"text":"A logical portion of a media that functions as though it were physically separate from other logical portions of the media.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Partitioning","link":"https://csrc.nist.gov/glossary/term/partitioning","definitions":[{"text":"Managing guest operating system access to hardware so that each guest OS can access its own resources but cannot encroach on the other guest OSs’ resources or any resources not allocated for virtualization use.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"party","link":"https://csrc.nist.gov/glossary/term/party","abbrSyn":[{"text":"entity","link":"https://csrc.nist.gov/glossary/term/entity"},{"text":"Entity"}],"definitions":[{"text":"An individual (person), organization, device, or a combination thereof. In this Recommendation, an entity may be a functional unit that executes certain processes.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under entity "}]},{"text":"An individual (person), organization, device, or process. Used interchangeably with “entity.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Party "}]},{"text":"An item inside or outside an information and communication technology system, such as a person, an organization, a device, a subsystem, or a group of such items that has recognizably distinct existence.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under entity ","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]},{"text":"An individual (person), organization, device or process.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under entity "}]},{"text":"An individual (person), organization, device or process. Used interchangeably with “party”.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Entity "},{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device or process. Used interchangeably with “entity”.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Party "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Party "}]},{"text":"An individual (person), organization, device or a combination thereof. “Party” is a synonym. In this Recommendation, an entity may be a functional unit that executes certain processes.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device, or process.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Entity "}]},{"text":"Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information).","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under entity "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under entity "}]},{"text":"An individual (person), organization, device, or process. “Party” is a synonym.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Entity "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device or process.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Entity "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"A human (person/individual/user), organization, device or process.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Entity "}]},{"text":"See Entity.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Party "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Party "},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Party "},{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Party "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Party "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Party "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Party "}]},{"text":"An individual (person), organization, device or process. Used interchangeably with “party.”","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Entity "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device, or process; used interchangeably with “party.”","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Entity "}]},{"text":"item inside or outside an information and communication technology system, such as a person, an organization, a device, a subsystem, or a group of such items that has recognizably distinct existence","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under entity ","refSources":[{"text":"ISO/IEC 24760-1:2011"}]}]},{"text":"An individual, group or an organization participating in an action.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Party "}]},{"text":"A person, device, service, network, domain, manufacturer, or other party who might interact with an IoT device.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","underTerm":" under Entity "},{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under Entity "},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device, or process. “Entity” is a synonym for party.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Party "}]},{"text":"Organization entering into an agreement.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"PAS","link":"https://csrc.nist.gov/glossary/term/pas","abbrSyn":[{"text":"Physical Address Space","link":"https://csrc.nist.gov/glossary/term/physical_address_space"}],"definitions":null},{"term":"passive attack","link":"https://csrc.nist.gov/glossary/term/passive_attack","definitions":[{"text":"An attack that does not alter systems or data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An attack against an authentication protocol where the Attacker intercepts data traveling along the network between the Claimant and Verifier, but does not alter the data (i.e., eavesdropping).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Passive Attack "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Passive Attack "}]}],"seeAlso":[{"text":"active attack","link":"active_attack"}]},{"term":"Passive Security Testing","link":"https://csrc.nist.gov/glossary/term/passive_security_testing","definitions":[{"text":"Security testing that does not involve any direct interaction with the targets, such as sending packets to a target.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Passive Tag","link":"https://csrc.nist.gov/glossary/term/passive_tag","definitions":[{"text":"A tag that does not have its own power supply. Instead, it uses RF energy from the reader for power. Due to the lower power, passive tags have shorter ranges than other tags, but are generally smaller, lighter, and cheaper than other tags.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"passive wiretapping","link":"https://csrc.nist.gov/glossary/term/passive_wiretapping","definitions":[{"text":"The monitoring or recording of data that attempts only to observe a communication flow and gain knowledge of the data it contains, but does not alter or otherwise affect that flow.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949","note":" - Adapted"}]}]}]},{"term":"Passphrase","link":"https://csrc.nist.gov/glossary/term/passphrase","definitions":[{"text":"A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage, but is generally longer for added security.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]},{"text":"A password used to protect an identity key. After entered by a user or  administrator, a passphrase is mathematically converted into large number which serves as a key that is used to encrypt the identity key. In order to decrypt the identity, the passphrase must be entered again so that the same key can be regenerated for decryption.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"password authenticated key exchange","link":"https://csrc.nist.gov/glossary/term/password_authenticated_key_exchange","abbrSyn":[{"text":"PAKE","link":"https://csrc.nist.gov/glossary/term/pake"}],"definitions":null},{"term":"Password Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/password_authentication_protocol","abbrSyn":[{"text":"PAP","link":"https://csrc.nist.gov/glossary/term/pap"}],"definitions":null},{"term":"Password Cracking","link":"https://csrc.nist.gov/glossary/term/password_cracking","definitions":[{"text":"The process of recovering secret passwords stored in a computer system or transmitted over a network.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Password Protected","link":"https://csrc.nist.gov/glossary/term/password_protected","definitions":[{"text":"The ability to protect the contents of a file or device from being accessed until the correct password is entered.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Password-Based Key Derivation Function 2","link":"https://csrc.nist.gov/glossary/term/password_based_key_derivation_function_2","abbrSyn":[{"text":"PBKDF2","link":"https://csrc.nist.gov/glossary/term/pbkdf2"}],"definitions":null},{"term":"PAT","link":"https://csrc.nist.gov/glossary/term/pat","abbrSyn":[{"text":"Port Address Translation","link":"https://csrc.nist.gov/glossary/term/port_address_translation"}],"definitions":null},{"term":"patch","link":"https://csrc.nist.gov/glossary/term/patch","definitions":[{"text":"A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 19770-2"}]}]},{"text":"A “repair job” for a piece of programming; also known as a “fix”. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker's Web site. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under Patch "}]},{"text":"A “repair job” for a piece of programming; also known as a “fix.” A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Patch "}]}]},{"term":"Patch and Update Management Program","link":"https://csrc.nist.gov/glossary/term/patch_and_update_management_program","abbrSyn":[{"text":"PUMP","link":"https://csrc.nist.gov/glossary/term/pump"}],"definitions":null},{"term":"patch level","link":"https://csrc.nist.gov/glossary/term/patch_level","definitions":[{"text":"Denotes either a patch level or a patch set. More specifically, when patches must be applied in order, the patch level is the identifier of the most recently applied patch.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"patch management","link":"https://csrc.nist.gov/glossary/term/patch_management","definitions":[{"text":"The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Patch Management ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"patch set","link":"https://csrc.nist.gov/glossary/term/patch_set","definitions":[{"text":"When patches do not need to be applied in any particular order, the patch set includes all (and only) the applied patches.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"patching","link":"https://csrc.nist.gov/glossary/term/patching","definitions":[{"text":"The act of applying a change to installed software – such as firmware, operating systems, or applications – that corrects security or functionality problems or adds new capabilities.","sources":[{"text":"NIST SP 800-40 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-40r4"},{"text":"NIST SP 1800-31B","link":"https://doi.org/10.6028/NIST.SP.1800-31"}]}]},{"term":"Path Maximum Transmission Unit","link":"https://csrc.nist.gov/glossary/term/path_maximum_transmission_unit","abbrSyn":[{"text":"PMTU","link":"https://csrc.nist.gov/glossary/term/pmtu"}],"definitions":null},{"term":"Path Maximum Transmission Unit Discovery","link":"https://csrc.nist.gov/glossary/term/path_maximum_transmission_unit_discovery","abbrSyn":[{"text":"PMTUD","link":"https://csrc.nist.gov/glossary/term/pmtud"}],"definitions":null},{"term":"Path Validation","link":"https://csrc.nist.gov/glossary/term/path_validation","definitions":[{"text":"The process of verifying the binding between the subject identifier and subject public key in a certificate, based on the public key of a trust anchor, through the validation of a chain of certificates that begins with a certificate issued by the trust anchor and ends with the target certificate. Successful path validation provides strong evidence that the information in the target certificate is trustworthy.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Patient Care Unit","link":"https://csrc.nist.gov/glossary/term/patient_care_unit","abbrSyn":[{"text":"PCU","link":"https://csrc.nist.gov/glossary/term/pcu"}],"definitions":null},{"term":"payload control center","link":"https://csrc.nist.gov/glossary/term/payload_control_center","abbrSyn":[{"text":"PCC","link":"https://csrc.nist.gov/glossary/term/pcc"}],"definitions":[{"text":"A facility that provides C2 for satellite payloads.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]},{"text":"A facility that provides C2 for satellite payloads.","sources":[{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under Payload Control Center "}]}]},{"term":"Payment Card Industry","link":"https://csrc.nist.gov/glossary/term/payment_card_industry","abbrSyn":[{"text":"PCI","link":"https://csrc.nist.gov/glossary/term/pci"}],"definitions":null},{"term":"Payment Card Industry Data Security Standard","link":"https://csrc.nist.gov/glossary/term/payment_card_industry_data_security_standard","abbrSyn":[{"text":"PCI DSS","link":"https://csrc.nist.gov/glossary/term/pci_dss"},{"text":"PCI-DSS"}],"definitions":[{"text":"An information security standard administered by the Payment Card Industry Security Standards Council that is for organizations that handle branded credit cards from the major card schemes.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"PBAC","link":"https://csrc.nist.gov/glossary/term/pbac","abbrSyn":[{"text":"Policy Based Access Control"}],"definitions":null},{"term":"PBKDF2","link":"https://csrc.nist.gov/glossary/term/pbkdf2","abbrSyn":[{"text":"Password-Based Key Derivation Function 2","link":"https://csrc.nist.gov/glossary/term/password_based_key_derivation_function_2"}],"definitions":null},{"term":"PBX","link":"https://csrc.nist.gov/glossary/term/pbx","abbrSyn":[{"text":"Private Branch Exchange","link":"https://csrc.nist.gov/glossary/term/private_branch_exchange"}],"definitions":null},{"term":"PC","link":"https://csrc.nist.gov/glossary/term/pc","abbrSyn":[{"text":"Personal Computer"},{"text":"Project Committee","link":"https://csrc.nist.gov/glossary/term/project_committee"}],"definitions":null},{"term":"PC/SC","link":"https://csrc.nist.gov/glossary/term/pc_sc","abbrSyn":[{"text":"Personal Computer / Smart Card"},{"text":"Personal Computer/Smart Card","link":"https://csrc.nist.gov/glossary/term/personal_computer_smart_card"}],"definitions":null},{"term":"PCAP","link":"https://csrc.nist.gov/glossary/term/pcap","abbrSyn":[{"text":"Packet Capture","link":"https://csrc.nist.gov/glossary/term/packet_capture"}],"definitions":null},{"term":"PCB","link":"https://csrc.nist.gov/glossary/term/pcb","abbrSyn":[{"text":"Printed Circuit Board","link":"https://csrc.nist.gov/glossary/term/printed_circuit_board"}],"definitions":null},{"term":"PCC","link":"https://csrc.nist.gov/glossary/term/pcc","abbrSyn":[{"text":"Payload Control Center"}],"definitions":[{"text":"A facility that provides C2 for satellite payloads.","sources":[{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under Payload Control Center "}]}]},{"term":"PCH","link":"https://csrc.nist.gov/glossary/term/pch","abbrSyn":[{"text":"Platform Controller Hub","link":"https://csrc.nist.gov/glossary/term/platform_controller_hub"}],"definitions":null},{"term":"PCI","link":"https://csrc.nist.gov/glossary/term/pci","abbrSyn":[{"text":"Payment Card Industry","link":"https://csrc.nist.gov/glossary/term/payment_card_industry"},{"text":"Peripheral Component Interconnect","link":"https://csrc.nist.gov/glossary/term/peripheral_component_interconnect"},{"text":"PIV Card Issuer","link":"https://csrc.nist.gov/glossary/term/piv_card_issuer"}],"definitions":null},{"term":"PCI DSS","link":"https://csrc.nist.gov/glossary/term/pci_dss","abbrSyn":[{"text":"Payment Card Industry Data Security Standard","link":"https://csrc.nist.gov/glossary/term/payment_card_industry_data_security_standard"},{"text":"Payment Card Industry Digital Security Standard"}],"definitions":[{"text":"An information security standard administered by the Payment Card Industry Security Standards Council that is for organizations that handle branded credit cards from the major card schemes.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Payment Card Industry Data Security Standard "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Payment Card Industry Data Security Standard "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Payment Card Industry Data Security Standard "}]}]},{"term":"PCI express","link":"https://csrc.nist.gov/glossary/term/pci_express","note":"(a more modern evolution of the PCI bus)","abbrSyn":[{"text":"PCIe","link":"https://csrc.nist.gov/glossary/term/pcie"}],"definitions":null},{"term":"PCIe","link":"https://csrc.nist.gov/glossary/term/pcie","abbrSyn":[{"text":"PCI express","link":"https://csrc.nist.gov/glossary/term/pci_express"},{"text":"Peripheral Component Interconnect Express","link":"https://csrc.nist.gov/glossary/term/peripheral_component_interconnect_express"},{"text":"President’s Council on Integrity and Efficiency","link":"https://csrc.nist.gov/glossary/term/presidents_council_on_integrity_and_efficiency"}],"definitions":null},{"term":"PCL","link":"https://csrc.nist.gov/glossary/term/pcl","abbrSyn":[{"text":"Product Compliant List"}],"definitions":null},{"term":"PCM","link":"https://csrc.nist.gov/glossary/term/pcm","abbrSyn":[{"text":"Positive Control Material"},{"text":"Privacy Continuous Monitoring","link":"https://csrc.nist.gov/glossary/term/privacy_continuous_monitoring"},{"text":"Privilege Certificate Manager"}],"definitions":null},{"term":"PCMCIA","link":"https://csrc.nist.gov/glossary/term/pcmcia","abbrSyn":[{"text":"Personal Computer Memory Card International Association","link":"https://csrc.nist.gov/glossary/term/personal_computer_memory_card_international_association"}],"definitions":null},{"term":"PCR","link":"https://csrc.nist.gov/glossary/term/pcr","abbrSyn":[{"text":"Platform Configuration Register","link":"https://csrc.nist.gov/glossary/term/platform_configuration_register"}],"definitions":null},{"term":"PCRF","link":"https://csrc.nist.gov/glossary/term/pcrf","abbrSyn":[{"text":"Policy and Charging Rules Function","link":"https://csrc.nist.gov/glossary/term/policy_and_charging_rules_function"}],"definitions":null},{"term":"PCS","link":"https://csrc.nist.gov/glossary/term/pcs","abbrSyn":[{"text":"Process Control System","link":"https://csrc.nist.gov/glossary/term/process_control_system"}],"definitions":null},{"term":"PCU","link":"https://csrc.nist.gov/glossary/term/pcu","abbrSyn":[{"text":"Patient Care Unit","link":"https://csrc.nist.gov/glossary/term/patient_care_unit"}],"definitions":null},{"term":"PCVT","link":"https://csrc.nist.gov/glossary/term/pcvt","abbrSyn":[{"text":"Platform Certificate Verification Tool","link":"https://csrc.nist.gov/glossary/term/platform_certificate_verification_tool"}],"definitions":null},{"term":"PDA","link":"https://csrc.nist.gov/glossary/term/pda","abbrSyn":[{"text":"Personal Digital Assistant"}],"definitions":null},{"term":"PDCP","link":"https://csrc.nist.gov/glossary/term/pdcp","abbrSyn":[{"text":"Packet Data Convergence Protocol","link":"https://csrc.nist.gov/glossary/term/packet_data_convergence_protocol"}],"definitions":null},{"term":"pdd","link":"https://csrc.nist.gov/glossary/term/pdd","abbrSyn":[{"text":"Palm data dump/duplicate disk","link":"https://csrc.nist.gov/glossary/term/palm_data_dump_duplicate_disk"}],"definitions":null},{"term":"PDF","link":"https://csrc.nist.gov/glossary/term/pdf","abbrSyn":[{"text":"Portable Data File","link":"https://csrc.nist.gov/glossary/term/portable_data_file"},{"text":"Portable Document File"},{"text":"Portable Document Format","link":"https://csrc.nist.gov/glossary/term/portable_document_format"}],"definitions":null},{"term":"PDN","link":"https://csrc.nist.gov/glossary/term/pdn","abbrSyn":[{"text":"Packet Data Network","link":"https://csrc.nist.gov/glossary/term/packet_data_network"}],"definitions":null},{"term":"PDP","link":"https://csrc.nist.gov/glossary/term/pdp","abbrSyn":[{"text":"Policy Decision Point"}],"definitions":null},{"term":"PDR","link":"https://csrc.nist.gov/glossary/term/pdr","abbrSyn":[{"text":"Preliminary Design Review","link":"https://csrc.nist.gov/glossary/term/preliminary_design_review"}],"definitions":null},{"term":"PDS","link":"https://csrc.nist.gov/glossary/term/pds","abbrSyn":[{"text":"Position Designation System","link":"https://csrc.nist.gov/glossary/term/position_designation_system"},{"text":"Protected Distribution System"}],"definitions":null},{"term":"PE","link":"https://csrc.nist.gov/glossary/term/pe","abbrSyn":[{"text":"Physical and Environmental","link":"https://csrc.nist.gov/glossary/term/physical_and_environmental"},{"text":"Physical and Environmental Protection","link":"https://csrc.nist.gov/glossary/term/physical_and_environmental_protection"},{"text":"Policy Engine","link":"https://csrc.nist.gov/glossary/term/policy_engine"},{"text":"Processor Element","link":"https://csrc.nist.gov/glossary/term/processor_element"}],"definitions":null},{"term":"PEAP","link":"https://csrc.nist.gov/glossary/term/peap","abbrSyn":[{"text":"Protected EAP","link":"https://csrc.nist.gov/glossary/term/protected_eap"},{"text":"Protected Extensible Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/protected_extensible_authentication_protocol"}],"definitions":null},{"term":"PEC","link":"https://csrc.nist.gov/glossary/term/pec","abbrSyn":[{"text":"Privacy Enhancing Cryptography"},{"text":"privacy-enhancing cryptography","link":"https://csrc.nist.gov/glossary/term/privacy_enhancing_cryptography"}],"definitions":null},{"term":"PED","link":"https://csrc.nist.gov/glossary/term/ped","abbrSyn":[{"text":"Personal Information Number Entry Device"},{"text":"PIN Entry Device","link":"https://csrc.nist.gov/glossary/term/pin_entry_device"},{"text":"Portable Electronic Device"}],"definitions":[{"text":"An electronic device used in a debit, credit, or smart card-based transaction to accept and encrypt the cardholder's personal identification number.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under PIN Entry Device "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under PIN Entry Device "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Personal Information Number Entry Device "}]}]},{"term":"pedigree","link":"https://csrc.nist.gov/glossary/term/pedigree","definitions":[{"text":"The validation of the composition and provenance of technologies, products, and services is referred to as the pedigree. For microelectronics, this includes material composition of components. For software this includes the composition of open source and proprietary code, including the version of the component at a given point in time. Pedigrees increase the assurance that the claims suppliers assert about the internal composition and provenance of the products, services, and technologies they provide are valid.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"peer entity authentication","link":"https://csrc.nist.gov/glossary/term/peer_entity_authentication","definitions":[{"text":"The process of verifying that a peer entity in an association is as claimed.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"peer entity authentication service","link":"https://csrc.nist.gov/glossary/term/peer_entity_authentication_service","definitions":[{"text":"A security service that verifies an identity claimed by or for a system entity in an association.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}],"seeAlso":[{"text":"data origin authentication","link":"data_origin_authentication"}]},{"term":"Peers","link":"https://csrc.nist.gov/glossary/term/peers","definitions":[{"text":"Entities at the same tier in a CKMS hierarchy (e.g., all peers are client nodes).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Peer-to-Peer","link":"https://csrc.nist.gov/glossary/term/peer_to_peer","abbrSyn":[{"text":"P2P","link":"https://csrc.nist.gov/glossary/term/p2p"}],"definitions":null},{"term":"PEF","link":"https://csrc.nist.gov/glossary/term/pef","abbrSyn":[{"text":"Protected Execution Facility","link":"https://csrc.nist.gov/glossary/term/protected_execution_facility"}],"definitions":null},{"term":"PEI","link":"https://csrc.nist.gov/glossary/term/pei","abbrSyn":[{"text":"Pre-EFI Initialization","link":"https://csrc.nist.gov/glossary/term/pre_efi_initialization"}],"definitions":null},{"term":"PEM","link":"https://csrc.nist.gov/glossary/term/pem","abbrSyn":[{"text":"Privacy Enhanced Mail","link":"https://csrc.nist.gov/glossary/term/privacy_enhanced_mail"}],"definitions":null},{"term":"Pending transaction pool","link":"https://csrc.nist.gov/glossary/term/pending_transaction_pool","definitions":[{"text":"A distributed queue where candidate transactions wait until they are added to the blockchain. Also known as memory pool, or mempool.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"penetration","link":"https://csrc.nist.gov/glossary/term/penetration","abbrSyn":[{"text":"intrusion","link":"https://csrc.nist.gov/glossary/term/intrusion"}],"definitions":[{"text":"A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having authorization to do so.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under intrusion ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"See intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"penetration testing","link":"https://csrc.nist.gov/glossary/term/penetration_testing","definitions":[{"text":"Testing used in vulnerability analysis for vulnerability assessment, trying to reveal vulnerabilities of the system based on the information about the system gathered during the relevant evaluation activities.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 19989-3:2020","link":"https://www.iso.org/standard/73721.html"}]}]},{"text":"A method of testing where testers target individual binary components or the application as a whole to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Penetration Testing ","refSources":[{"text":"DHS Security in the Software Lifecycle","link":"https://buildsecurityin.us-cert.gov"}]}]},{"text":"A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Penetration Testing ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Penetration Testing "}]},{"text":"A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Penetration Testing ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Penetration Testing "}]},{"text":"Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115","underTerm":" under Penetration Testing "}]},{"text":"Testing that verifies the extent to which a system, device or process resists active attempts to compromise its security.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Penetration testing "}]},{"text":"A test methodology intended to circumvent the security function of a system. \nNote: Penetration testing may leverage system documentation (e.g., system design, source code, manuals) and is conducted within specific constraints. Some penetration test methods use brute force techniques.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A test methodology intended to circumvent the security function of a system.\nNote: Penetration testing may leverage system documentation (e.g., system design, source code, manuals) and is conducted within specific constraints. Some penetration test methods use brute force techniques.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"penetration-resistant architecture","link":"https://csrc.nist.gov/glossary/term/penetration_resistant_architecture","abbrSyn":[{"text":"PRA","link":"https://csrc.nist.gov/glossary/term/pra"}],"definitions":[{"text":"An architecture that uses technology and procedures to limit the opportunities for an adversary to compromise an organizational system and to achieve a persistent presence in the system.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"PEP","link":"https://csrc.nist.gov/glossary/term/pep","abbrSyn":[{"text":"Policy Enforcement Point"},{"text":"Privacy Engineering Program","link":"https://csrc.nist.gov/glossary/term/privacy_engineering_program"}],"definitions":[{"text":"A network device on which policy decisions are carried out or enforced.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Policy Enforcement Point "}]}]},{"term":"PERA","link":"https://csrc.nist.gov/glossary/term/pera","abbrSyn":[{"text":"Purdue Enterprise Reference Architecture","link":"https://csrc.nist.gov/glossary/term/purdue_enterprise_reference_architecture"}],"definitions":null},{"term":"per-call key","link":"https://csrc.nist.gov/glossary/term/per_call_key","definitions":[{"text":"Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See cooperative key generation (CKG).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"cooperative key generation (CKG)","link":"cooperative_key_generation"}]},{"term":"Perceived Target Value","link":"https://csrc.nist.gov/glossary/term/perceived_target_value","definitions":[{"text":"measures the likelihood of attack using the misuse vulnerability in an environment relative to vulnerable systems in other environments.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Perfect Forward Secrecy (PFS)","link":"https://csrc.nist.gov/glossary/term/perfect_forward_secrecy","abbrSyn":[{"text":"PFS","link":"https://csrc.nist.gov/glossary/term/pfs"}],"definitions":[{"text":"An option available during quick mode that causes a new shared secret to be created through a Diffie-Hellman exchange for each IPsec SA.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Perfect Forward Secrecy "}]},{"text":"An option that causes a new secret key to be created and shared through a new Diffie-Hellman key exchange for each IPsec SA. This provides protection against the use of compromised old keys that could be used to attack the newer derived keys still in use for integrity and confidentiality protection.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Performance Improvement Council","link":"https://csrc.nist.gov/glossary/term/performance_improvement_council","abbrSyn":[{"text":"PIC","link":"https://csrc.nist.gov/glossary/term/pic"}],"definitions":null},{"term":"performance reference model (PRM)","link":"https://csrc.nist.gov/glossary/term/performance_reference_model","abbrSyn":[{"text":"PRM","link":"https://csrc.nist.gov/glossary/term/prm"}],"definitions":[{"text":"Framework for performance measurement providing common output measurements throughout the Federal Government. It allows agencies to better manage the business of government at a strategic level by providing a means for using an agency’s enterprise architecture (EA) to measure the success of information systems investments and their impact on strategic outcomes.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Performance-Based","link":"https://csrc.nist.gov/glossary/term/performance_based","definitions":[{"text":"a method for designing learning objectives based on behavioraloutcomes, rather than on content that provides benchmarks for evaluating learning effectiveness.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"perimeter","link":"https://csrc.nist.gov/glossary/term/perimeter","note":"(C.F.D.)","definitions":[{"text":"1. Encompasses all those components of the system that are to be accredited by the DAA, and excludes separately accredited systems to which the system is connected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. Encompasses all those components of the system or network for which a body of evidence is provided in support of a formal approval to operate. \nRationale: Listed for deletion in 2010 version of CNSS 4009.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Period of protection","link":"https://csrc.nist.gov/glossary/term/period_of_protection","definitions":[{"text":"The period of time during which the integrity and/or confidentiality of a key needs to be maintained.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The period of time during which the integrity or confidentiality of a key needs to be maintained.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Periodic Template Test","link":"https://csrc.nist.gov/glossary/term/periodic_template_test","definitions":[{"text":"The purpose of this test is to reject sequences that show deviations from the expected number of runs of ones of a given length.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"periods processing","link":"https://csrc.nist.gov/glossary/term/periods_processing","definitions":[{"text":"2. A method of sequential operation of an information system (IS) that provides the capability to process information at various levels of sensitivity at distinctly different times.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD 5220.22-M","link":"https://www.esd.whs.mil/Directives/issuances/dodm/"}]}]},{"text":"1. A mode of system operation in which information of different sensitivities is processed at distinctly different times by the same system, with the system being properly purged or sanitized between periods.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A mode of system operation in which information of different sensitivities is processed at distinctly different times by the same system with the system being properly purged or sanitized between periods.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Peripheral Component Interconnect","link":"https://csrc.nist.gov/glossary/term/peripheral_component_interconnect","abbrSyn":[{"text":"PCI","link":"https://csrc.nist.gov/glossary/term/pci"}],"definitions":null},{"term":"Peripheral Component Interconnect Express","link":"https://csrc.nist.gov/glossary/term/peripheral_component_interconnect_express","abbrSyn":[{"text":"PCIe","link":"https://csrc.nist.gov/glossary/term/pcie"}],"definitions":null},{"term":"perishable data","link":"https://csrc.nist.gov/glossary/term/perishable_data","definitions":[{"text":"Information whose value can decrease substantially during a specified time. A significant decrease in value occurs when the operational circumstances change to the extent that the information is no longer useful.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Permalock","link":"https://csrc.nist.gov/glossary/term/permalock","definitions":[{"text":"A security feature that makes the lock status of an area of memory permanent. If the area of memory is locked and permalocked, then that area is permanently locked. If the area of memory is unlocked and permalocked, then that area is permanently unlocked.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"permanent connection","link":"https://csrc.nist.gov/glossary/term/permanent_connection","definitions":[{"text":"A perpetual communication channel. Permanent connections are most often made via a dedicated circuit.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"Per-message secret number","link":"https://csrc.nist.gov/glossary/term/per_message_secret_number","definitions":[{"text":"A secret random number that is generated prior to the generation of each digital signature.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Permission","link":"https://csrc.nist.gov/glossary/term/permission","definitions":[{"text":"Authorization to perform some action on a system.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Permissioned","link":"https://csrc.nist.gov/glossary/term/permissioned","definitions":[{"text":"A system where every node, and every user must be granted permissions to utilize the system (generally assigned by an administrator or consortium).","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]}]},{"term":"Permissionless","link":"https://csrc.nist.gov/glossary/term/permissionless","definitions":[{"text":"A system where all users’ permissions are equal and not set by any administrator or consortium.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]}]},{"term":"Permissions","link":"https://csrc.nist.gov/glossary/term/permissions","definitions":[{"text":"Allowable user actions (e.g., read, write, execute).","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]}]},{"term":"Permutation","link":"https://csrc.nist.gov/glossary/term/permutation","definitions":[{"text":"An ordered (re)arrangement of the elements of a (finite) set; a function that is both a one-to-one and onto mapping of a set to itself.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"An invertible function.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"},{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"Person","link":"https://csrc.nist.gov/glossary/term/person","definitions":[{"text":"Any person considered as an asset by the management domain.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Person Identifier, a field in the FASC-N","link":"https://csrc.nist.gov/glossary/term/person_identifier_a_field_in_the_fasc_n","abbrSyn":[{"text":"PI","link":"https://csrc.nist.gov/glossary/term/pi"}],"definitions":null},{"term":"Person in the Middle","link":"https://csrc.nist.gov/glossary/term/person_in_the_middle","abbrSyn":[{"text":"PITM","link":"https://csrc.nist.gov/glossary/term/pitm"}],"definitions":null},{"term":"persona","link":"https://csrc.nist.gov/glossary/term/persona","definitions":[{"text":"2. In military cyberspace operations, an abstraction of logical cyberspace with digital representations of individuals or entities in cyberspace, used to enable analysis and targeting. May be associated with a single or multiple entities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD JP 3-12","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"1. An electronic identity that can be unambiguously associated with a single person or non-person entity (NPE). A single person or NPE may have multiple personas, with each persona being managed by the same or different organizations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICTS UIAS v2","link":"https://www.odni.gov/files/documents/CIO/ICEA/IC_Tech_Spec_Attributes_V2_Final_PUBLIC.pdf"}]}]}]},{"term":"Personal accountability","link":"https://csrc.nist.gov/glossary/term/personal_accountability","definitions":[{"text":"A policy that requires that every person who accesses sensitive information be held accountable for his or her actions. A method for identity authentication is required.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Personal Area Network","link":"https://csrc.nist.gov/glossary/term/personal_area_network","abbrSyn":[{"text":"PAN","link":"https://csrc.nist.gov/glossary/term/pan"}],"definitions":null},{"term":"Personal Authorization","link":"https://csrc.nist.gov/glossary/term/personal_authorization","abbrSyn":[{"text":"PA","link":"https://csrc.nist.gov/glossary/term/pa"}],"definitions":null},{"term":"Personal Computer Memory Card International Association","link":"https://csrc.nist.gov/glossary/term/personal_computer_memory_card_international_association","abbrSyn":[{"text":"PCMCIA","link":"https://csrc.nist.gov/glossary/term/pcmcia"}],"definitions":null},{"term":"Personal Computer/Smart Card","link":"https://csrc.nist.gov/glossary/term/personal_computer_smart_card","abbrSyn":[{"text":"PC/SC","link":"https://csrc.nist.gov/glossary/term/pc_sc"}],"definitions":null},{"term":"Personal Digital Assistant (PDA)","link":"https://csrc.nist.gov/glossary/term/personal_digital_assistant","abbrSyn":[{"text":"PDA","link":"https://csrc.nist.gov/glossary/term/pda"}],"definitions":[{"text":"A handheld computer that serves as a tool for reading and conveying documents, electronic mail, and other electronic media over a communications link, as well as for organizing personal information, such as a name-and-address database, a to-do list, and an appointment calendar.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A handheld computer that serves as a tool for reading and conveying documents, electronic mail, and other electronic media over a communications link, and for organizing personal information, such as a name-and-address database, a to-do list, and an appointment calendar.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Personal Firewall","link":"https://csrc.nist.gov/glossary/term/personal_firewall","definitions":[{"text":"A software application residing on a client device that increases device security by offering some protection against unwanted network connections initiated by other hosts. Personal firewalls may be client managed or centrally managed.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Personal firewall "}]},{"text":"A software-based firewall installed on a desktop or laptop computer to monitor and control its incoming and outgoing network traffic.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]},{"text":"A utility on a computer that monitors network activity and blocks communications that are unauthorized.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]"}]},{"text":"A software program that monitors communications between a PC and other computers and blocks communications that are unwanted.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]"}]}]},{"term":"Personal Firewall Appliance","link":"https://csrc.nist.gov/glossary/term/personal_firewall_appliance","definitions":[{"text":"A device that performs functions similar to a personal firewall for a group of computers on a home network.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Personal Health Information","link":"https://csrc.nist.gov/glossary/term/personal_health_information","abbrSyn":[{"text":"PHI","link":"https://csrc.nist.gov/glossary/term/phi"}],"definitions":null},{"term":"Personal Health Records","link":"https://csrc.nist.gov/glossary/term/personal_health_records","abbrSyn":[{"text":"PHR","link":"https://csrc.nist.gov/glossary/term/phr"}],"definitions":null},{"term":"personal identification number (PIN)","link":"https://csrc.nist.gov/glossary/term/personal_identification_number","abbrSyn":[{"text":"PIN","link":"https://csrc.nist.gov/glossary/term/pin"}],"definitions":[{"text":"A numeric secret that a cardholder memorizes and uses as part of authenticating their identity.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Personal Identification Number (PIN) "}]},{"text":"A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"}]},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Personal Identification Number (PIN) "}]},{"text":"A memorized secret typically consisting of only decimal digits.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Personal Identification Number "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Personal Identification Number "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Personal Identification Number (PIN) "}]},{"text":"A secret number that a cardholder memorizes and uses to authenticate his or her identity as part of multifactor authentication.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under personal identification number "}]},{"text":"A password consisting only of decimal digits.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Personal Identification Number (PIN) "}]}]},{"term":"Personal Identification Verification","link":"https://csrc.nist.gov/glossary/term/personal_identification_verification","abbrSyn":[{"text":"PIV","link":"https://csrc.nist.gov/glossary/term/piv"}],"definitions":null},{"term":"personal identity verification (PIV)","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification","abbrSyn":[{"text":"PIV","link":"https://csrc.nist.gov/glossary/term/piv"}],"definitions":[{"text":"A physical artifact (e.g., identity card, “smart” card) issued to a government individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable). PIV requirements are defined in FIPS PUB 201.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Personal Identity Verification (PIV) "}]}]},{"term":"personal identity verification (PIV) authorization","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification_authorization","definitions":[{"text":"The official management decision to authorize operation of a PIV Card Issuer after determining that the Issuer’s reliability has satisfactorily been established through appropriate assessment and certification processes.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"personal identity verification (PIV) authorizing official","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification_authorizing_official","definitions":[{"text":"An individual who can act on behalf of an agency to authorize the issuance of a credential to an applicant.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"personal identity verification (PIV) card","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification_card","definitions":[{"text":"A physical artifact (e.g., identity card, “smart” card) issued to an individual that contains a PIV Card application that stores identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Personal Identity Verification (PIV) Card "}]},{"text":"A physical artifact (e.g., identity card, “smart” card) issued to an individual, which contains a PIV Card application that stores indentity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against stored credentials by another person (human-readable and -verifiable) or an automated process (computer-readable and -verifiable).","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under personal identity verification (card) "}]},{"text":"A physical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so the claimed identity of the cardholder may be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 201-1","link":"/publications/detail/fips/201/1/archive/2006-06-23"},{"text":"CNSSI No. 1300"}]}]},{"text":"Defined by [FIPS 201] as a physical artifact (e.g., identity card, smart card) issued to federal employees and contractors that contains stored credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Personal Identity Verification (PIV) Card "}]},{"text":"A physical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Personal Identity Verification (PIV) Card "}]}]},{"term":"Personal Identity Verification (PIV) Identity Account","link":"https://csrc.nist.gov/glossary/term/piv_identity_account","definitions":[{"text":"The logical record containing credentialing information for a given PIV cardholder. This is stored within the issuer’s identity management system and includes PIV enrollment data, cardholder identity attributes, and information regarding the cardholder’s PIV Card and any derived PIV credentials bound to the account.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Personal Identity Verification-Interoperable","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification_interoperable","abbrSyn":[{"text":"PIV-I","link":"https://csrc.nist.gov/glossary/term/piv_i"}],"definitions":null},{"term":"Personal Information","link":"https://csrc.nist.gov/glossary/term/personal_information","abbrSyn":[{"text":"personal data","link":"https://csrc.nist.gov/glossary/term/personal_data"},{"text":"Personally Identifiable Information"}],"definitions":[{"text":"Any information relating to an identified or identifiable natural person (data subject).","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under personal data ","refSources":[{"text":"ISO/TS 25237:2008"}]}]},{"text":"Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"See Personally Identifiable Information.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"OMB Memorandum 07-16","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/fy2007/m07-16.pdf"}]}]},{"text":"any information relating to an identified or identifiable natural person (data subject)","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under personal data ","refSources":[{"text":"ISO/TS 25237:2008"}]}]},{"text":"Any information about an individual that can be used to distinguish or trace an individual's identify and any other information that is linked or linkable to an individual.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"Personal Information Management","link":"https://csrc.nist.gov/glossary/term/personal_information_management","abbrSyn":[{"text":"PIM","link":"https://csrc.nist.gov/glossary/term/pim"}],"definitions":[{"text":"data types such as contacts, calendar entries, tasks, notes, memos and email that may be synchronized from PC to device and vice-versa.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Personal Information Management (PIM) Applications","link":"https://csrc.nist.gov/glossary/term/personal_information_management_applications","definitions":[{"text":"A core set of applications that provide the electronic equivalents of such items as an agenda, address book, notepad, and reminder list.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"A core set of applications that provide the electronic equivalents of an agenda, address book, notepad, and business card holder.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Personal Information Management (PIM) Data","link":"https://csrc.nist.gov/glossary/term/personal_information_management_data","definitions":[{"text":"The set of data types such as contacts, calendar entries, phonebook entries, notes, memos, and reminders maintained on a device, which may be synchronized with a personal computer.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Personal Profile Application","link":"https://csrc.nist.gov/glossary/term/personal_profile_application","abbrSyn":[{"text":"PPA","link":"https://csrc.nist.gov/glossary/term/ppa"}],"definitions":null},{"term":"Personal Protective Equipment","link":"https://csrc.nist.gov/glossary/term/personal_protective_equipment","abbrSyn":[{"text":"PPE","link":"https://csrc.nist.gov/glossary/term/ppe"}],"definitions":null},{"term":"Personalization String","link":"https://csrc.nist.gov/glossary/term/personalization_string","definitions":[{"text":"An optional string of bits that is combined with a secret entropy input and (possibly) a nonce to produce a seed.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"personally identifiable information processing","link":"https://csrc.nist.gov/glossary/term/personally_identifiable_information_processing","definitions":[{"text":"An operation or set of operations performed upon personally identifiable information that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of personally identifiable information.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"ISO/IEC 29100:2011 (E)","link":"https://www.iso.org/standard/45123.html","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"ISO/IEC 29100:2011 (E)","link":"https://www.iso.org/standard/45123.html"}]}]}]},{"term":"personally identifiable information processing permissions","link":"https://csrc.nist.gov/glossary/term/personally_identifiable_information_processing_permissions","definitions":[{"text":"The requirements for how personally identifiable information can be processed or the conditions under which personally identifiable information can be processed.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"personnel registration manager","link":"https://csrc.nist.gov/glossary/term/personnel_registration_manager","definitions":[{"text":"The management role that is responsible for registering human users, i.e., users that are people.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"personnel security","link":"https://csrc.nist.gov/glossary/term/personnel_security","abbrSyn":[{"text":"PS","link":"https://csrc.nist.gov/glossary/term/ps"}],"definitions":[{"text":"The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities requiring trustworthiness.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities that require trustworthiness.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Personnel-security compromise","link":"https://csrc.nist.gov/glossary/term/personnel_security_compromise","definitions":[{"text":"The accidental or intentional action of any person that reduces the security of the FCKMS and/or compromises any of its keys and sensitive metadata.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"PES","link":"https://csrc.nist.gov/glossary/term/pes","abbrSyn":[{"text":"IEEE Power & Energy Society","link":"https://csrc.nist.gov/glossary/term/ieee_power_and_energy_society"}],"definitions":null},{"term":"PET","link":"https://csrc.nist.gov/glossary/term/pet","abbrSyn":[{"text":"Positron Emission Tomography","link":"https://csrc.nist.gov/glossary/term/positron_emission_tomography"}],"definitions":null},{"term":"PETE","link":"https://csrc.nist.gov/glossary/term/pete","abbrSyn":[{"text":"Potential Efforts on Threat Events","link":"https://csrc.nist.gov/glossary/term/potential_efforts_on_threat_events"}],"definitions":null},{"term":"PFF","link":"https://csrc.nist.gov/glossary/term/pff","abbrSyn":[{"text":"Palm File Format","link":"https://csrc.nist.gov/glossary/term/palm_file_format"}],"definitions":null},{"term":"PFR","link":"https://csrc.nist.gov/glossary/term/pfr","abbrSyn":[{"text":"Platform Firmware Resilience","link":"https://csrc.nist.gov/glossary/term/platform_firmware_resilience"}],"definitions":null},{"term":"PFS","link":"https://csrc.nist.gov/glossary/term/pfs","abbrSyn":[{"text":"parallel file system","link":"https://csrc.nist.gov/glossary/term/parallel_file_system"},{"text":"Perfect Forward Secrecy"}],"definitions":[{"text":"An option available during quick mode that causes a new shared secret to be created through a Diffie-Hellman exchange for each IPsec SA.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Perfect Forward Secrecy "}]}]},{"term":"PGP","link":"https://csrc.nist.gov/glossary/term/pgp","abbrSyn":[{"text":"Pretty Good Privacy","link":"https://csrc.nist.gov/glossary/term/pretty_good_privacy"}],"definitions":null},{"term":"PGP/OpenPGP","link":"https://csrc.nist.gov/glossary/term/pgp_openpgp","abbrSyn":[{"text":"Pretty Good Privacy","link":"https://csrc.nist.gov/glossary/term/pretty_good_privacy"}],"definitions":null},{"term":"P-GW","link":"https://csrc.nist.gov/glossary/term/p_gw","abbrSyn":[{"text":"Packet Gateway","link":"https://csrc.nist.gov/glossary/term/packet_gateway"}],"definitions":null},{"term":"PHA","link":"https://csrc.nist.gov/glossary/term/pha","abbrSyn":[{"text":"Potentially Harmful Application","link":"https://csrc.nist.gov/glossary/term/potentially_harmful_application"},{"text":"Process Hazard Analysis","link":"https://csrc.nist.gov/glossary/term/process_hazard_analysis"}],"definitions":null},{"term":"Pharming","link":"https://csrc.nist.gov/glossary/term/pharming","definitions":[{"text":"Using technical means to redirect users into accessing a fake Web site masquerading as a legitimate one and divulging personal information.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"An attack in which an attacker corrupts an infrastructure service such as DNS (Domain Name System) causing the subscriber to be misdirected to a forged verifier/RP, which could cause the subscriber to reveal sensitive information, download harmful software, or contribute to a fraudulent act.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An attack in which an Attacker corrupts an infrastructure service such as DNS (Domain Name Service) causing the Subscriber to be misdirected to a forged Verifier/RP, which could cause the Subscriber to reveal sensitive information, download harmful software or contribute to a fraudulent act.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"phase","link":"https://csrc.nist.gov/glossary/term/phase","definitions":[{"text":"The position of a point in time (instant) on a waveform cycle. A complete cycle is defined as the interval required for the waveform to retain its arbitrary initial value.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"phenomenologies","link":"https://csrc.nist.gov/glossary/term/phenomenologies","definitions":[{"text":"Physical phenomena such as radio frequencies, inertial sensors, and scene mapping, as well as diverse sources and data paths using those physical phenomena (e.g., multiple radio frequencies) to provide interchangeable solutions to users to ensure robust availability.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"PHI","link":"https://csrc.nist.gov/glossary/term/phi","abbrSyn":[{"text":"Personal Health Information","link":"https://csrc.nist.gov/glossary/term/personal_health_information"},{"text":"protected health information"},{"text":"Protected Health Information"}],"definitions":[{"text":"Individually identifiable health information: (1) Except as provided in paragraph (2) of this definition, that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium. (2) Protected health information excludes individually identifiable health information in: (i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 USC. 1232g; (ii) Records described at 20 USC. 1232g(a)(4)(B)(iv); and (iii) Employment records held by a covered entity in its role as employer.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under protected health information ","refSources":[{"text":"HIPAA Privacy Rule","link":"https://www.hhs.gov/hipaa/for-professionals/privacy/index.html"}]}]},{"text":"

Individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:

(i) Transmitted by electronic media;

(ii) Maintained in electronic media; or

(iii) Transmitted or maintained in any other form or medium.

(2) Protected health information excludes individually identifiable health information:

(i) In education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;

(ii) In records described at 20 U.S.C. 1232g(a)(4)(B)(iv);

(iii) In employment records held by a covered entity in its role as employer; and

(iv) Regarding a person who has been deceased for more than 50 years.

","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","underTerm":" under protected health information ","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §160.103"}]}]},{"text":"individually identifiable health information (1) Except as provided in paragraph (2) of this definition, that is (i) Transmitted by electronic media; Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium. (2) Protected health information excludes individually identifiable health information in (i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and Employment records held by a covered entity in its role as employer.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under protected health information ","refSources":[{"text":"45 C.F.R., Sec. 164.514(e)2","link":"https://www.ecfr.gov/cgi-bin/text-idx?SID=d58ee03911368bcac9cfab008b5152f9&mc=true&node=se45.2.164_1514&rgn=div8"}]}]}]},{"term":"PHM4SM","link":"https://csrc.nist.gov/glossary/term/phm4sm","abbrSyn":[{"text":"Prognostics and Health Management for Reliable Operations in Smart Manufacturing","link":"https://csrc.nist.gov/glossary/term/prognostics_health_mgmt_for_reliable_ops_in_smart_mfg"}],"definitions":null},{"term":"PHMSA","link":"https://csrc.nist.gov/glossary/term/phmsa","abbrSyn":[{"text":"Pipeline and Hazardous Materials Safety Administration","link":"https://csrc.nist.gov/glossary/term/pipeline_and_hazardous_materials_safety_admin"}],"definitions":null},{"term":"PHP","link":"https://csrc.nist.gov/glossary/term/php","abbrSyn":[{"text":"Hypertext Preprocessor","link":"https://csrc.nist.gov/glossary/term/hypertext_preprocessor"},{"text":"PHP Hypertext Preprocessor","link":"https://csrc.nist.gov/glossary/term/php_hypertext_preprocessor"}],"definitions":null},{"term":"PHP Hypertext Preprocessor","link":"https://csrc.nist.gov/glossary/term/php_hypertext_preprocessor","abbrSyn":[{"text":"PHP","link":"https://csrc.nist.gov/glossary/term/php"}],"definitions":null},{"term":"PHR","link":"https://csrc.nist.gov/glossary/term/phr","abbrSyn":[{"text":"Personal Health Records","link":"https://csrc.nist.gov/glossary/term/personal_health_records"}],"definitions":null},{"term":"PHY","link":"https://csrc.nist.gov/glossary/term/phy","abbrSyn":[{"text":"Physical Access","link":"https://csrc.nist.gov/glossary/term/physical_access"},{"text":"Physical Layer","link":"https://csrc.nist.gov/glossary/term/physical_layer"}],"definitions":null},{"term":"Physical Access","link":"https://csrc.nist.gov/glossary/term/physical_access","abbrSyn":[{"text":"PHY","link":"https://csrc.nist.gov/glossary/term/phy"}],"definitions":null},{"term":"Physical Access Control","link":"https://csrc.nist.gov/glossary/term/physical_access_control","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"physical access control system","link":"https://csrc.nist.gov/glossary/term/physical_access_control_system","abbrSyn":[{"text":"PACS","link":"https://csrc.nist.gov/glossary/term/pacs"}],"definitions":[{"text":"An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Physical Access Control System ","refSources":[{"text":"FICAM Roadmap and IG","link":"https://arch.idmanagement.gov/"}]}]},{"text":"An electronic system that controls the ability of people or vehicles to enter a protected area by means of authentication and authorization at access control points.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-116 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-116r1"}]}]}]},{"term":"Physical Address Space","link":"https://csrc.nist.gov/glossary/term/physical_address_space","abbrSyn":[{"text":"PAS","link":"https://csrc.nist.gov/glossary/term/pas"}],"definitions":null},{"term":"Physical and Environmental","link":"https://csrc.nist.gov/glossary/term/physical_and_environmental","abbrSyn":[{"text":"PE","link":"https://csrc.nist.gov/glossary/term/pe"}],"definitions":null},{"term":"Physical and Environmental Protection","link":"https://csrc.nist.gov/glossary/term/physical_and_environmental_protection","abbrSyn":[{"text":"PE","link":"https://csrc.nist.gov/glossary/term/pe"}],"definitions":null},{"term":"Physical Destruction","link":"https://csrc.nist.gov/glossary/term/physical_destruction","definitions":[{"text":"A Sanitization method for media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Physical Identifier","link":"https://csrc.nist.gov/glossary/term/physical_identifier","definitions":[{"text":"A device identifier that is expressed physically by the device (e.g., printed onto a device’s housing, displayed on a device’s screen).","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A"}]}]},{"term":"Physical Layer","link":"https://csrc.nist.gov/glossary/term/physical_layer","abbrSyn":[{"text":"PHY","link":"https://csrc.nist.gov/glossary/term/phy"}],"definitions":null},{"term":"Physical Measurement Laboratory","link":"https://csrc.nist.gov/glossary/term/physical_measurement_laboratory","abbrSyn":[{"text":"PML","link":"https://csrc.nist.gov/glossary/term/pml"}],"definitions":null},{"term":"Physical Network Interface Card","link":"https://csrc.nist.gov/glossary/term/physical_network_interface_card","abbrSyn":[{"text":"pNIC","link":"https://csrc.nist.gov/glossary/term/pnic"}],"definitions":null},{"term":"Physical partitioning","link":"https://csrc.nist.gov/glossary/term/physical_partitioning","definitions":[{"text":"The hypervisor assigning separate physical resources to each guest OS.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"Physical Security","link":"https://csrc.nist.gov/glossary/term/physical_security","abbrSyn":[{"text":"PS","link":"https://csrc.nist.gov/glossary/term/ps"}],"definitions":null},{"term":"physically protected space (PPS)","link":"https://csrc.nist.gov/glossary/term/physically_protected_space","abbrSyn":[{"text":"PPS","link":"https://csrc.nist.gov/glossary/term/pps"}],"definitions":[{"text":"A space inside one physically protected perimeter. Separate areas of equal protection may be considered part of the same PPS if the communication links between them are provided sufficient physical protection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 5002","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Physical-security compromise","link":"https://csrc.nist.gov/glossary/term/physical_security_compromise","definitions":[{"text":"The unauthorized access to sensitive data, hardware, and/or software by physical means.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"PI","link":"https://csrc.nist.gov/glossary/term/pi","abbrSyn":[{"text":"Pandemic Influenza","link":"https://csrc.nist.gov/glossary/term/pandemic_influenza"},{"text":"Person Identifier, a field in the FASC-N","link":"https://csrc.nist.gov/glossary/term/person_identifier_a_field_in_the_fasc_n"},{"text":"Process Information","link":"https://csrc.nist.gov/glossary/term/process_information"}],"definitions":null},{"term":"PIA","link":"https://csrc.nist.gov/glossary/term/pia","abbrSyn":[{"text":"privacy impact assessment"},{"text":"Privacy Impact Assessment"},{"text":"Privacy Impact Assessments","link":"https://csrc.nist.gov/glossary/term/privacy_impact_assessments"}],"definitions":[{"text":"An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Privacy Impact Assessment ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Privacy Impact Assessment ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]}]}]},{"term":"PIC","link":"https://csrc.nist.gov/glossary/term/pic","abbrSyn":[{"text":"Performance Improvement Council","link":"https://csrc.nist.gov/glossary/term/performance_improvement_council"}],"definitions":null},{"term":"Piconet","link":"https://csrc.nist.gov/glossary/term/piconet","definitions":[{"text":"A small Bluetooth network created on an ad hoc basis that includes two or more devices.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"Picture Archiving and Communication System","link":"https://csrc.nist.gov/glossary/term/picture_archiving_and_communication_system","abbrSyn":[{"text":"PACS","link":"https://csrc.nist.gov/glossary/term/pacs"}],"definitions":null},{"term":"PID","link":"https://csrc.nist.gov/glossary/term/pid","abbrSyn":[{"text":"Process ID","link":"https://csrc.nist.gov/glossary/term/process_id"},{"text":"Proportional Integral Derivative","link":"https://csrc.nist.gov/glossary/term/proportional_integral_derivative"},{"text":"Proportional-Integral-Derivative"}],"definitions":null},{"term":"PII","link":"https://csrc.nist.gov/glossary/term/pii","abbrSyn":[{"text":"personally identifiable information","link":"https://csrc.nist.gov/glossary/term/personally_identifiable_information"},{"text":"Personally Identifiable Information"}],"definitions":[{"text":"Personally Identifiable Information; Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","refSources":[{"text":"EGovAct","link":"https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf"}]}]},{"text":"Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under personally identifiable information ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under personally identifiable information ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under personally identifiable information ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under personally identifiable information ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under personally identifiable information ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"OMB Memorandum 07-16","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/fy2007/m07-16.pdf"}]}]},{"text":"Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under personally identifiable information ","refSources":[{"text":"GAO Report 08-536","link":"https://www.gao.gov/new.items/d08536.pdf"},{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under personally identifiable information ","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]},{"text":"Any information about an individual that can be used to distinguish or trace an individual's identify and any other information that is linked or linkable to an individual.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Personally Identifiable Information ","refSources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]}]},{"term":"PII Confidentiality Impact Level","link":"https://csrc.nist.gov/glossary/term/pii_confidentiality_impact_level","definitions":[{"text":"The PII confidentiality impact level—low, moderate, or high— indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]},{"term":"PII Processing","link":"https://csrc.nist.gov/glossary/term/pii_processing","definitions":[{"text":"An operation or set of operations performed upon PII that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of PII.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"PIM","link":"https://csrc.nist.gov/glossary/term/pim","abbrSyn":[{"text":"Personal Information Management","link":"https://csrc.nist.gov/glossary/term/personal_information_management"}],"definitions":[{"text":"data types such as contacts, calendar entries, tasks, notes, memos and email that may be synchronized from PC to device and vice-versa.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Personal Information Management "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Personal Information Management "}]}]},{"term":"PIN","link":"https://csrc.nist.gov/glossary/term/pin","abbrSyn":[{"text":"personal identification number"},{"text":"Personal Identification Number"},{"text":"Personnel Identification Number","link":"https://csrc.nist.gov/glossary/term/personnel_identification_number"}],"definitions":[{"text":"A memorized secret typically consisting of only decimal digits.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Personal Identification Number "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Personal Identification Number "}]},{"text":"A secret number that a cardholder memorizes and uses to authenticate his or her identity as part of multifactor authentication.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under personal identification number "}]}]},{"term":"PIN Entry Device","link":"https://csrc.nist.gov/glossary/term/pin_entry_device","abbrSyn":[{"text":"PED","link":"https://csrc.nist.gov/glossary/term/ped"}],"definitions":[{"text":"An electronic device used in a debit, credit, or smart card-based transaction to accept and encrypt the cardholder's personal identification number.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Personal Information Number Entry Device "}]}]},{"term":"PIN Unblocking Key","link":"https://csrc.nist.gov/glossary/term/pin_unblocking_key","abbrSyn":[{"text":"PUK","link":"https://csrc.nist.gov/glossary/term/puk"}],"definitions":null},{"term":"PIP","link":"https://csrc.nist.gov/glossary/term/pip","abbrSyn":[{"text":"Policy Information Point","link":"https://csrc.nist.gov/glossary/term/policy_information_point"},{"text":"Published Internet Protocol","link":"https://csrc.nist.gov/glossary/term/published_internet_protocol"}],"definitions":null},{"term":"Pipeline and Hazardous Materials Safety Administration","link":"https://csrc.nist.gov/glossary/term/pipeline_and_hazardous_materials_safety_admin","abbrSyn":[{"text":"PHMSA","link":"https://csrc.nist.gov/glossary/term/phmsa"}],"definitions":null},{"term":"PIR","link":"https://csrc.nist.gov/glossary/term/pir","abbrSyn":[{"text":"Post-Implementation Review","link":"https://csrc.nist.gov/glossary/term/post_implementation_review"},{"text":"Public Internet Registry","link":"https://csrc.nist.gov/glossary/term/public_internet_registry"}],"definitions":null},{"term":"PIRT","link":"https://csrc.nist.gov/glossary/term/pirt","abbrSyn":[{"text":"Purposeful Interference Response Team","link":"https://csrc.nist.gov/glossary/term/purposeful_interference_response_team"}],"definitions":null},{"term":"PIT","link":"https://csrc.nist.gov/glossary/term/pit","abbrSyn":[{"text":"Platform Information Technology","link":"https://csrc.nist.gov/glossary/term/platform_information_technology"},{"text":"Protection in Transit","link":"https://csrc.nist.gov/glossary/term/protection_in_transit"}],"definitions":null},{"term":"PITM","link":"https://csrc.nist.gov/glossary/term/pitm","abbrSyn":[{"text":"Person in the Middle","link":"https://csrc.nist.gov/glossary/term/person_in_the_middle"}],"definitions":null},{"term":"PIV","link":"https://csrc.nist.gov/glossary/term/piv","abbrSyn":[{"text":"Personal Identification Verification","link":"https://csrc.nist.gov/glossary/term/personal_identification_verification"},{"text":"Personal Identity Verification"}],"definitions":null},{"term":"PIV Card","link":"https://csrc.nist.gov/glossary/term/piv_card","definitions":[{"text":"The physical artifact (e.g., identity card, “smart” card) issued to an applicant by an issuer that contains stored identity markers or credentials (e.g., a photograph, cryptographic keys, digitized fingerprint representations) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"PIV Card Issuer","link":"https://csrc.nist.gov/glossary/term/piv_card_issuer","abbrSyn":[{"text":"PCI","link":"https://csrc.nist.gov/glossary/term/pci"}],"definitions":null},{"term":"PIV Credential","link":"https://csrc.nist.gov/glossary/term/piv_credential","definitions":[{"text":"A credential that authoritatively binds an identity (and, optionally, additional attributes) to the authenticated cardholder that is issued, managed, and used in accordance with the PIV standards. These credentials include public key certificates stored on a PIV Card as well as other authenticators bound to a PIV identity account as derived PIV credentials.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"Evidence attesting to one’s right to credit or authority; in [FIPS 201-2]. It is the PIV Card or Derived PIV Credential token and data elements associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"PIV Enrollment Record","link":"https://csrc.nist.gov/glossary/term/piv_enrollment_record","definitions":[{"text":"A sequence of related enrollment data sets that is created and maintained by PIV Card issuers. The PIV enrollment record typically contains data collected at each step of the PIV identity proofing, registration, and issuance processes.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"PIV Key Type","link":"https://csrc.nist.gov/glossary/term/piv_key_type","definitions":[{"text":"The type of a key. The PIV Key Types are 1) PIV Authentication key, 2) Card Authentication key, 3) digital signature key, 4) key management key, 5) retired key management key, 6) PIV Secure Messaging key, and 7) PIV Card Application Administration key.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"PIV Visual Credential Authentication (VIS)","link":"https://csrc.nist.gov/glossary/term/piv_visual_credential_authentication_vis","definitions":[{"text":"An authentication mechanism where a human guard inspects the PIV Card and the person presenting it and makes an access control decision based on validity of the card and its correspondence with the presenter. This mechanism is deprecated.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"PIV-I","link":"https://csrc.nist.gov/glossary/term/piv_i","abbrSyn":[{"text":"Personal Identity Verification Interoperable"},{"text":"Personal Identity Verification-Interoperable","link":"https://csrc.nist.gov/glossary/term/personal_identity_verification_interoperable"}],"definitions":null},{"term":"Pivot","link":"https://csrc.nist.gov/glossary/term/pivot","definitions":[{"text":"The act of an attacker moving from one compromised system to one or more  other systems within the same or other organizations. Pivoting is fundamental to the success of advanced persistent threat (APT) attacks. SSH trust relationships may more readily allow an attacker to pivot.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Pivoting","link":"https://csrc.nist.gov/glossary/term/pivoting","definitions":[{"text":"A process where an attacker uses one compromised system to move to another system within an organization.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"PIX","link":"https://csrc.nist.gov/glossary/term/pix","abbrSyn":[{"text":"Proprietary Identifier Extension","link":"https://csrc.nist.gov/glossary/term/proprietary_identifier_extension"}],"definitions":null},{"term":"Pixels Per Inch","link":"https://csrc.nist.gov/glossary/term/pixels_per_inch","abbrSyn":[{"text":"PPI","link":"https://csrc.nist.gov/glossary/term/ppi"}],"definitions":null},{"term":"PK","link":"https://csrc.nist.gov/glossary/term/pk","abbrSyn":[{"text":"Platform Key","link":"https://csrc.nist.gov/glossary/term/platform_key"}],"definitions":null},{"term":"PKC","link":"https://csrc.nist.gov/glossary/term/pkc","abbrSyn":[{"text":"Public Key Cryptography"}],"definitions":[{"text":"Encryption system that uses a public-private key pair for encryption and/or digital signature.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Public Key Cryptography ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Cryptography that uses separate keys for encryption and decryption; also known as asymmetric cryptography.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Public Key Cryptography "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]}]}]},{"term":"PKCE","link":"https://csrc.nist.gov/glossary/term/pkce","abbrSyn":[{"text":"Proof Key for Code Exchange","link":"https://csrc.nist.gov/glossary/term/proof_key_for_code_exchange"}],"definitions":null},{"term":"PKCS","link":"https://csrc.nist.gov/glossary/term/pkcs","abbrSyn":[{"text":"Public Key Certificate Standard","link":"https://csrc.nist.gov/glossary/term/public_key_certificate_standard"},{"text":"Public Key Cryptography Standard","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography_standard"},{"text":"Public Key Cryptography Standards"},{"text":"Public-Key Cryptography Standards"}],"definitions":null},{"term":"PKCS1","link":"https://csrc.nist.gov/glossary/term/pkcs1","abbrSyn":[{"text":"Public Key Cryptography Standard 1","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography_standard_1"}],"definitions":null},{"term":"PKE","link":"https://csrc.nist.gov/glossary/term/pke","abbrSyn":[{"text":"Public Key Enabling"},{"text":"public-key encryption"},{"text":"Public-Key Encryption","link":"https://csrc.nist.gov/glossary/term/public_key_encryption"}],"definitions":null},{"term":"PKI","link":"https://csrc.nist.gov/glossary/term/pki","abbrSyn":[{"text":"Private Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/private_key_infrastructure"},{"text":"public key infrastructure"},{"text":"Public key infrastructure"},{"text":"Public Key Infrastructure"},{"text":"Public-Key Infrastructure"}],"definitions":[{"text":"The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. Framework established to issue, maintain, and revoke public key certificates.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under public key infrastructure ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Public Key Infrastructure ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of enterprise data.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under public key infrastructure "}]},{"text":"A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Public Key Infrastructure "}]}]},{"term":"PKI-Card Authentication (PKI-CAK)","link":"https://csrc.nist.gov/glossary/term/pki_card_authentication_pki_cak","definitions":[{"text":"A PIV authentication mechanism that is implemented by an asymmetric key challenge/response protocol using the card authentication key of the PIV Card and a contact or contactless reader.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"PKI-PIV Authentication (PKI-AUTH)","link":"https://csrc.nist.gov/glossary/term/pki_piv_authentication_pki_auth","definitions":[{"text":"A PIV authentication mechanism that is implemented by an asymmetric key challenge/response protocol using the PIV authentication key of the PIV Card and a contact reader or a contactless card reader that supports the virtual contact interface.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"PKI-PIV Authentication key (PKI-AUTH)","link":"https://csrc.nist.gov/glossary/term/pki_piv_authentication_key_pki_auth","definitions":[{"text":"A PIV Authentication mechanism that is implemented by an asymmetric key challenge/response protocol by using the PIV Authentication key of the PIV Card and a contact reader or a contactless card reader that supports the virtual contact interface.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"PKIX","link":"https://csrc.nist.gov/glossary/term/pkix","abbrSyn":[{"text":"Public Key Infrastructure for X.509 Certificates","link":"https://csrc.nist.gov/glossary/term/public_key_infrastructure_for_x_509_certificates"},{"text":"Public Key Infrastructure X.509"}],"definitions":null},{"term":"PKIX-CMP","link":"https://csrc.nist.gov/glossary/term/pkix_cmp","abbrSyn":[{"text":"Public Key Infrastructure X.509—Certificate Management Protocol","link":"https://csrc.nist.gov/glossary/term/public_key_infrastructure_x_509_certificate_management_protocol"}],"definitions":null},{"term":"PL","link":"https://csrc.nist.gov/glossary/term/pl","abbrSyn":[{"text":"Planning","link":"https://csrc.nist.gov/glossary/term/planning"},{"text":"Public Law","link":"https://csrc.nist.gov/glossary/term/public_law"}],"definitions":null},{"term":"plaintext","link":"https://csrc.nist.gov/glossary/term/plaintext","abbrSyn":[{"text":"clear text"}],"definitions":[{"text":"Intelligible data that has meaning and can be understood without the application of cryptography.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"Unencrypted information that may be input to an encryption operation. \nNote: Plain text is not a synonym for clear text. See clear text.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under plain text ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949","note":" - Adapted"}]}]},{"text":"Information that is not encrypted.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under clear text ","refSources":[{"text":"ISO/IEC 7498-2"}]}]},{"text":"Intelligible data that has meaning and can be read or acted upon without the application of decryption. Also known as cleartext.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Plaintext "},{"text":"NIST SP 800-67 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-67r2","underTerm":" under Plaintext "},{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1","note":" [Superseded]","underTerm":" under Plaintext "}]},{"text":"Usable data that is formatted as input to a mode.","sources":[{"text":"NIST SP 800-38A","link":"https://doi.org/10.6028/NIST.SP.800-38A","underTerm":" under Plaintext "}]},{"text":"The input data to the authenticated encryption function that is both authenticated and encrypted.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under Plaintext "}]},{"text":"The input to the authenticated-encryption function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]},{"text":"Intelligible data that has meaning and can be understood without the application of decryption.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Plaintext "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Plaintext "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Plaintext "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Plaintext "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Plaintext "}]},{"text":"Data that has not been encrypted; intelligible data that has meaning and can be understood without the application of decryption.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Plaintext "}]}],"seeAlso":[{"text":"clear text"}]},{"term":"Plaintext data","link":"https://csrc.nist.gov/glossary/term/plaintext_data","definitions":[{"text":"In this Recommendation, data that will be encrypted by an encryption algorithm or obtained from ciphertext using a decryption algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Plan Coordinator","link":"https://csrc.nist.gov/glossary/term/plan_coordinator","definitions":[{"text":"A person responsible for all aspects of IT planning, including the TT&E element of maintaining the IT plans. The plan coordinator has overall responsibility for the IT plans, including development, implementation, and maintenance.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Plan of Action & Milestones (POA&M)","link":"https://csrc.nist.gov/glossary/term/plan_of_action_and_milestones5","definitions":null},{"term":"Plan Of Action & Milestones3","link":"https://csrc.nist.gov/glossary/term/poam3","abbrSyn":[{"text":"POA&M","link":"https://csrc.nist.gov/glossary/term/poaandm"}],"definitions":null},{"term":"plan of action and milestones","link":"https://csrc.nist.gov/glossary/term/plan_of_action_and_milestones","definitions":[{"text":"A document that identifies tasks that need to be accomplished. It details resources required to accomplish the elements of the plan, milestones for meeting the tasks, and the scheduled completion dates for the milestones.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"plan of action and milestones2","link":"https://csrc.nist.gov/glossary/term/poam2","definitions":null},{"term":"Plan of Action and Milestones4","link":"https://csrc.nist.gov/glossary/term/poam4","abbrSyn":[{"text":"POA&M","link":"https://csrc.nist.gov/glossary/term/poaandm"},{"text":"POAM","link":"https://csrc.nist.gov/glossary/term/poam"}],"definitions":[{"text":"A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","refSources":[{"text":"OMB Memorandum 02-01","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m02-01.html"}]}]},{"text":"A document for a system that “identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.” [13]","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","note":" - Adapted"}]}]}]},{"term":"Plan of Actions and Milestones1","link":"https://csrc.nist.gov/glossary/term/poam1","abbrSyn":[{"text":"POA&M","link":"https://csrc.nist.gov/glossary/term/poaandm"}],"definitions":[{"text":"A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and scheduled milestone completion dates.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Planning","link":"https://csrc.nist.gov/glossary/term/planning","abbrSyn":[{"text":"PL","link":"https://csrc.nist.gov/glossary/term/pl"}],"definitions":null},{"term":"Platform","link":"https://csrc.nist.gov/glossary/term/platform","definitions":[{"text":"A computer or hardware device and/or associated operating system, or a virtual environment, on which software can be installed or run. Examples of platforms include Linux™, Microsoft Windows Vista®, and Java™.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","refSources":[{"text":"ISO/IEC 19770-2","note":" - Adapted"}]}]},{"text":"In the context of the CPE Applicability Language specification only, a logical structure combining one or more bound CPE names through logical operators.","sources":[{"text":"NISTIR 7698","link":"https://doi.org/10.6028/NIST.IR.7698"}]}]},{"term":"Platform AbstRaction for SECurity","link":"https://csrc.nist.gov/glossary/term/platform_abstraction_for_security","abbrSyn":[{"text":"Parsec","link":"https://csrc.nist.gov/glossary/term/parsec"}],"definitions":null},{"term":"Platform as a Service (PaaS)","link":"https://csrc.nist.gov/glossary/term/platform_as_a_service","abbrSyn":[{"text":"PaaS","link":"https://csrc.nist.gov/glossary/term/paas"}],"definitions":[{"text":"The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Platform Attribute Certificate Creator","link":"https://csrc.nist.gov/glossary/term/platform_attribute_certificate_creator","abbrSyn":[{"text":"PACCOR","link":"https://csrc.nist.gov/glossary/term/paccor"}],"definitions":null},{"term":"Platform Certificate Verification Tool","link":"https://csrc.nist.gov/glossary/term/platform_certificate_verification_tool","abbrSyn":[{"text":"PCVT","link":"https://csrc.nist.gov/glossary/term/pcvt"}],"definitions":null},{"term":"Platform Configuration Register","link":"https://csrc.nist.gov/glossary/term/platform_configuration_register","abbrSyn":[{"text":"PCR","link":"https://csrc.nist.gov/glossary/term/pcr"}],"definitions":null},{"term":"Platform Controller Hub","link":"https://csrc.nist.gov/glossary/term/platform_controller_hub","abbrSyn":[{"text":"PCH","link":"https://csrc.nist.gov/glossary/term/pch"}],"definitions":null},{"term":"Platform Firmware Resilience","link":"https://csrc.nist.gov/glossary/term/platform_firmware_resilience","abbrSyn":[{"text":"PFR","link":"https://csrc.nist.gov/glossary/term/pfr"}],"definitions":null},{"term":"Platform Information Technology","link":"https://csrc.nist.gov/glossary/term/platform_information_technology","abbrSyn":[{"text":"PIT","link":"https://csrc.nist.gov/glossary/term/pit"}],"definitions":null},{"term":"platform IT (PIT)","link":"https://csrc.nist.gov/glossary/term/platform_it","definitions":[{"text":"Information technology (IT), both hardware and software, that is physically part of, dedicated to, or essential in real time to the mission performance of special purpose systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.1","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"platform IT (PIT) system","link":"https://csrc.nist.gov/glossary/term/platform_it_system","definitions":[{"text":"A collection of PIT within an identified boundary under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Platform Key","link":"https://csrc.nist.gov/glossary/term/platform_key","abbrSyn":[{"text":"PK","link":"https://csrc.nist.gov/glossary/term/pk"}],"definitions":null},{"term":"Platform Manifest Correlation System","link":"https://csrc.nist.gov/glossary/term/platform_manifest_correlation_system","abbrSyn":[{"text":"PMCS","link":"https://csrc.nist.gov/glossary/term/pmcs"}],"definitions":null},{"term":"Platform Root of Trust","link":"https://csrc.nist.gov/glossary/term/platform_root_of_trust","abbrSyn":[{"text":"PRoT","link":"https://csrc.nist.gov/glossary/term/prot"}],"definitions":null},{"term":"Platform Security Architecture","link":"https://csrc.nist.gov/glossary/term/platform_security_architecture","abbrSyn":[{"text":"PSA","link":"https://csrc.nist.gov/glossary/term/psa"}],"definitions":null},{"term":"Platform Services Controller","link":"https://csrc.nist.gov/glossary/term/platform_services_controller","abbrSyn":[{"text":"PSC","link":"https://csrc.nist.gov/glossary/term/psc"}],"definitions":null},{"term":"Platform Trust","link":"https://csrc.nist.gov/glossary/term/platform_trust","definitions":[{"text":"An assurance in the integrity of the underlying platform configuration, including hardware, firmware, and software.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"PLC","link":"https://csrc.nist.gov/glossary/term/plc","abbrSyn":[{"text":"Programmable Line Controller","link":"https://csrc.nist.gov/glossary/term/programmable_line_controller"},{"text":"programmable logic controller","link":"https://csrc.nist.gov/glossary/term/programmable_logic_controller"},{"text":"Programmable Logic Controllers"}],"definitions":[{"text":"A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, three mode (PID) control, communication, arithmetic, and data and file processing.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under programmable logic controller ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under programmable logic controller ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under programmable logic controller ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under programmable logic controller ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under programmable logic controller ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under programmable logic controller ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"PLIST","link":"https://csrc.nist.gov/glossary/term/plist","abbrSyn":[{"text":"Property List","link":"https://csrc.nist.gov/glossary/term/property_list"}],"definitions":null},{"term":"PM","link":"https://csrc.nist.gov/glossary/term/pm","abbrSyn":[{"text":"Policy Machine","link":"https://csrc.nist.gov/glossary/term/policy_machine"},{"text":"Program Management","link":"https://csrc.nist.gov/glossary/term/program_management"},{"text":"Project Management","link":"https://csrc.nist.gov/glossary/term/project_management"}],"definitions":null},{"term":"PM2","link":"https://csrc.nist.gov/glossary/term/pm2","abbrSyn":[{"text":"Process Manager 2","link":"https://csrc.nist.gov/glossary/term/process_manager_2"}],"definitions":null},{"term":"PMA","link":"https://csrc.nist.gov/glossary/term/pma","abbrSyn":[{"text":"President’s Management Agenda","link":"https://csrc.nist.gov/glossary/term/presidents_management_agenda"}],"definitions":null},{"term":"PMCS","link":"https://csrc.nist.gov/glossary/term/pmcs","abbrSyn":[{"text":"Platform Manifest Correlation System","link":"https://csrc.nist.gov/glossary/term/platform_manifest_correlation_system"}],"definitions":null},{"term":"PMEF","link":"https://csrc.nist.gov/glossary/term/pmef","abbrSyn":[{"text":"Primary Mission Essential Functions","link":"https://csrc.nist.gov/glossary/term/primary_mission_essential_functions"}],"definitions":null},{"term":"PMF","link":"https://csrc.nist.gov/glossary/term/pmf","abbrSyn":[{"text":"Protected Management Frame(s)","link":"https://csrc.nist.gov/glossary/term/protected_management_frame"}],"definitions":null},{"term":"PMI","link":"https://csrc.nist.gov/glossary/term/pmi","abbrSyn":[{"text":"Precision Medicine Initiative","link":"https://csrc.nist.gov/glossary/term/precision_medicine_initiative"}],"definitions":null},{"term":"PMK","link":"https://csrc.nist.gov/glossary/term/pmk","abbrSyn":[{"text":"Pairwise Main Key","link":"https://csrc.nist.gov/glossary/term/pairwise_main_key"},{"text":"Pairwise Master Key","link":"https://csrc.nist.gov/glossary/term/pairwise_master_key"}],"definitions":null},{"term":"PMKSA","link":"https://csrc.nist.gov/glossary/term/pmksa","abbrSyn":[{"text":"Pairwise Master Key Security Association","link":"https://csrc.nist.gov/glossary/term/pairwise_master_key_security_association"}],"definitions":null},{"term":"PML","link":"https://csrc.nist.gov/glossary/term/pml","abbrSyn":[{"text":"Physical Measurement Laboratory","link":"https://csrc.nist.gov/glossary/term/physical_measurement_laboratory"},{"text":"Probable Maximum Loss","link":"https://csrc.nist.gov/glossary/term/probable_maximum_loss"}],"definitions":null},{"term":"PMO","link":"https://csrc.nist.gov/glossary/term/pmo","abbrSyn":[{"text":"Program Management Office","link":"https://csrc.nist.gov/glossary/term/program_management_office"}],"definitions":null},{"term":"PMRM","link":"https://csrc.nist.gov/glossary/term/pmrm","abbrSyn":[{"text":"Privacy Management Reference Model and Methodology","link":"https://csrc.nist.gov/glossary/term/privacy_management_reference_model_and_methodology"}],"definitions":null},{"term":"PMS","link":"https://csrc.nist.gov/glossary/term/pms","abbrSyn":[{"text":"Property Management System","link":"https://csrc.nist.gov/glossary/term/property_management_system"},{"text":"Property Management Systems"}],"definitions":null},{"term":"PMTU","link":"https://csrc.nist.gov/glossary/term/pmtu","abbrSyn":[{"text":"Path Maximum Transmission Unit","link":"https://csrc.nist.gov/glossary/term/path_maximum_transmission_unit"}],"definitions":null},{"term":"PMTUD","link":"https://csrc.nist.gov/glossary/term/pmtud","abbrSyn":[{"text":"Path Maximum Transmission Unit Discovery","link":"https://csrc.nist.gov/glossary/term/path_maximum_transmission_unit_discovery"}],"definitions":null},{"term":"PN","link":"https://csrc.nist.gov/glossary/term/pn_acronym","abbrSyn":[{"text":"Packet Number","link":"https://csrc.nist.gov/glossary/term/packet_number"}],"definitions":null},{"term":"pNFS","link":"https://csrc.nist.gov/glossary/term/pnfs","abbrSyn":[{"text":"Parallel NFS","link":"https://csrc.nist.gov/glossary/term/parallel_nfs"}],"definitions":null},{"term":"PNG","link":"https://csrc.nist.gov/glossary/term/png","abbrSyn":[{"text":"Portable Network Graphics","link":"https://csrc.nist.gov/glossary/term/portable_network_graphics"}],"definitions":null},{"term":"pNIC","link":"https://csrc.nist.gov/glossary/term/pnic","abbrSyn":[{"text":"Physical Network Interface Card","link":"https://csrc.nist.gov/glossary/term/physical_network_interface_card"}],"definitions":null},{"term":"PNNL","link":"https://csrc.nist.gov/glossary/term/pnnl","abbrSyn":[{"text":"Pacific Northwest National Laboratory","link":"https://csrc.nist.gov/glossary/term/pacific_nw_natl_lab"}],"definitions":null},{"term":"PNT","link":"https://csrc.nist.gov/glossary/term/pnt","abbrSyn":[{"text":"positioning, navigation, and timing","link":"https://csrc.nist.gov/glossary/term/positioning_navigation_and_timing"},{"text":"Positioning, Navigation, and Timing"}],"definitions":null},{"term":"PNT data","link":"https://csrc.nist.gov/glossary/term/pnt_data","definitions":[{"text":"All information used to form or disseminate PNT solutions, including signals, waveforms, and network packets.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]}]},{"term":"PNT Profile","link":"https://csrc.nist.gov/glossary/term/pnt_profile","abbrSyn":[{"text":"Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services","link":"https://csrc.nist.gov/glossary/term/foundational_pnt_profile"}],"definitions":null},{"term":"PNT solution","link":"https://csrc.nist.gov/glossary/term/pnt_solution","definitions":[{"text":"The full solution provided by a PNT system or source, including time, position, and velocity. A PNT system or source may provide a full PNT solution or a part of it. For example, a GNSS receiver provides a full PNT solution, while a local clock provides only a timing or frequency solution.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf"}]}]}]},{"term":"PNT source","link":"https://csrc.nist.gov/glossary/term/pnt_source","definitions":[{"text":"A PNT system component that is used to produce a PNT solution. Examples include GNSS receivers, networked and local clocks, inertial navigation systems (INS), and timing services provided over a wired or wireless connection.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf"}]}]}]},{"term":"PNT system","link":"https://csrc.nist.gov/glossary/term/pnt_system","definitions":[{"text":"The components, processes, and parameters that collectively produce the final PNT solution for the consumer.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf"}]}]}]},{"term":"POA&M","link":"https://csrc.nist.gov/glossary/term/poaandm","abbrSyn":[{"text":"Plan Of Action & Milestones3","link":"https://csrc.nist.gov/glossary/term/poam3"},{"text":"Plan of Action and Milestones4","link":"https://csrc.nist.gov/glossary/term/poam4"},{"text":"Plan of Actions and Milestones1","link":"https://csrc.nist.gov/glossary/term/poam1"}],"definitions":[{"text":"A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Plan of Action and Milestones4 ","refSources":[{"text":"OMB Memorandum 02-01","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m02-01.html"}]}]},{"text":"A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and scheduled milestone completion dates.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115","underTerm":" under Plan of Actions and Milestones1 "}]},{"text":"A document for a system that “identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.” [13]","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Plan of Action and Milestones4 ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","note":" - Adapted"}]}]}]},{"term":"POC","link":"https://csrc.nist.gov/glossary/term/poc","abbrSyn":[{"text":"Point of Contact","link":"https://csrc.nist.gov/glossary/term/point_of_contact"},{"text":"Point Of Contact"}],"definitions":null},{"term":"Pocket PC","link":"https://csrc.nist.gov/glossary/term/pocket_pc","abbrSyn":[{"text":"PPC","link":"https://csrc.nist.gov/glossary/term/ppc"}],"definitions":null},{"term":"PoE","link":"https://csrc.nist.gov/glossary/term/poe","abbrSyn":[{"text":"Power over Ethernet","link":"https://csrc.nist.gov/glossary/term/power_over_ethernet"}],"definitions":null},{"term":"PoET","link":"https://csrc.nist.gov/glossary/term/poet","abbrSyn":[{"text":"Proof of Elapsed Time","link":"https://csrc.nist.gov/glossary/term/proof_of_elapsed_time"}],"definitions":null},{"term":"Point","link":"https://csrc.nist.gov/glossary/term/point","abbrSyn":[{"text":"pt","link":"https://csrc.nist.gov/glossary/term/pt"}],"definitions":null},{"term":"point at infinity","link":"https://csrc.nist.gov/glossary/term/point_at_infinity","definitions":[{"text":"Identity element of a Montgomery curve or a curve in short-Weierstrass form.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Point of Contact","link":"https://csrc.nist.gov/glossary/term/point_of_contact","abbrSyn":[{"text":"POC","link":"https://csrc.nist.gov/glossary/term/poc"}],"definitions":null},{"term":"Point of Presence","link":"https://csrc.nist.gov/glossary/term/point_of_presence","abbrSyn":[{"text":"POP","link":"https://csrc.nist.gov/glossary/term/pop"}],"definitions":null},{"term":"point order","link":"https://csrc.nist.gov/glossary/term/point_order","definitions":[{"text":"Smallest non-zero multiple of a group element that results in the group’s identity element.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"Pointer Authentication Code","link":"https://csrc.nist.gov/glossary/term/pointer_authentication_code","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"Point-of-Sale","link":"https://csrc.nist.gov/glossary/term/point_of_sale","abbrSyn":[{"text":"POS"}],"definitions":null},{"term":"Point-to-Point Protocol","link":"https://csrc.nist.gov/glossary/term/point_to_point_protocol","abbrSyn":[{"text":"PPP","link":"https://csrc.nist.gov/glossary/term/ppp"}],"definitions":null},{"term":"Point-to-Point Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/point_to_point_tunneling_protocol","abbrSyn":[{"text":"PPTP","link":"https://csrc.nist.gov/glossary/term/pptp"}],"definitions":null},{"term":"Poisson Distribution","link":"https://csrc.nist.gov/glossary/term/poisson_distribution","definitions":[{"text":"Poisson distributions model (some) discrete random variables. Typically, a Poisson random variable is a count of the number of rare events that occur in a certain time interval.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Policy","link":"https://csrc.nist.gov/glossary/term/policy","definitions":[{"text":"The set of basic principles and associated guidelines, formulated and enforced by the governing body of an organization, to direct and limit its actions in pursuit of long-term goals.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under policy "}]},{"text":"Statements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]}]},{"text":"Statements, rules, or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1"}]},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1"}]}]},{"text":"A statement of objectives, rules, practices or regulations governing the activities of people within a certain context.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"Policy Administration Point","link":"https://csrc.nist.gov/glossary/term/policy_administration_point","abbrSyn":[{"text":"PAP","link":"https://csrc.nist.gov/glossary/term/pap"}],"definitions":null},{"term":"Policy Administrator","link":"https://csrc.nist.gov/glossary/term/policy_administrator","abbrSyn":[{"text":"PA","link":"https://csrc.nist.gov/glossary/term/pa"}],"definitions":null},{"term":"Policy and Charging Rules Function","link":"https://csrc.nist.gov/glossary/term/policy_and_charging_rules_function","abbrSyn":[{"text":"PCRF","link":"https://csrc.nist.gov/glossary/term/pcrf"}],"definitions":null},{"term":"policy based access control (PBAC)","link":"https://csrc.nist.gov/glossary/term/policy_based_access_control","abbrSyn":[{"text":"PBAC","link":"https://csrc.nist.gov/glossary/term/pbac"}],"definitions":[{"text":"A strategy for managing user access to one or more systems, where the business roles of users is combined with policies to determine what access privileges users of each role should have. Theoretical privileges are compared to actual privileges, and differences are automatically applied. For example, a role may be defined for a manager. Specific types of accounts on the single sign-on server, Web server, and database management system may be attached to this role. Appropriate users are then attached to this role.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Policy Based Access Control (PBAC) ","refSources":[{"text":"Meta Access Management System Federated Identity and Access Mgmt Glossary","link":"https://mams.melcoe.mq.edu.au/zope/mams/kb/glossary/view"}]}]},{"text":"A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, heuristics).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"policy decision point (PDP)","link":"https://csrc.nist.gov/glossary/term/policy_decision_point","abbrSyn":[{"text":"PDP","link":"https://csrc.nist.gov/glossary/term/pdp"}],"definitions":[{"text":"A system entity that makes authorization decisions for itself or for other system entities that request such decisions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7657","link":"https://doi.org/10.6028/NIST.IR.7657"}]}]},{"text":"Mechanism that examines requests to access resources, and compares them to the policy that applies to all requests for accessing that resource to determine whether specific access should be granted to the particular requester who issued the request under consideration.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Policy Decision Point (PDP) ","refSources":[{"text":"OASIS: A Brief Introduction to XACML","link":"https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html"}]}]}]},{"term":"policy enforcement point (PEP)","link":"https://csrc.nist.gov/glossary/term/policy_enforcement_point","abbrSyn":[{"text":"PEP","link":"https://csrc.nist.gov/glossary/term/pep"}],"definitions":[{"text":"A system entity that requests and subsequently enforces authorization decisions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7657","link":"https://doi.org/10.6028/NIST.IR.7657"}]}]},{"text":"Mechanism (e.g., access control mechanism of a file system or Web server) that actually protects (in terms of controlling access to) the resources exposed by Web services.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Policy Enforcement Point (PEP) ","refSources":[{"text":"OASIS: A Brief Introduction to XACML","link":"https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html"}]}]},{"text":"A network device on which policy decisions are carried out or enforced.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Policy Enforcement Point (PEP) "},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Policy Enforcement Point "}]}]},{"term":"Policy Engine","link":"https://csrc.nist.gov/glossary/term/policy_engine","abbrSyn":[{"text":"PE","link":"https://csrc.nist.gov/glossary/term/pe"}],"definitions":null},{"term":"Policy Information Point","link":"https://csrc.nist.gov/glossary/term/policy_information_point","abbrSyn":[{"text":"PIP","link":"https://csrc.nist.gov/glossary/term/pip"}],"definitions":null},{"term":"Policy Machine","link":"https://csrc.nist.gov/glossary/term/policy_machine","abbrSyn":[{"text":"PM","link":"https://csrc.nist.gov/glossary/term/pm"}],"definitions":null},{"term":"Policy Retrieval Point","link":"https://csrc.nist.gov/glossary/term/policy_retrieval_point","abbrSyn":[{"text":"PRP","link":"https://csrc.nist.gov/glossary/term/prp"}],"definitions":null},{"term":"POP","link":"https://csrc.nist.gov/glossary/term/pop","abbrSyn":[{"text":"Point of Presence","link":"https://csrc.nist.gov/glossary/term/point_of_presence"},{"text":"Post Office Protocol"},{"text":"Proof of Possession"}],"definitions":[{"text":"A mailbox access protocol defined by IETF RFC 1939. POP is one of the most commonly used mailbox access protocols.","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Post Office Protocol ","refSources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"text":"A standard protocol used to receive electronic mail from a server.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Post Office Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Post Office Protocol "}]}]},{"term":"POP3","link":"https://csrc.nist.gov/glossary/term/pop3","abbrSyn":[{"text":"Post Office Protocol 3"},{"text":"Post Office Protocol, Version 3","link":"https://csrc.nist.gov/glossary/term/post_office_protocol_version_3"}],"definitions":null},{"term":"Port Address Translation","link":"https://csrc.nist.gov/glossary/term/port_address_translation","abbrSyn":[{"text":"PAT","link":"https://csrc.nist.gov/glossary/term/pat"}],"definitions":null},{"term":"port scan","link":"https://csrc.nist.gov/glossary/term/port_scan","definitions":[{"text":"A technique that sends client requests to a range of service port addresses on a host.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]}]},{"term":"Port Scanner","link":"https://csrc.nist.gov/glossary/term/port_scanner","definitions":[{"text":"A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Port World-Wide Name","link":"https://csrc.nist.gov/glossary/term/port_world_wide_name","abbrSyn":[{"text":"PWWN","link":"https://csrc.nist.gov/glossary/term/pwwn"}],"definitions":null},{"term":"Portable Data File","link":"https://csrc.nist.gov/glossary/term/portable_data_file","abbrSyn":[{"text":"PDF","link":"https://csrc.nist.gov/glossary/term/pdf"}],"definitions":null},{"term":"Portable Document Format","link":"https://csrc.nist.gov/glossary/term/portable_document_format","abbrSyn":[{"text":"PDF","link":"https://csrc.nist.gov/glossary/term/pdf"}],"definitions":null},{"term":"portable electronic device (PED)","link":"https://csrc.nist.gov/glossary/term/portable_electronic_device","abbrSyn":[{"text":"PED","link":"https://csrc.nist.gov/glossary/term/ped"}],"definitions":[{"text":"Electronic devices having the capability to store, record, and/or transmit text, images/video, or audio data. Examples of such devices include, but are not limited to: pagers, laptops, cellular telephones, radios, compact disc and cassette players/recorders, portable digital assistant, audio devices, watches with input capability, and reminder recorders.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"Portable Network Graphics","link":"https://csrc.nist.gov/glossary/term/portable_network_graphics","abbrSyn":[{"text":"PNG","link":"https://csrc.nist.gov/glossary/term/png"}],"definitions":null},{"term":"portable storage device","link":"https://csrc.nist.gov/glossary/term/portable_storage_device","abbrSyn":[{"text":"removable media device","link":"https://csrc.nist.gov/glossary/term/removable_media_device"}],"definitions":[{"text":"A system component that can be inserted into and removed from a system and that is used to store information or data (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., compact/digital video disks, flash/thumb drives, external solid-state drives, external hard disk drives, flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Portable device that can be connected to an information system (IS), computer, or network to provide data storage. These devices interface with the IS through processing chips and may load driver software, presenting a greater security risk to the IS than non-device media, such as optical discs or flash memory cards. \nNote: Examples include, but are not limited to: USB flash drives, external hard drives, and external solid state disk (SSD) drives. Portable Storage Devices also include memory cards that have additional functions aside from standard data storage and encrypted data storage, such as built-in Wi-Fi connectivity and global positioning system (GPS) reception. \nSee also removable media.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See portable storage device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under removable media device "}]},{"text":"An information system component that can be inserted into and removed from an information system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain non-volatile memory).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Portable Storage Device "}]},{"text":"A system component that can be inserted into and removed from a system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"}]},{"text":"A system component that can communicate with and be added to or removed from a system or network and that is limited to data storage—including text, video, audio or image data—as its primary function (e.g., optical discs, external or removable hard drives, external or removable solid-state disk drives, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A system component that can be inserted into and removed from a system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}],"seeAlso":[{"text":"mobile device","link":"mobile_device"},{"text":"removable media","link":"removable_media"}]},{"term":"Portal VPN","link":"https://csrc.nist.gov/glossary/term/portal_vpn","definitions":[{"text":"A single standard SSL connection to a Web site (the portal) that allows a remote user to securely access multiple network services via a standard Web browser.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"PoS","link":"https://csrc.nist.gov/glossary/term/pos","abbrSyn":[{"text":"Point of Sale"},{"text":"Point-of-Sale","link":"https://csrc.nist.gov/glossary/term/point_of_sale"},{"text":"Proof of Stake","link":"https://csrc.nist.gov/glossary/term/proof_of_stake"}],"definitions":null},{"term":"POSE","link":"https://csrc.nist.gov/glossary/term/pose","abbrSyn":[{"text":"Palm Operating System Emulator","link":"https://csrc.nist.gov/glossary/term/palm_operating_system_emulator"}],"definitions":null},{"term":"Position Designation System","link":"https://csrc.nist.gov/glossary/term/position_designation_system","abbrSyn":[{"text":"PDS","link":"https://csrc.nist.gov/glossary/term/pds"}],"definitions":null},{"term":"positioning","link":"https://csrc.nist.gov/glossary/term/positioning","definitions":[{"text":"The ability to accurately and precisely determine one’s location and orientation two-dimensionally (or three-dimensionally, when required) referenced to a standard reference frame, such as the World Geodetic System 1984, WGS 84, or the International Terrestrial Reference Frame ITRF2020.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"What is PNT (DOT)","link":"https://www.transportation.gov/pnt/what-positioning-navigation-and-timing-pnt","note":" - adapted"}]}]},{"text":"The ability to accurately and precisely determine one’s location and orientation two-dimensionally (or three-dimensionally, when required) referenced to a standard reference frame, such as the World Geodetic System 1984, WGS84[G873], or ITRF2014.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"What is PNT (DOT)","link":"https://www.transportation.gov/pnt/what-positioning-navigation-and-timing-pnt"}]}]}]},{"term":"positioning, navigation, and timing","link":"https://csrc.nist.gov/glossary/term/positioning_navigation_and_timing","abbrSyn":[{"text":"PNT","link":"https://csrc.nist.gov/glossary/term/pnt"}],"definitions":null},{"term":"positive control material","link":"https://csrc.nist.gov/glossary/term/positive_control_material","abbrSyn":[{"text":"PCM","link":"https://csrc.nist.gov/glossary/term/pcm"}],"definitions":[{"text":"Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Positron Emission Tomography","link":"https://csrc.nist.gov/glossary/term/positron_emission_tomography","abbrSyn":[{"text":"PET","link":"https://csrc.nist.gov/glossary/term/pet"}],"definitions":null},{"term":"Possession and Control of an Authenticator","link":"https://csrc.nist.gov/glossary/term/possession_and_control_of_an_authenticator","definitions":[{"text":"The ability to activate and use the authenticator in an authentication protocol.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"POST","link":"https://csrc.nist.gov/glossary/term/post","abbrSyn":[{"text":"Power-on self-test","link":"https://csrc.nist.gov/glossary/term/power_on_self_test"}],"definitions":null},{"term":"Post Office Protocol (POP)","link":"https://csrc.nist.gov/glossary/term/post_office_protocol","abbrSyn":[{"text":"POP","link":"https://csrc.nist.gov/glossary/term/pop"}],"definitions":[{"text":"A mailbox access protocol defined by IETF RFC 1939. POP is one of the most commonly used mailbox access protocols.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Post Office Protocol ","refSources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"text":"A standard protocol used to receive electronic mail from a server.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Post Office Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Post Office Protocol "}]}]},{"term":"Post Office Protocol, Version 3","link":"https://csrc.nist.gov/glossary/term/post_office_protocol_version_3","abbrSyn":[{"text":"POP3","link":"https://csrc.nist.gov/glossary/term/pop3"}],"definitions":null},{"term":"Post-Market Capability","link":"https://csrc.nist.gov/glossary/term/post_market_capability","definitions":[{"text":"A cybersecurity or privacy capability an organization selects, acquires, and deploys itself; any capability that is not pre-market.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Post-Quantum Cryptography","link":"https://csrc.nist.gov/glossary/term/post_quantum_cryptography","abbrSyn":[{"text":"PQC","link":"https://csrc.nist.gov/glossary/term/pqc"},{"text":"PQCrypto","link":"https://csrc.nist.gov/glossary/term/pqcrypto"}],"definitions":null},{"term":"Post-quantum Pre-shared Key","link":"https://csrc.nist.gov/glossary/term/post_quantum_pre_shared_key","abbrSyn":[{"text":"PPK","link":"https://csrc.nist.gov/glossary/term/ppk"}],"definitions":null},{"term":"Potential Efforts on Threat Events","link":"https://csrc.nist.gov/glossary/term/potential_efforts_on_threat_events","abbrSyn":[{"text":"PETE","link":"https://csrc.nist.gov/glossary/term/pete"}],"definitions":null},{"term":"potential impact","link":"https://csrc.nist.gov/glossary/term/potential_impact","definitions":[{"text":"The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect, a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under POTENTIAL IMPACT ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The loss of confidentiality, integrity, or availability could be expected to have: (i) a limited adverse effect (FIPS 199 low); (ii) a serious adverse effect (FIPS 199 moderate); or (iii) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The loss of confidentiality, integrity, or availability could be expected to have: (i) a limited adverse effect (FIPS Publication 199 low); (ii) a serious adverse effect (FIPS Publication 199 moderate); or (iii) a severe or catastrophic adverse effect (FIPS Publication 199 high) on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The loss of confidentiality, integrity, or availability that could be expected to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) adverse effect on organizational operations, organizational assets, or individuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]}]},{"text":"The loss of confidentiality, integrity, or availability could be expected to have: \n(i) a limited adverse effect (FIPS 199 low); \n(ii) a serious adverse effect (FIPS 199 moderate); or \n(iii) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Potential Impact ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect (FIPS Publication 199 low); a serious adverse effect (FIPS Publication 199 moderate); or a severe or catastrophic adverse effect (FIPS Publication 199 high) on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect (FIPS Publication 199 low), a serious adverse effect (FIPS Publication 199 moderate), or a severe or catastrophic adverse effect (FIPS Publication 199 high) on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]}]},{"term":"Potentially Harmful Application","link":"https://csrc.nist.gov/glossary/term/potentially_harmful_application","abbrSyn":[{"text":"PHA","link":"https://csrc.nist.gov/glossary/term/pha"}],"definitions":null},{"term":"potentially identifiable personal information","link":"https://csrc.nist.gov/glossary/term/potentially_identifiable_personal_information","definitions":[{"text":"A new category of information proposed by Robert Gellman for information that has been de-identified but can be potentially re-identified. Potentially identifiable personal information is any personal information without overt identifiers. Under Gellman’s proposal, parties that wish to exchange attempts PI2 could voluntarily subscribe to a regime that would provide for both criminal and civil penalties if the recipient of the data attempted to re-identify the data subjects.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"The Deidentification Dilemma","link":"https://ir.lawnet.fordham.edu/iplj/vol21/iss1/2/"}]}]}]},{"term":"POU","link":"https://csrc.nist.gov/glossary/term/pou","abbrSyn":[{"text":"Program Organizational Unit","link":"https://csrc.nist.gov/glossary/term/program_organizational_unit"}],"definitions":null},{"term":"PoW","link":"https://csrc.nist.gov/glossary/term/pow","abbrSyn":[{"text":"Proof of Work","link":"https://csrc.nist.gov/glossary/term/proof_of_work"}],"definitions":null},{"term":"Power over Ethernet","link":"https://csrc.nist.gov/glossary/term/power_over_ethernet","abbrSyn":[{"text":"PoE","link":"https://csrc.nist.gov/glossary/term/poe"}],"definitions":null},{"term":"Power-on self-test","link":"https://csrc.nist.gov/glossary/term/power_on_self_test","abbrSyn":[{"text":"POST","link":"https://csrc.nist.gov/glossary/term/post"}],"definitions":null},{"term":"PPA","link":"https://csrc.nist.gov/glossary/term/ppa","abbrSyn":[{"text":"Personal Profile Application","link":"https://csrc.nist.gov/glossary/term/personal_profile_application"}],"definitions":null},{"term":"PPC","link":"https://csrc.nist.gov/glossary/term/ppc","abbrSyn":[{"text":"Pocket PC","link":"https://csrc.nist.gov/glossary/term/pocket_pc"}],"definitions":null},{"term":"PPD","link":"https://csrc.nist.gov/glossary/term/ppd","abbrSyn":[{"text":"Presidential Policy Directive","link":"https://csrc.nist.gov/glossary/term/presidential_policy_directive"}],"definitions":null},{"term":"PPE","link":"https://csrc.nist.gov/glossary/term/ppe","abbrSyn":[{"text":"Personal Protective Equipment","link":"https://csrc.nist.gov/glossary/term/personal_protective_equipment"}],"definitions":null},{"term":"PPI","link":"https://csrc.nist.gov/glossary/term/ppi","abbrSyn":[{"text":"Pixels Per Inch","link":"https://csrc.nist.gov/glossary/term/pixels_per_inch"}],"definitions":null},{"term":"PPK","link":"https://csrc.nist.gov/glossary/term/ppk","abbrSyn":[{"text":"Post-quantum Pre-shared Key","link":"https://csrc.nist.gov/glossary/term/post_quantum_pre_shared_key"}],"definitions":null},{"term":"PPP","link":"https://csrc.nist.gov/glossary/term/ppp","abbrSyn":[{"text":"Point to Point protocol"},{"text":"Point-to-Point Protocol","link":"https://csrc.nist.gov/glossary/term/point_to_point_protocol"}],"definitions":null},{"term":"PPS","link":"https://csrc.nist.gov/glossary/term/pps","abbrSyn":[{"text":"Physically Protected Space"},{"text":"Protocol and Parameters Selection","link":"https://csrc.nist.gov/glossary/term/protocol_and_parameters_selection"},{"text":"pulse per second","link":"https://csrc.nist.gov/glossary/term/pulse_per_second"}],"definitions":null},{"term":"PPTP","link":"https://csrc.nist.gov/glossary/term/pptp","abbrSyn":[{"text":"Point to Point tunneling protocol"},{"text":"Point-to-Point Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/point_to_point_tunneling_protocol"}],"definitions":null},{"term":"PQC","link":"https://csrc.nist.gov/glossary/term/pqc","abbrSyn":[{"text":"Post Quantum Cryptography"},{"text":"Post-Quantum Cryptography","link":"https://csrc.nist.gov/glossary/term/post_quantum_cryptography"}],"definitions":null},{"term":"PQCrypto","link":"https://csrc.nist.gov/glossary/term/pqcrypto","abbrSyn":[{"text":"Post-Quantum Cryptography","link":"https://csrc.nist.gov/glossary/term/post_quantum_cryptography"}],"definitions":null},{"term":"PR","link":"https://csrc.nist.gov/glossary/term/pr","abbrSyn":[{"text":"Protect","link":"https://csrc.nist.gov/glossary/term/protect"},{"text":"protect (CSF function)","link":"https://csrc.nist.gov/glossary/term/protect_csf"}],"definitions":[{"text":"Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under protect (CSF function) ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"PR.AC","link":"https://csrc.nist.gov/glossary/term/pr_ac","abbrSyn":[{"text":"Protect, Access Control","link":"https://csrc.nist.gov/glossary/term/protect_access_control"}],"definitions":null},{"term":"PR.AT","link":"https://csrc.nist.gov/glossary/term/pr_at","abbrSyn":[{"text":"Protect, Awareness and Training","link":"https://csrc.nist.gov/glossary/term/protect_awareness_and_training"}],"definitions":null},{"term":"PR.DS","link":"https://csrc.nist.gov/glossary/term/pr_ds","abbrSyn":[{"text":"Protect, Data Security","link":"https://csrc.nist.gov/glossary/term/protect_data_security"}],"definitions":null},{"term":"PR.PT","link":"https://csrc.nist.gov/glossary/term/pr_pt","abbrSyn":[{"text":"Protect, Protective Technology","link":"https://csrc.nist.gov/glossary/term/protect_protective_technology"}],"definitions":null},{"term":"PR/SM","link":"https://csrc.nist.gov/glossary/term/pr_sm","abbrSyn":[{"text":"Processor Resource/System Manager","link":"https://csrc.nist.gov/glossary/term/processor_resource_system_manager"}],"definitions":null},{"term":"PRA","link":"https://csrc.nist.gov/glossary/term/pra","abbrSyn":[{"text":"Paperwork Reduction Act","link":"https://csrc.nist.gov/glossary/term/paperwork_reduction_act"},{"text":"Penetration-Resistant Architecture"}],"definitions":null},{"term":"Practice Statement","link":"https://csrc.nist.gov/glossary/term/practice_statement","definitions":[{"text":"A formal statement of the practices followed by the parties to an authentication process (e.g., CSP or verifier). It usually describes the parties’ policies and practices and can become legally binding.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A formal statement of the practices followed by the parties to an authentication process (i.e., RA, CSP, or Verifier). It usually describes the policies and practices of the parties and can become legally binding.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"practitioner experience","link":"https://csrc.nist.gov/glossary/term/practitioner_experience","definitions":[{"text":"A source of ISCM assessment elements based on the experience of individuals (practitioners) with experience in designing, implementing, and operating ISCM capabilities, as well as security engineering experience.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"PRAM","link":"https://csrc.nist.gov/glossary/term/pram","abbrSyn":[{"text":"Privacy Risk Assessment Methodology"}],"definitions":null},{"term":"Pre-activation state","link":"https://csrc.nist.gov/glossary/term/pre_activation_state","definitions":[{"text":"A lifecycle state of a key in which the key has been created, but is not yet authorized for use.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A key state in which the key has been generated but is not yet authorized for use.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"precision","link":"https://csrc.nist.gov/glossary/term/precision","definitions":[{"text":"Refers to how closely individual PNT measurements agree with each other.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"Precision Medicine Initiative","link":"https://csrc.nist.gov/glossary/term/precision_medicine_initiative","abbrSyn":[{"text":"PMI","link":"https://csrc.nist.gov/glossary/term/pmi"}],"definitions":null},{"term":"Precision Time Protocol","link":"https://csrc.nist.gov/glossary/term/precision_time_protocol","abbrSyn":[{"text":"PTP","link":"https://csrc.nist.gov/glossary/term/ptp"}],"definitions":null},{"term":"precursor","link":"https://csrc.nist.gov/glossary/term/precursor","definitions":[{"text":"A sign that an attacker may be preparing to cause an incident. \nSee indicator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]}]},{"text":"A sign that an attacker may be preparing to cause an incident.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Precursor "}]}],"seeAlso":[{"text":"indicator","link":"indicator"}]},{"term":"Predictability","link":"https://csrc.nist.gov/glossary/term/predictability","definitions":[{"text":"Enabling reliable assumptions by individuals, owners, and operators about PII and its processing by an information system.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"Per NISTIR8062: Enabling reliable assumptions by individuals, owners, and operators about PII and its processing by an information system.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"Enabling reliable assumptions by individuals, owners, and operators about data and their processing by a system, product, or service.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]},{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]},{"text":"Enabling of reliable assumptions by individuals, owners, and operators about PII and its processing by a system.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"term":"Pre-EFI Initialization","link":"https://csrc.nist.gov/glossary/term/pre_efi_initialization","abbrSyn":[{"text":"PEI","link":"https://csrc.nist.gov/glossary/term/pei"}],"definitions":null},{"term":"Preimage","link":"https://csrc.nist.gov/glossary/term/preimage","definitions":[{"text":"A message Ms that produces a given message digest when it is processed by a hash function.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A message X that produces a given message digest when it is processed by a hash function.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}],"seeAlso":[{"text":"Preimage resistance","link":"preimage_resistance"}]},{"term":"Preimage resistance","link":"https://csrc.nist.gov/glossary/term/preimage_resistance","definitions":[{"text":"An expected property of a cryptographic hash function such that, given a randomly chosen message digest, message_digest, it is computationally infeasible to find a preimage of the message_digest, See “Preimage”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"An expected property of a hash function such that, given a randomly chosen message digest, message_digest, it is computationally infeasible to find a preimage of the message_digest, See “Preimage”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}],"seeAlso":[{"text":"Hash function"},{"text":"Preimage","link":"preimage"}]},{"term":"Preliminary Design Review","link":"https://csrc.nist.gov/glossary/term/preliminary_design_review","abbrSyn":[{"text":"PDR","link":"https://csrc.nist.gov/glossary/term/pdr"}],"definitions":null},{"term":"Pre-Market Capability","link":"https://csrc.nist.gov/glossary/term/pre_market_capability","definitions":[{"text":"A cybersecurity or privacy capability built into an IoT device. Pre-market capabilities are integrated into IoT devices by the manufacturer or vendor before they are shipped to customer organizations.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Prepare for Events","link":"https://csrc.nist.gov/glossary/term/prepare_for_events","abbrSyn":[{"text":"Capability, Event Preparation Management","link":"https://csrc.nist.gov/glossary/term/capability_event_preparation_management"}],"definitions":[{"text":"An ISCM capability that ensures that procedures and resources are in place to respond to both routine and unexpected events that can compromise security. The unexpected events include both actual attacks and contingencies (natural disasters) like fires, floods, earthquakes, etc.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Event Preparation Management "}]},{"text":"See Capability, Event Preparation Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"prerequisite","link":"https://csrc.nist.gov/glossary/term/prerequisite","definitions":[{"text":"A required input to an algorithm that has been established prior to the invocation of the algorithm.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Presentation Attack","link":"https://csrc.nist.gov/glossary/term/presentation_attack","definitions":[{"text":"Presentation to the biometric data capture subsystem with the goal of interfering with the operation of the biometric system.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Presentation Attack Detection (PAD)","link":"https://csrc.nist.gov/glossary/term/presentation_attack_detection","abbrSyn":[{"text":"PAD","link":"https://csrc.nist.gov/glossary/term/pad"}],"definitions":[{"text":"Automated determination of a presentation attack. A subset of presentation attack determination methods, referred to asliveness detection, involve measurement and analysis of anatomical characteristics or involuntary or voluntary reactions, in order to determine if a biometric sample is being captured from a living subject present at the point of capture.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An automated determination of a presentation attack","sources":[{"text":"NIST SP 800-140E","link":"https://doi.org/10.6028/NIST.SP.800-140E"}]},{"text":"Automated determination of a presentation attack. A subset of presentation attack determination methods, referred to as liveness detection, involve measurement and analysis of anatomical characteristics or involuntary or voluntary reactions, in order to determine if a biometric sample is being captured from a living subject present at the point of capture.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"President’s Council on Integrity and Efficiency","link":"https://csrc.nist.gov/glossary/term/presidents_council_on_integrity_and_efficiency","abbrSyn":[{"text":"PCIE"}],"definitions":null},{"term":"President’s Management Agenda","link":"https://csrc.nist.gov/glossary/term/presidents_management_agenda","abbrSyn":[{"text":"PMA","link":"https://csrc.nist.gov/glossary/term/pma"}],"definitions":null},{"term":"President’s National Security Telecommunications Advisory Committee","link":"https://csrc.nist.gov/glossary/term/presidents_national_security_telecommunications_advisory_committee","abbrSyn":[{"text":"NSTAC","link":"https://csrc.nist.gov/glossary/term/nstac"}],"definitions":null},{"term":"Presidential Directive","link":"https://csrc.nist.gov/glossary/term/presidential_directive","definitions":[{"text":"A form of an executive order issued by the President of the United States with the advice and consent of the National Security Council; also known as a Presidential Decision Directive (or PDD).","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]}]},{"term":"Presidential Policy Directive","link":"https://csrc.nist.gov/glossary/term/presidential_policy_directive","abbrSyn":[{"text":"PPD","link":"https://csrc.nist.gov/glossary/term/ppd"}],"definitions":null},{"term":"Pretty Good Privacy","link":"https://csrc.nist.gov/glossary/term/pretty_good_privacy","abbrSyn":[{"text":"PGP","link":"https://csrc.nist.gov/glossary/term/pgp"},{"text":"PGP/OpenPGP","link":"https://csrc.nist.gov/glossary/term/pgp_openpgp"}],"definitions":null},{"term":"PRF","link":"https://csrc.nist.gov/glossary/term/prf","abbrSyn":[{"text":"Pseudorandom function"},{"text":"Pseudorandom Function"},{"text":"Pseudo-random Function"},{"text":"Pseudo-Random Function"}],"definitions":[{"text":"A function that can be used to generate output from a random seed and a data variable such that the output is computationally indistinguishable from truly random output.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Pseudorandom function "}]},{"text":"Pseudorandom Function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"A function that can be used to generate output from a secret random seed and a data variable, such that the output is computationally indistinguishable from truly random output. In this Recommendation, an approved message authentication code (MAC) is used as a pseudorandom function in the key expansion step, where a key derivation key is used as the secret random seed.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Pseudorandom function "}]}]},{"term":"Primary facility","link":"https://csrc.nist.gov/glossary/term/primary_facility","definitions":[{"text":"An FCKMS facility that houses a primary system.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Primary Mission Essential Functions","link":"https://csrc.nist.gov/glossary/term/primary_mission_essential_functions","abbrSyn":[{"text":"PMEF","link":"https://csrc.nist.gov/glossary/term/pmef"}],"definitions":null},{"term":"primary services node (PRSN)","link":"https://csrc.nist.gov/glossary/term/primary_services_node","abbrSyn":[{"text":"PRSN","link":"https://csrc.nist.gov/glossary/term/prsn"}],"definitions":[{"text":"A Key Management Infrastructure (KMI) core node that provides the users’ central point of access to KMI products, services, and information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Primary system","link":"https://csrc.nist.gov/glossary/term/primary_system","definitions":[{"text":"An FCKMS module that is currently active. Contrast with Backup (system).","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Prime number","link":"https://csrc.nist.gov/glossary/term/prime_number","definitions":[{"text":"An integer greater than 1 that has no positive integer factors other than 1 and itself.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"An integer that is greater than 1 and divisible only by 1 and itself.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Prime number generation seed","link":"https://csrc.nist.gov/glossary/term/prime_number_generation_seed","definitions":[{"text":"A string of random bits that is used to begin a search for a prime number with the required characteristics.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Primitive","link":"https://csrc.nist.gov/glossary/term/primitive","definitions":[{"text":"A low-level cryptographic algorithm that is used as a basic building block for higher-level cryptographic operations or schemes.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"See cryptographic primitive.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"A low-level cryptographic algorithm used as a basic building block for higher-level cryptographic operations or schemes.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Primitive algorithm","link":"https://csrc.nist.gov/glossary/term/primitive_algorithm","definitions":[{"text":"A low-level cryptographic algorithm (e.g., an RSA encryption operation) used as a basic building block for higher-level cryptographic algorithms or schemes (e.g., RSA key transport).","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"principal accrediting authority (PAA)","link":"https://csrc.nist.gov/glossary/term/principal_accrediting_authority","abbrSyn":[{"text":"PAA","link":"https://csrc.nist.gov/glossary/term/paa"}],"definitions":[{"text":"Senior official with authority and responsibility for all intelligence systems within an agency.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"principal authorizing official (PAO)","link":"principal_authorizing_official"}]},{"term":"principal authorizing official (PAO)","link":"https://csrc.nist.gov/glossary/term/principal_authorizing_official","abbrSyn":[{"text":"PAO","link":"https://csrc.nist.gov/glossary/term/pao"}],"definitions":[{"text":"A senior (federal) official or executive with the authority to oversee and establish guidance for the strategic implementation of cybersecurity and risk management within their mission areas (i.e., the warfighting mission area (WMA), business mission area (BMA), enterprise information environment mission area (EIEMA), and DoD portion of the intelligence mission area (DIMA) as defined in DoDI 8115.02).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/","note":" - Adapted"}]}]}],"seeAlso":[{"text":"principal accrediting authority (PAA)","link":"principal_accrediting_authority"}]},{"term":"Printed Circuit Board","link":"https://csrc.nist.gov/glossary/term/printed_circuit_board","abbrSyn":[{"text":"PCB","link":"https://csrc.nist.gov/glossary/term/pcb"}],"definitions":null},{"term":"Printed Wiring Assembly","link":"https://csrc.nist.gov/glossary/term/printed_wiring_assembly","abbrSyn":[{"text":"PWA","link":"https://csrc.nist.gov/glossary/term/pwa"}],"definitions":null},{"term":"Prior Year","link":"https://csrc.nist.gov/glossary/term/prior_year","abbrSyn":[{"text":"PY","link":"https://csrc.nist.gov/glossary/term/py"}],"definitions":null},{"term":"PRISMA","link":"https://csrc.nist.gov/glossary/term/prisma","abbrSyn":[{"text":"Program Review for Information Security Management Assistance","link":"https://csrc.nist.gov/glossary/term/program_review_for_information_security_management_assistance"}],"definitions":null},{"term":"privacy architect","link":"https://csrc.nist.gov/glossary/term/privacy_architect","definitions":[{"text":"Individual, group, or organization responsible for ensuring that the system privacy requirements necessary to protect individuals’ privacy are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and information systems processing PII.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"privacy architecture","link":"https://csrc.nist.gov/glossary/term/privacy_architecture","definitions":[{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s privacy protection processes, technical measures, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]}]},{"term":"Privacy Breach","link":"https://csrc.nist.gov/glossary/term/privacy_breach","definitions":[{"text":"The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses data or (2) an authorized user accesses data for an other than authorized purpose.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"OMB M-17-12","link":"https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2017/m-17-12.pdf","note":" - Adapted"}]}]}]},{"term":"Privacy Capability","link":"https://csrc.nist.gov/glossary/term/privacy_capability","definitions":[{"text":"See capability.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A combination of mutually-reinforcing privacy controls (i.e., safeguards and countermeasures) implemented by technical means (i.e., functionality in hardware, software, and firmware), physical means (i.e., physical devices and protective measures), and procedural means (i.e., procedures performed by individuals).","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]}]},{"term":"Privacy Continuous Monitoring","link":"https://csrc.nist.gov/glossary/term/privacy_continuous_monitoring","abbrSyn":[{"text":"PCM","link":"https://csrc.nist.gov/glossary/term/pcm"}],"definitions":null},{"term":"privacy control","link":"https://csrc.nist.gov/glossary/term/privacy_control","definitions":[{"text":"The administrative, technical, and physical safeguards employed within an agency to ensure compliance with applicable privacy requirements and manage privacy risks.\nNote: Controls can be selected to achieve multiple objectives; those controls that are selected to achieve both security and privacy objectives require a degree of collaboration between the organization’s information security program and privacy program.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The administrative, technical, and physical safeguards employed within an agency to ensure compliance with applicable privacy requirements and manage privacy risks.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Privacy control ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The administrative, technical, and physical safeguards employed within an organization to satisfy privacy requirements.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Privacy Control ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","note":" - Adapted"}]}]}]},{"term":"privacy control assessment","link":"https://csrc.nist.gov/glossary/term/privacy_control_assessment","abbrSyn":[{"text":"Assessment"}],"definitions":[{"text":"See Security Control Assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessment "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessment "}]},{"text":"See Security Control Assessment or Privacy Control Assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment "}]},{"text":"See security control assessment or risk assessment.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessment "}]},{"text":"The testing or evaluation of privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements for an information system or organization.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Privacy Control Assessment "}]},{"text":"The assessment of privacy controls to determine whether the controls are implemented correctly, operating as intended, and sufficient to ensure compliance with applicable privacy requirements and manage privacy risks. A privacy control assessment is both an assessment and a formal document detailing the process and the outcome of the assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"Privacy Control Assessor","link":"https://csrc.nist.gov/glossary/term/privacy_control_assessor","abbrSyn":[{"text":"Assessor"}],"definitions":[{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessor "}]},{"text":"See Security Control Assessor.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessor "}]},{"text":"See Security Control Assessor or Privacy Control Assessor.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]},{"text":"The individual responsible for conducting assessment activities under the guidance and direction of a Designated Authorizing Official. The Assessor is a 3rd party.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessor "}]},{"text":"See security control assessor or risk assessor.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessor "}]}]},{"term":"privacy control baseline","link":"https://csrc.nist.gov/glossary/term/privacy_control_baseline","definitions":[{"text":"A collection of controls specifically assembled or brought together by a group, organization, or community of interest to address the privacy protection needs of individuals.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The set of privacy controls selected based on the privacy selection criteria that provide a starting point for the tailoring process.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"privacy domain","link":"https://csrc.nist.gov/glossary/term/privacy_domain","definitions":[{"text":"A domain that implements a privacy policy.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Privacy engineering","link":"https://csrc.nist.gov/glossary/term/privacy_engineering","definitions":[{"text":"A specialty discipline of systems engineering focused on achieving freedom from conditions that can create problems for individuals with unacceptable consequences that arise from the system as it processes PII.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"Privacy Engineering Program","link":"https://csrc.nist.gov/glossary/term/privacy_engineering_program","abbrSyn":[{"text":"PEP","link":"https://csrc.nist.gov/glossary/term/pep"}],"definitions":null},{"term":"Privacy Enhanced Mail","link":"https://csrc.nist.gov/glossary/term/privacy_enhanced_mail","abbrSyn":[{"text":"PEM","link":"https://csrc.nist.gov/glossary/term/pem"}],"definitions":null},{"term":"Privacy Event","link":"https://csrc.nist.gov/glossary/term/privacy_event","definitions":[{"text":"The occurrence or potential occurrence of problematic data actions.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"privacy impact assessment (PIA)","link":"https://csrc.nist.gov/glossary/term/privacy_impact_assessment","abbrSyn":[{"text":"PIA","link":"https://csrc.nist.gov/glossary/term/pia"}],"definitions":[{"text":"a process for examining the risks and ramifications of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and for identifying and evaluating protections and alternative processes to mitigate the impact to privacy of collecting information in identifiable form. Consistent with September 26, 2003, OMB guidance (M-03-22) implementing the privacy provisions of the e -Government Act, agencies must conduct privacy impact assessments for all new or significantly altered IT investments administering information in identifiable form collected from or about members of the public. Agencies may choose whether to conduct privacy impact assessments for IT investments administering information in identifiable form collected from or about agency employees.","sources":[{"text":"NIST SP 800-65","link":"https://doi.org/10.6028/NIST.SP.800-65","note":" [Withdrawn]","underTerm":" under Privacy impact assessment "}]},{"text":"An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under privacy impact assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"“An analysis of how information is handled that ensures handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; determines the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronicinformation system; and examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.”","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under Privacy Impact Assessment (PIA) ","refSources":[{"text":"OMB M-03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]}]},{"text":"An analysis of how information is handled 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]}]},{"text":"An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Privacy Impact Assessment ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Privacy Impact Assessment ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]}]},{"text":"An analysis of how information is handled:\n(i) to ensure handling conforms to applicable legal, regulatory,\nand policy requirements regarding privacy;\n(ii) to determine the risks and effects of collecting, maintaining,\nand disseminating information in identifiable form in an\nelectronic information system; and\n(iii) to examine and evaluate protections and alternative processes\nfor handling information to mitigate potential privacy risks.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Privacy Impact Assessment (PIA) ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Privacy Impact Assessment (PIA) ","refSources":[{"text":"OMB Memorandum 03-22","link":"https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html"}]}]}]},{"term":"privacy information","link":"https://csrc.nist.gov/glossary/term/privacy_information","definitions":[{"text":"Information that describes the privacy posture of an information system or organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"privacy loss","link":"https://csrc.nist.gov/glossary/term/privacy_loss","definitions":[{"text":"A measure of the extent to which a data release may reveal information that is specific to an individual.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"privacy loss budget","link":"https://csrc.nist.gov/glossary/term/privacy_loss_budget","definitions":[{"text":"An upper bound on the cumulative total privacy loss for individuals.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Privacy Management Reference Model and Methodology","link":"https://csrc.nist.gov/glossary/term/privacy_management_reference_model_and_methodology","abbrSyn":[{"text":"PMRM","link":"https://csrc.nist.gov/glossary/term/pmrm"}],"definitions":null},{"term":"privacy plan","link":"https://csrc.nist.gov/glossary/term/privacy_plan","definitions":[{"text":"Formal document that provides an overview of the privacy requirements for an information system or program and describes the privacy controls in place or planned for meeting those requirements. The privacy plan may be integrated into the organizational security plan or developed as a separate plan.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Privacy Plan "}]},{"text":"A formal document that details the privacy controls selected for an information system or environment of operation that are in place or planned for meeting applicable privacy requirements and managing privacy risks, details how the controls have been implemented, and describes the methodologies and metrics that will be used to assess the controls.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"privacy posture","link":"https://csrc.nist.gov/glossary/term/privacy_posture","definitions":[{"text":"The privacy posture represents the status of the information systems and information resources (e.g., personnel, equipment, funds, and information technology) within an organization based on information assurance resources (e.g., people, hardware, software, policies, procedures) and the capabilities in place to comply with applicable privacy requirements and manage privacy risks and to react as the situation changes.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"privacy preserving data mining","link":"https://csrc.nist.gov/glossary/term/privacy_preserving_data_mining","definitions":[{"text":"an [extension] of traditional data mining techniques to work with … data modified to mask sensitive information","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"Benjamin C. et al","note":" - Adapted"}]}]}]},{"term":"privacy preserving data publishing","link":"https://csrc.nist.gov/glossary/term/privacy_preserving_data_publishing","definitions":[{"text":"methods and tools for publishing data in a more hostile environment, so that the published data remains practically useful while individual privacy is preserved","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"Benjamin C. et al"}]}]}]},{"term":"privacy program plan","link":"https://csrc.nist.gov/glossary/term/privacy_program_plan","definitions":[{"text":"A formal document that provides an overview of an agency’s privacy program, including a description of the structure of the privacy program, the resources dedicated to the privacy program, the role of the Senior Agency Official for Privacy and other privacy officials and staff, the strategic goals and objectives of the privacy program, and the program management controls and common controls in place or planned for meeting applicable privacy requirements and managing privacy risks.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"privacy requirement","link":"https://csrc.nist.gov/glossary/term/privacy_requirement","definitions":[{"text":"A requirement that applies to an information system or an organization that is derived from applicable laws, executive orders, directives, policies, standards, regulations, procedures, and/or mission/business needs with respect to privacy. Note: The term privacy requirement can be used in a variety of contexts from high-level policy activites to low-level implementation activities in system development and engineering disciplines.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A specification for system/product/service functionality to meet stakeholders’ desired privacy outcomes.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Privacy Requirement "}]}]},{"term":"Privacy Requirements","link":"https://csrc.nist.gov/glossary/term/privacy_requirements","definitions":[{"text":"Requirements of an organization, information program, or system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, procedures, or organizational mission and business case needs with respect to privacy.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Requirements levied on an organization, information program, or information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, procedures, or organizational mission/business case needs to ensure that privacy protections are implemented in the collection, use, sharing, storage, transmittal, and disposal of information.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]}]},{"term":"Privacy Risk Assessment","link":"https://csrc.nist.gov/glossary/term/privacy_risk_assessment","definitions":[{"text":"A privacy risk management sub-process for identifying and evaluating specific privacy risks.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Privacy Risk Assessment Methodology (PRAM)","link":"https://csrc.nist.gov/glossary/term/privacy_risk_assessment_methodology","abbrSyn":[{"text":"PRAM","link":"https://csrc.nist.gov/glossary/term/pram"}],"definitions":[{"text":"The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"Privacy Risk Assessment Tools","link":"https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/browse/risk-assessment-tools"}]}]}]},{"term":"Privacy Risk Management","link":"https://csrc.nist.gov/glossary/term/privacy_risk_management","definitions":[{"text":"A cross-organizational set of processes for identifying, assessing, and responding to privacy risks.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Privacy Workforce Public Working Group","link":"https://csrc.nist.gov/glossary/term/privacy_workforce_public_working_group","abbrSyn":[{"text":"PWWG","link":"https://csrc.nist.gov/glossary/term/pwwg"}],"definitions":null},{"term":"privacy-enhancing cryptography","link":"https://csrc.nist.gov/glossary/term/privacy_enhancing_cryptography","abbrSyn":[{"text":"PEC","link":"https://csrc.nist.gov/glossary/term/pec"}],"definitions":null},{"term":"Private Branch Exchange","link":"https://csrc.nist.gov/glossary/term/private_branch_exchange","abbrSyn":[{"text":"PBX","link":"https://csrc.nist.gov/glossary/term/pbx"}],"definitions":null},{"term":"Private cloud","link":"https://csrc.nist.gov/glossary/term/private_cloud","definitions":[{"text":"The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Private Credentials","link":"https://csrc.nist.gov/glossary/term/private_credentials","definitions":[{"text":"Credentials that cannot be disclosed by the CSP because the contents can be used to compromise the authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"Credentials that cannot be disclosed by the CSP because the contents can be used to compromise the token. (For more discussion, see Section 7.1.1.)","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"private key","link":"https://csrc.nist.gov/glossary/term/private_key","definitions":[{"text":"The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Private Key "}]},{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm. The private key is uniquely associated with the owner and is not made public. The private key is used to compute a digital signature that may be verified using the corresponding public key.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Private key "}]},{"text":"A mathematical key (kept secret by the holder) used to create digital signatures and, depending upon the algorithm, to decrypt messages or files encrypted (for confidentiality) with the corresponding public key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Private Key ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that is not made public and is uniquely associated with an entity that is authorized to use it. In an asymmetric-key cryptosystem, the private key is associated with a public key. Depending on the algorithm that employs the private key, it may be used to: \n1. Compute the corresponding public key, \n2. Compute a digital signature that may be verified using the corresponding public key, \n3. Decrypt data that was encrypted using the corresponding public key, or \n4. Compute a key derivation key, which may then be used as an input to a key derivation process.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Private key "}]},{"text":"A cryptographic key used by a public-key (asymmetric) cryptographic algorithm that is uniquely associated with an entity and is not made public.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Private key "}]},{"text":"(1) The key of a signature key pair used to create a digital signature. (2) The key of an encryption key pair that is used to decrypt confidential information. In both cases, this key must be kept secret.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Private Key "}]},{"text":"A cryptographic key that is kept secret and is used with a public-key cryptographic algorithm. A private key is associated with a public key.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Private key "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Private key "}]},{"text":"The secret part of an asymmetric key pair that is used to digitally sign or decrypt data.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Private Key "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Private Key "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Private Key "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Private Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Private Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Private Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Private Key "}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that is not made public and is uniquely associated with an entity that is authorized to use it. In an asymmetric-key cryptosystem, the private key is associated with a public key. Depending on the algorithm that employs the private key, it may be used to: 1. Compute the corresponding public key, 2. Compute a digital signature that may be verified using the corresponding public key, 3. Decrypt data that was encrypted using the corresponding public key, or 4. Compute a key derivation key, which may then be used as an input to a key derivation process.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Private key "}]},{"text":"The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]},{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm. For digital signatures, the private key is uniquely associated with the owner and is not made public. The private key is used to compute a digital signature that may be verified by the corresponding public key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Private key "}]},{"text":"A cryptographic key used with a public-key cryptographic algorithm that is uniquely associated with an entity and is not made public. The private key has a corresponding public key. Depending on the algorithm, the private key may be used to: 1. Compute the corresponding public key, 2. Compute a digital signautre taht may be verified by the corresponding public key, 3. Decrypt keys that were encrypted by the corresponding public key, or 4. Compute a shared secret that during a key agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Private key "}]},{"text":"A cryptographic key, used with a public key cryptographic algorithm that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. The private key is known only by the owner of the key pair and is used to:\n\n1. Compute the corresponding public key,\n\n2. Compute a digital signature that may be verified by the corresponding public key,\n\n3. Decrypt data that was encrypted by the corresponding public key, or\n\n4. Compute a piece of common shared data, together with other information.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Private key "}]},{"text":"A cryptographic key, used with a public-key cryptographic algorithm that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key has a corresponding public key. Depending on the algorithm, the private key may be used, for example, to: \n1. Compute the corresponding public key, \n2. Compute a digital signature that may be verified by the corresponding public key, \n3. Decrypt keys that were encrypted by the corresponding public key, or \n4. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Private key "}]},{"text":"A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and is not made public. In an asymmetric (public) key cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used to: 1. Compute the corresponding public key, 2. Compute a digital signature that may be verified by the corresponding public key, 3. Decrypt data that was encrypted by the corresponding public key, or 4. Compute a shared secret during a key-agreement process.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Private key "}]},{"text":"A cryptographic key used with a public-key cryptographic algorithm that is uniquely associated with an entity and is not made public. In an asymmetric-key (public-key) cryptosystem, the private key has a corresponding public key. Depending on the algorithm, the private key may be used, for example, to: 1. Compute the corresponding public key, 2. Compute a digital signature that may be verified by the corresponding public key, 3. Decrypt keys that were encrypted by the corresponding public key, or 4. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Private key "}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that is not made public and is uniquely associated with an entity that is authorized to use it. In an asymmetric-key cryptosystem, the private key is associated with a public key. Depending on the algorithm that employs the private key, it may be used to:\n1. Compute the corresponding public key;\n2. Compute a digital signature that may be verified using the corresponding public key;\n3. Decrypt data that was encrypted using the corresponding public key; or\n4. Compute a key-derivation key, which may then be used as an input to a key-derivation process.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Private key "}]},{"text":"A cryptographic key, used with a public-key cryptographic algorithm, which is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used, for example, to: 1. Compute the corresponding public key, 2. Compute a digital signature that may be verified by the corresponding public key, 3. Decrypt keys that were encrypted by the corresponding public key, or 4. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Private key "}]}]},{"term":"Private Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/private_key_infrastructure","abbrSyn":[{"text":"PKI","link":"https://csrc.nist.gov/glossary/term/pki"}],"definitions":null},{"term":"Private key/private signature key","link":"https://csrc.nist.gov/glossary/term/private_key_private_signature_key","definitions":[{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm and is associated with a public key. The private key is uniquely associated with the owner and is not made public. This key is used to compute a digital signature that may be verified using the corresponding public key.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"privilege","link":"https://csrc.nist.gov/glossary/term/privilege","definitions":[{"text":"The authorized behavior of a subject.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]},{"text":"A right granted to an individual, a program, or a process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Privilege ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Privilege ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Privilege ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A special authorization that is granted to particular users to perform security relevant operations.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Privilege "}]}]},{"term":"Privilege Attribute Certificate","link":"https://csrc.nist.gov/glossary/term/privilege_attribute_certificate","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"privilege certificate manager (PCM)","link":"https://csrc.nist.gov/glossary/term/privilege_certificate_manager","abbrSyn":[{"text":"PCM","link":"https://csrc.nist.gov/glossary/term/pcm"}],"definitions":[{"text":"The key management entity (KME) authorized to create the privilege certificate for another KME.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Privileged Access Management","link":"https://csrc.nist.gov/glossary/term/privileged_access_management","abbrSyn":[{"text":"PAM","link":"https://csrc.nist.gov/glossary/term/pam"}],"definitions":null},{"term":"Privileged Access Never","link":"https://csrc.nist.gov/glossary/term/privileged_access_never","abbrSyn":[{"text":"PAN","link":"https://csrc.nist.gov/glossary/term/pan"}],"definitions":null},{"term":"privileged account","link":"https://csrc.nist.gov/glossary/term/privileged_account","definitions":[{"text":"An information system account with approved authorizations of a privileged user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]}]},{"text":"A system account with authorizations of a privileged user.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"An information system account with authorizations of a privileged user.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Privileged Account "}]},{"text":"A system account with the authorizations of a privileged user.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"privileged command","link":"https://csrc.nist.gov/glossary/term/privileged_command","definitions":[{"text":"A human-initiated command executed on an information system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Privileged Command "}]},{"text":"A human-initiated command executed on a system that involves the control, monitoring, or administration of the system, including security functions and associated security-relevant information.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Privileged Execute Never","link":"https://csrc.nist.gov/glossary/term/privileged_execute_never","abbrSyn":[{"text":"PXN","link":"https://csrc.nist.gov/glossary/term/pxn"}],"definitions":null},{"term":"privileged process","link":"https://csrc.nist.gov/glossary/term/privileged_process","definitions":[{"text":"A computer process that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary processes are not authorized to perform.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"privileged user","link":"https://csrc.nist.gov/glossary/term/privileged_user","abbrSyn":[{"text":"root user","link":"https://csrc.nist.gov/glossary/term/root_user"},{"text":"superuser","link":"https://csrc.nist.gov/glossary/term/superuser"}],"definitions":[{"text":"A user who is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"A user who is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Privileged User ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See privileged user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under root user "},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under superuser "}]},{"text":"A user that is authorized (and, therefore, trusted) to perform securityrelevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Privileged User "}]}]},{"term":"PRM","link":"https://csrc.nist.gov/glossary/term/prm","abbrSyn":[{"text":"Performance Reference Model"}],"definitions":null},{"term":"PRNG","link":"https://csrc.nist.gov/glossary/term/prng","abbrSyn":[{"text":"pseudorandom number generator","link":"https://csrc.nist.gov/glossary/term/pseudorandom_number_generator"},{"text":"Pseudorandom Number Generator"},{"text":"Pseudo-Random Number Generator"}],"definitions":[{"text":"A deterministic computational process that has one or more inputs called \"seeds\", and it outputs a sequence of values that appears to be random according to specified statistical tests. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under pseudorandom number generator ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949","note":" - Adapted"}]}]},{"text":"See Deterministic Random Bit Generator.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Pseudorandom Number Generator "}]}]},{"term":"proactive cyber defense","link":"https://csrc.nist.gov/glossary/term/proactive_cyber_defense","definitions":[{"text":"A continuous process to manage and harden devices and networks according to known best practices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DSOC 2011"}]}]}]},{"term":"Probabilistic Signature Scheme","link":"https://csrc.nist.gov/glossary/term/probabilistic_signature_scheme","abbrSyn":[{"text":"PSS","link":"https://csrc.nist.gov/glossary/term/pss"}],"definitions":null},{"term":"Probability Density Function (PDF)","link":"https://csrc.nist.gov/glossary/term/probability_density_function","definitions":[{"text":"A function that provides the \"local\" probability distribution of a test statistic. From a finite sample size n, a probability density function will be approximated by a histogram.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Probability Distribution","link":"https://csrc.nist.gov/glossary/term/probability_distribution","definitions":[{"text":"The assignment of a probability to the possible outcomes (realizations) of a random variable.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"A function that assigns a probability to each measurable subset of the possible outcomes of a random variable.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Probability distribution "}]}]},{"term":"probability of occurrence","link":"https://csrc.nist.gov/glossary/term/probability_of_occurrence","abbrSyn":[{"text":"likelihood of occurrence","link":"https://csrc.nist.gov/glossary/term/likelihood_of_occurrence"}],"definitions":[{"text":"A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under likelihood of occurrence ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"See likelihood of occurrence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]}]},{"term":"Probable Maximum Loss","link":"https://csrc.nist.gov/glossary/term/probable_maximum_loss","abbrSyn":[{"text":"PML","link":"https://csrc.nist.gov/glossary/term/pml"}],"definitions":null},{"term":"Probable prime","link":"https://csrc.nist.gov/glossary/term/probable_prime","definitions":[{"text":"An integer that is believed to be prime based on a probabilistic primality test. There should be no more than a negligible probability that the so-called probable prime is actually composite.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Probative Data","link":"https://csrc.nist.gov/glossary/term/probative_data","definitions":[{"text":"Information that reveals the truth of an allegation.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"probe","link":"https://csrc.nist.gov/glossary/term/probe","definitions":[{"text":"A technique that attempts to access a system to learn something about the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"problem","link":"https://csrc.nist.gov/glossary/term/problem","definitions":[{"text":"Difficulty, uncertainty, or otherwise realized and undesirable event, set of events, condition, or situation that requires investigation and corrective action.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Problematic Data Action","link":"https://csrc.nist.gov/glossary/term/problematic_data_action","definitions":[{"text":"A data action that causes an adverse effect, or problem, for individuals.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]},{"text":"A system operation that processes PII through the information lifecycle and as a side effect causes individuals to experience some type of problem(s).","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]},{"text":"A data action that could cause an adverse effect for individuals","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]},{"text":"NIST SP 1800-30B","link":"https://doi.org/10.6028/NIST.SP.1800-30","refSources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]}]},{"term":"process","link":"https://csrc.nist.gov/glossary/term/process","definitions":[{"text":"Set of interrelated or interacting activities that use inputs to deliver an intended result.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]},{"text":"An executing program.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Process "}]},{"text":"set of interrelated or interacting activities which transforms inputs into outputs","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","refSources":[{"text":"ISO/IEC 27000:2014"}]}]},{"text":"Set of interrelated or interacting activities which transforms inputs into outputs. \nA program in execution.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]}]},{"text":"Set of interrelated or interacting activities which transforms inputs into outputs.\nA program in execution.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]}]}]},{"term":"Process Access Control","link":"https://csrc.nist.gov/glossary/term/process_access_control","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"Process Control System","link":"https://csrc.nist.gov/glossary/term/process_control_system","abbrSyn":[{"text":"PCS","link":"https://csrc.nist.gov/glossary/term/pcs"}],"definitions":null},{"term":"Process Hazard Analysis","link":"https://csrc.nist.gov/glossary/term/process_hazard_analysis","abbrSyn":[{"text":"PHA","link":"https://csrc.nist.gov/glossary/term/pha"}],"definitions":null},{"term":"process hijacking","link":"https://csrc.nist.gov/glossary/term/process_hijacking","definitions":[{"text":"A process checkpoint and migration technique that uses dynamic program re-writing techniques to add a checkpointing capability to a running program. Process hijacking makes it possible to checkpoint and migrate proprietary applications that cannot be re-linked with a checkpoint library allowing dynamic hand off of an ordinary running process to a distributed resource management system (e.g., the ability to trick or bypass the firewall allowing the server component to take over processes and gain rights for accessing the internet).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Process ID","link":"https://csrc.nist.gov/glossary/term/process_id","abbrSyn":[{"text":"PID","link":"https://csrc.nist.gov/glossary/term/pid"}],"definitions":null},{"term":"Process Information","link":"https://csrc.nist.gov/glossary/term/process_information","abbrSyn":[{"text":"PI","link":"https://csrc.nist.gov/glossary/term/pi"}],"definitions":null},{"term":"Process Manager 2","link":"https://csrc.nist.gov/glossary/term/process_manager_2","abbrSyn":[{"text":"PM2","link":"https://csrc.nist.gov/glossary/term/pm2"}],"definitions":null},{"term":"process outcome","link":"https://csrc.nist.gov/glossary/term/process_outcome","definitions":[{"text":"Observable result of the successful achievement of the process purpose.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 12207"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 12207:2017"}]}]}]},{"term":"process purpose","link":"https://csrc.nist.gov/glossary/term/process_purpose","definitions":[{"text":"High-level objective of performing the process and the likely outcomes of effective implementation of the process.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Process Safety Shutdown","link":"https://csrc.nist.gov/glossary/term/process_safety_shutdown","abbrSyn":[{"text":"PSS","link":"https://csrc.nist.gov/glossary/term/pss"}],"definitions":null},{"term":"process step","link":"https://csrc.nist.gov/glossary/term/process_step","definitions":[{"text":"A reference to one of the 6 steps in the ISCM process defined in NIST SP 800-137.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"text":"A reference to one of the 6 steps in the ISCM process defined in SP 800-137.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"processing","link":"https://csrc.nist.gov/glossary/term/processing","definitions":[{"text":"Operation or set of operations performed upon PII that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of PII.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Processing ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Processing ","refSources":[{"text":"ISO/IEC 29100:2011 (E)","link":"https://www.iso.org/standard/45123.html"}]}]},{"text":"Per NISTIR8062: Operation or set of operations performed upon PII that can include, but is not limited to, the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of PII.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Processing ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"Operation or set of operations performed upon PII that can include but is not limited to the collection, retention, logging, generation, transformation, use, disclosure, transfer, and disposal of PII.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062"}]}]},{"text":"See Data Processing.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020","underTerm":" under Processing "}]}]},{"term":"Processor Element","link":"https://csrc.nist.gov/glossary/term/processor_element","abbrSyn":[{"text":"PE","link":"https://csrc.nist.gov/glossary/term/pe"}],"definitions":null},{"term":"Processor Resource/System Manager","link":"https://csrc.nist.gov/glossary/term/processor_resource_system_manager","abbrSyn":[{"text":"PR/SM","link":"https://csrc.nist.gov/glossary/term/pr_sm"}],"definitions":null},{"term":"product","link":"https://csrc.nist.gov/glossary/term/product","definitions":[{"text":"Result of a process.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]},{"text":"Part of the equipment (hardware, software and materials) for which usability is to be specified or evaluated.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under Product ","refSources":[{"text":"ISO 9241-11:1998"}]}]},{"text":"A complete set of computer programs, procedures and associated documentation and data designed for delivery to a software consumer.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Product ","refSources":[{"text":"ISO/IEC 19770-2"}]}]},{"text":"A software application that has one or more capabilities.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under Product "}]},{"text":"Result of a process. \nNote: A system as a “product” is what is delivered by systems engineering.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]}]},{"text":"Result of a process.\nNote: A system as a “product” is what is delivered by systems engineering.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]}]}]},{"term":"Product Category","link":"https://csrc.nist.gov/glossary/term/product_category","definitions":[{"text":"The main product category of the IT product (e.g., firewall, IDS, operating system, web server).","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"product compliant list (PCL)","link":"https://csrc.nist.gov/glossary/term/product_compliant_list","abbrSyn":[{"text":"PCL","link":"https://csrc.nist.gov/glossary/term/pcl"}],"definitions":[{"text":"The list of information assurance (IA) and IA-enabled products evaluated and validated pursuant to the NIAP program.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 11","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm","note":" - Adapted"}]}]}]},{"term":"Product Component Host","link":"https://csrc.nist.gov/glossary/term/product_component_host","definitions":[{"text":"The organization, individual, and/or system that hosts the product component. Product component hosts may provide support for or supersede the need to test criteria since they are expected to implement, control, and verify the criteria.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"product cybersecurity capability","link":"https://csrc.nist.gov/glossary/term/product_cybersecurity_capability","definitions":[{"text":"Cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software).","sources":[{"text":"NISTIR 8425","link":"https://doi.org/10.6028/NIST.IR.8425","refSources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259"}]}]}]},{"term":"Product Output","link":"https://csrc.nist.gov/glossary/term/product_output","definitions":[{"text":"Information produced by a product. This includes the product user interface, human-readable reports, and machine-readable reports. Unless otherwise indicated by a specific requirement, there are no constraints on the format. When this output is evaluated in a test procedure, either all or specific forms of output will be sampled as indicated by the test procedure.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"product owner","link":"https://csrc.nist.gov/glossary/term/product_owner","definitions":[{"text":"Person or organization responsible for the development, modification, operation, and/or final disposition of software or hardware used in an information system.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Product Security Incident Response Team","link":"https://csrc.nist.gov/glossary/term/product_security_incident_response_team","abbrSyn":[{"text":"PSIRT","link":"https://csrc.nist.gov/glossary/term/psirt"}],"definitions":null},{"term":"product source node (PSN)","link":"https://csrc.nist.gov/glossary/term/product_source_node","abbrSyn":[{"text":"PSN","link":"https://csrc.nist.gov/glossary/term/psn"}],"definitions":[{"text":"The Key Management Infrastructure core node that provides central generation of cryptographic key material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Profile augmentations","link":"https://csrc.nist.gov/glossary/term/profile_augmentations","definitions":[{"text":"The properties or characteristics that are recommended, but not required, by this Profile for FCKMSs.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Profile features","link":"https://csrc.nist.gov/glossary/term/profile_features","definitions":[{"text":"The properties or characteristics that could be used by FCKMSs, but are not required or recommended by this Profile.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Profile requirements","link":"https://csrc.nist.gov/glossary/term/profile_requirements","definitions":[{"text":"The properties or characteristics that shall be exhibited in FCKMSs in order to conform to, or comply with, this Profile.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"profiling","link":"https://csrc.nist.gov/glossary/term/profiling","definitions":[{"text":"Measuring the characteristics of expected activity so that changes to it can be more easily identified.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2"}]},{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Profiling "}]}]},{"term":"Prognostics and Health Management for Reliable Operations in Smart Manufacturing","link":"https://csrc.nist.gov/glossary/term/prognostics_health_mgmt_for_reliable_ops_in_smart_mfg","abbrSyn":[{"text":"PHM4SM","link":"https://csrc.nist.gov/glossary/term/phm4sm"}],"definitions":null},{"term":"Program Management","link":"https://csrc.nist.gov/glossary/term/program_management","abbrSyn":[{"text":"PM","link":"https://csrc.nist.gov/glossary/term/pm"}],"definitions":null},{"term":"Program Management Office","link":"https://csrc.nist.gov/glossary/term/program_management_office","abbrSyn":[{"text":"PMO","link":"https://csrc.nist.gov/glossary/term/pmo"}],"definitions":null},{"term":"program manager","link":"https://csrc.nist.gov/glossary/term/program_manager","abbrSyn":[{"text":"system owner","link":"https://csrc.nist.gov/glossary/term/system_owner"}],"definitions":[{"text":"Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under system owner "},{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B","underTerm":" under system owner "},{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216","underTerm":" under system owner "}]}]},{"term":"Program Organizational Unit","link":"https://csrc.nist.gov/glossary/term/program_organizational_unit","abbrSyn":[{"text":"POU","link":"https://csrc.nist.gov/glossary/term/pou"}],"definitions":null},{"term":"Program Review for Information Security Management Assistance","link":"https://csrc.nist.gov/glossary/term/program_review_for_information_security_management_assistance","abbrSyn":[{"text":"PRISMA","link":"https://csrc.nist.gov/glossary/term/prisma"}],"definitions":null},{"term":"Programmable Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/programmable_read_only_memory","abbrSyn":[{"text":"PROM","link":"https://csrc.nist.gov/glossary/term/prom"}],"definitions":null},{"term":"project","link":"https://csrc.nist.gov/glossary/term/project","definitions":[{"text":"Endeavor with defined start and finish criteria undertaken to create a product or service in accordance with specified resources and requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Project 25","link":"https://csrc.nist.gov/glossary/term/project_25","abbrSyn":[{"text":"P25","link":"https://csrc.nist.gov/glossary/term/p25"}],"definitions":null},{"term":"Project Committee","link":"https://csrc.nist.gov/glossary/term/project_committee","abbrSyn":[{"text":"PC","link":"https://csrc.nist.gov/glossary/term/pc"}],"definitions":null},{"term":"Project Management","link":"https://csrc.nist.gov/glossary/term/project_management","abbrSyn":[{"text":"PM","link":"https://csrc.nist.gov/glossary/term/pm"}],"definitions":null},{"term":"PROM","link":"https://csrc.nist.gov/glossary/term/prom","abbrSyn":[{"text":"Programmable Read Only Memory"},{"text":"Programmable Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/programmable_read_only_memory"}],"definitions":null},{"term":"Proof Key for Code Exchange","link":"https://csrc.nist.gov/glossary/term/proof_key_for_code_exchange","abbrSyn":[{"text":"PKCE","link":"https://csrc.nist.gov/glossary/term/pkce"}],"definitions":null},{"term":"Proof of Elapsed Time","link":"https://csrc.nist.gov/glossary/term/proof_of_elapsed_time","abbrSyn":[{"text":"PoET","link":"https://csrc.nist.gov/glossary/term/poet"}],"definitions":null},{"term":"Proof of possession (POP)","link":"https://csrc.nist.gov/glossary/term/proof_of_possession","abbrSyn":[{"text":"POP","link":"https://csrc.nist.gov/glossary/term/pop"}],"definitions":[{"text":"A verification process whereby assurance is obtained that the owner of a key pair actually has the private key associated with the public key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Proof of Stake","link":"https://csrc.nist.gov/glossary/term/proof_of_stake","abbrSyn":[{"text":"PoS","link":"https://csrc.nist.gov/glossary/term/pos"}],"definitions":null},{"term":"Proof of stake consensus model","link":"https://csrc.nist.gov/glossary/term/proof_of_stake_consensus_model","definitions":[{"text":"A consensus model where the blockchain network is secured by users locking an amount of cryptocurrency into the blockchain network, a process called staking. Participants with more stake in the system are more likely to want it to succeed and to not be subverted, which gives them more weight during consensus.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Proof of Work","link":"https://csrc.nist.gov/glossary/term/proof_of_work","abbrSyn":[{"text":"PoW","link":"https://csrc.nist.gov/glossary/term/pow"}],"definitions":null},{"term":"Proof of work consensus model","link":"https://csrc.nist.gov/glossary/term/proof_of_work_consensus_model","definitions":[{"text":"A consensus model where a publishing node wins the right to publish the next block by expending time, energy, and computational cycles to solve a hard-to-solve, but easy-to-verify problem (e.g., finding the nonce which, when combined with the data to be added to the block, will result in a specific output pattern).","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"proper working state","link":"https://csrc.nist.gov/glossary/term/proper_working_state","definitions":[{"text":"A condition in which the device or system contains no compromised internal components or data fields (e.g., data stored to memory) and from which the device or system can recognize and process valid input signals and output valid PNT solutions. An initial pre-deployment configuration is a basic example. The accuracy of the immediate PNT solution is not specified in this definition, as it will depend on the specifics of the device or system’s performance and the degradation allowed by different resilience levels.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf"}]}]}]},{"term":"Property List","link":"https://csrc.nist.gov/glossary/term/property_list","abbrSyn":[{"text":"PLIST","link":"https://csrc.nist.gov/glossary/term/plist"}],"definitions":null},{"term":"Property Management System","link":"https://csrc.nist.gov/glossary/term/property_management_system","abbrSyn":[{"text":"PMS","link":"https://csrc.nist.gov/glossary/term/pms"}],"definitions":null},{"term":"PROPIN","link":"https://csrc.nist.gov/glossary/term/propin","abbrSyn":[{"text":"Proprietary Information"}],"definitions":null},{"term":"Proportional Integral Derivative","link":"https://csrc.nist.gov/glossary/term/proportional_integral_derivative","abbrSyn":[{"text":"PID","link":"https://csrc.nist.gov/glossary/term/pid"}],"definitions":null},{"term":"Proprietary Identifier Extension","link":"https://csrc.nist.gov/glossary/term/proprietary_identifier_extension","abbrSyn":[{"text":"PIX","link":"https://csrc.nist.gov/glossary/term/pix"}],"definitions":null},{"term":"proprietary information (PROPIN)","link":"https://csrc.nist.gov/glossary/term/proprietary_information","abbrSyn":[{"text":"PROPIN","link":"https://csrc.nist.gov/glossary/term/propin"}],"definitions":[{"text":"Material and information relating to or associated with a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know- how that has been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the Government or to the public without restriction from another source.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"proscribed information","link":"https://csrc.nist.gov/glossary/term/proscribed_information","definitions":[{"text":" Top Secret (TS) information, COMSEC information excluding controlled cryptographic items when unkeyed and utilized with unclassified keys, restricted data (RD), special access program (SAP) information, or sensitive compartmented information (SCI).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDM 5220.22 Vol. 3","link":"https://www.esd.whs.mil/Directives/issuances/dodm/"}]}]}]},{"term":"ProSe","link":"https://csrc.nist.gov/glossary/term/prose","abbrSyn":[{"text":"Proximity Services","link":"https://csrc.nist.gov/glossary/term/proximity_services"}],"definitions":null},{"term":"Prose Checklist","link":"https://csrc.nist.gov/glossary/term/prose_checklist","definitions":[{"text":"A checklist that provides a narrative descriptions of how a person can manually alter a product’s configuration.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"PRoT","link":"https://csrc.nist.gov/glossary/term/prot","abbrSyn":[{"text":"Platform Root of Trust","link":"https://csrc.nist.gov/glossary/term/platform_root_of_trust"}],"definitions":null},{"term":"Protect","link":"https://csrc.nist.gov/glossary/term/protect","abbrSyn":[{"text":"PR","link":"https://csrc.nist.gov/glossary/term/pr"}],"definitions":null},{"term":"protect (CSF function)","link":"https://csrc.nist.gov/glossary/term/protect_csf","abbrSyn":[{"text":"PR","link":"https://csrc.nist.gov/glossary/term/pr"}],"definitions":[{"text":"Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Protect (function) "}]}]},{"term":"Protect, Access Control","link":"https://csrc.nist.gov/glossary/term/protect_access_control","abbrSyn":[{"text":"PR.AC","link":"https://csrc.nist.gov/glossary/term/pr_ac"}],"definitions":null},{"term":"Protect, Awareness and Training","link":"https://csrc.nist.gov/glossary/term/protect_awareness_and_training","abbrSyn":[{"text":"PR.AT","link":"https://csrc.nist.gov/glossary/term/pr_at"}],"definitions":null},{"term":"Protect, Data Security","link":"https://csrc.nist.gov/glossary/term/protect_data_security","abbrSyn":[{"text":"PR.DS","link":"https://csrc.nist.gov/glossary/term/pr_ds"}],"definitions":null},{"term":"Protect, Protective Technology","link":"https://csrc.nist.gov/glossary/term/protect_protective_technology","abbrSyn":[{"text":"PR.PT","link":"https://csrc.nist.gov/glossary/term/pr_pt"}],"definitions":null},{"term":"Protected Access Credential","link":"https://csrc.nist.gov/glossary/term/protected_access_credential","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"protected distribution system (PDS)","link":"https://csrc.nist.gov/glossary/term/protected_distribution_system","abbrSyn":[{"text":"PDS","link":"https://csrc.nist.gov/glossary/term/pds"}],"definitions":[{"text":"Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information through an area of lesser classification or control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"},{"text":"NSA/CSS Policy 3-12"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under protected distribution system ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Protected EAP","link":"https://csrc.nist.gov/glossary/term/protected_eap","abbrSyn":[{"text":"PEAP","link":"https://csrc.nist.gov/glossary/term/peap"}],"definitions":null},{"term":"Protected Execution Facility","link":"https://csrc.nist.gov/glossary/term/protected_execution_facility","abbrSyn":[{"text":"PEF","link":"https://csrc.nist.gov/glossary/term/pef"}],"definitions":null},{"term":"Protected Extensible Authentication Protocol","link":"https://csrc.nist.gov/glossary/term/protected_extensible_authentication_protocol","abbrSyn":[{"text":"PEAP","link":"https://csrc.nist.gov/glossary/term/peap"}],"definitions":null},{"term":"Protected Management Frame(s)","link":"https://csrc.nist.gov/glossary/term/protected_management_frame","abbrSyn":[{"text":"PMF","link":"https://csrc.nist.gov/glossary/term/pmf"}],"definitions":null},{"term":"Protected Mode","link":"https://csrc.nist.gov/glossary/term/protected_mode","definitions":[{"text":"An operational mode found in x86-compatible processors with hardware support for memory protection, virtual memory, and multitasking.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"}]}]},{"term":"Protected Session","link":"https://csrc.nist.gov/glossary/term/protected_session","definitions":[{"text":"A session established on an authenticated protected channel.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A session wherein messages between two participants are encrypted and integrity is protected using a set of shared secrets called session keys.\nA participant is said to be authenticated if, during the session, they prove possession of one or more authenticators in addition to the session keys, and if the other party can verify the identity associated with the authenticator(s). If both participants are authenticated, the protected session is said to be mutually authenticated.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A session wherein messages between two participants are encrypted and integrity is protected using a set of shared secrets called session keys. \nA participant is said to be authenticated if, during the session, they prove possession of one or more authenticators in addition to the session keys, and if the other party can verify the identity associated with the authenticator(s). If both participants are authenticated, the protected session is said to be mutually authenticated.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A session wherein messages between two participants are encrypted and integrity is protected using a set of shared secrets called session keys. \nA participant is said to be authenticated if, during the session, he, she or it proves possession of a long term token in addition to the session keys, and if the other party can verify the identity associated with that token. If both participants are authenticated, the protected session is said to be mutually authenticated.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Protected Storage","link":"https://csrc.nist.gov/glossary/term/protected_storage","abbrSyn":[{"text":"PS","link":"https://csrc.nist.gov/glossary/term/ps"}],"definitions":null},{"term":"protection","link":"https://csrc.nist.gov/glossary/term/protection","definitions":[{"text":"In the context of systems security engineering, a control objective that applies across all types of asset types and the corresponding consequences of loss. A system protection capability is a system control objective and a system design problem. The solution to the problem is optimized through a balanced proactive strategy and a reactive strategy that is not limited to prevention. The strategy also encompasses avoiding asset loss and consequences; detecting asset loss and consequences; minimizing (i.e., limiting, containing, restricting) asset loss and consequences; responding to asset loss and consequences; recovering from asset loss and consequences; and forecasting or predicting asset loss and consequences.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]}]},{"term":"Protection Bits","link":"https://csrc.nist.gov/glossary/term/protection_bits","definitions":[{"text":"A mechanism commonly included in UNIX and UNIX-like systems that controls access based on bits specifying read, write, or execute permissions for a file’s (or directory’s) owner, group, or other(world).","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Protection in Transit","link":"https://csrc.nist.gov/glossary/term/protection_in_transit","abbrSyn":[{"text":"PIT","link":"https://csrc.nist.gov/glossary/term/pit"}],"definitions":null},{"term":"protection needs","link":"https://csrc.nist.gov/glossary/term/protection_needs","definitions":[{"text":"Informal statement or expression of the stakeholder security requirements focused on protecting information, systems, and services associated with mission and business functions throughout the system life cycle.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Informal statement or expression of the stakeholder security requirements focused on protecting information, systems, and services associated with mission/business functions throughout the system life cycle. \nNote: Requirements elicitation and security analyses transform the protection needs into a formalized statement of stakeholder security requirements that are managed as part of the validated stakeholder requirements baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"Informal statement or expression of the stakeholder security requirements focused on protecting information, systems, and services associated with mission/business functions throughout the system life cycle.\nNote: Requirements elicitation and security analyses transform the protection needs into a formalized statement of stakeholder security requirements that are managed as part of the validated stakeholder requirements baseline.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"protection philosophy","link":"https://csrc.nist.gov/glossary/term/protection_philosophy","definitions":[{"text":"Informal description of the overall design of an information system delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"protection profile","link":"https://csrc.nist.gov/glossary/term/protection_profile","abbrSyn":[{"text":"PP","link":"https://csrc.nist.gov/glossary/term/pp"}],"definitions":[{"text":"A minimal, baseline set of requirements targeted at mitigating well defined and described threats. The term Protection Profile refers to NSA/NIAP requirements for a technology and does not imply or require the use of Common Criteria as the process for evaluating a product. Protection Profiles may be created by Technical Communities and will include: \n- a set of technology-specific threats derived from operational knowledge and technical expertise; \n- a set of core functional requirements necessary to mitigate those threats and establish a basic level of security for a particular technology; and, \n- a collection of assurance activities tailored to the technology and functional requirements that are transparent, and produce achievable, repeatable, and testable results scoped such that they can be completed within a reasonable timeframe.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 11","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Protective Distribution System","link":"https://csrc.nist.gov/glossary/term/protective_distribution_system","definitions":[{"text":"Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"}]}]},{"term":"protective packaging","link":"https://csrc.nist.gov/glossary/term/protective_packaging","definitions":[{"text":"Packaging techniques for COMSEC material that discourage penetration, reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"protective technologies","link":"https://csrc.nist.gov/glossary/term/protective_technologies","definitions":[{"text":"Special tamper-evident features and materials employed for the purpose of detecting, tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Protect-P (Function)","link":"https://csrc.nist.gov/glossary/term/protect_pf","definitions":[{"text":"Develop and implement appropriate data processing safeguards.","sources":[{"text":"NIST Privacy Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.01162020"}]}]},{"term":"Protocol and Parameters Selection","link":"https://csrc.nist.gov/glossary/term/protocol_and_parameters_selection","abbrSyn":[{"text":"PPS","link":"https://csrc.nist.gov/glossary/term/pps"}],"definitions":null},{"term":"Provable prime","link":"https://csrc.nist.gov/glossary/term/provable_prime","definitions":[{"text":"An integer that is either constructed to be prime or is demonstrated to be prime using a primality-proving algorithm.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"Provider","link":"https://csrc.nist.gov/glossary/term/provider","definitions":[{"text":"The entity (person or organization) that provides an appropriate agent, referred to as the “provider agent” to implement a particular Web service. It will use the provider agent to exchange messages with the requester’s requester agent. “Provider” is also used as a shorthand to refer to the provider agent acting on the provider’s behalf.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Architecture - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-arch/"}]}]},{"text":"A party that provides (1) a public key (e.g., in a certificate); (2) assurance, such as an assurance of the validity of a candidate public key or assurance of possession of the private key associated with a public key; or (3) key confirmation. Contrast with recipient.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Proximity Services","link":"https://csrc.nist.gov/glossary/term/proximity_services","abbrSyn":[{"text":"ProSe","link":"https://csrc.nist.gov/glossary/term/prose"}],"definitions":null},{"term":"proxy","link":"https://csrc.nist.gov/glossary/term/proxy","definitions":[{"text":"An application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. \nNote: This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a hyper text transfer protocol (HTTP) proxy used for Web access, and a simple mail transfer protocol (SMTP) proxy used for e-mail.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}]},{"text":"An agent that acts on behalf of a requester to relay a message between a requester agent and a provider agent. The proxy appears to the provider agent Web service to be the requester.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Proxy ","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"An intermediary device or program that provides communication and other services between a client and server.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Proxy "}]},{"text":"A proxy is an application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network, processes it, and forwards it. This effectively closes the straight path between the internal and external networks, making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a Hypertext Transfer Protocol (HTTP) proxy used for Web access and a Simple Mail Transfer Protocol (SMTP) proxy used for e-mail.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Proxy "}]},{"text":"Software that receives a request from a client, then sends a request on the client’s behalf to the desired destination.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Proxy "}]}]},{"term":"proxy agent","link":"https://csrc.nist.gov/glossary/term/proxy_agent","definitions":[{"text":"A software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it between the interfaces of the device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Proxy Auto Config","link":"https://csrc.nist.gov/glossary/term/proxy_auto_config","abbrSyn":[{"text":"PAC","link":"https://csrc.nist.gov/glossary/term/pac"}],"definitions":null},{"term":"proxy server","link":"https://csrc.nist.gov/glossary/term/proxy_server","definitions":[{"text":"A server that services the requests of its clients by forwarding those requests to other servers.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Proxy Server ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"PRP","link":"https://csrc.nist.gov/glossary/term/prp","abbrSyn":[{"text":"Parallel Redundancy Protocol","link":"https://csrc.nist.gov/glossary/term/parallel_redundancy_protocol"},{"text":"Policy Retrieval Point","link":"https://csrc.nist.gov/glossary/term/policy_retrieval_point"},{"text":"Pseudo-Random Permutation","link":"https://csrc.nist.gov/glossary/term/pseudo_random_permutation"}],"definitions":null},{"term":"PRSN","link":"https://csrc.nist.gov/glossary/term/prsn","abbrSyn":[{"text":"Primary Services Node"}],"definitions":null},{"term":"PS","link":"https://csrc.nist.gov/glossary/term/ps","abbrSyn":[{"text":"personnel security","link":"https://csrc.nist.gov/glossary/term/personnel_security"},{"text":"Personnel Security"},{"text":"Physical Security","link":"https://csrc.nist.gov/glossary/term/physical_security"},{"text":"Protected Storage","link":"https://csrc.nist.gov/glossary/term/protected_storage"}],"definitions":[{"text":"The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities requiring trustworthiness.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under personnel security ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under personnel security ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under personnel security ","refSources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under personnel security ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"The discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities that require trustworthiness.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under personnel security "}]}]},{"term":"PSA","link":"https://csrc.nist.gov/glossary/term/psa","abbrSyn":[{"text":"Platform Security Architecture","link":"https://csrc.nist.gov/glossary/term/platform_security_architecture"}],"definitions":null},{"term":"PSAC","link":"https://csrc.nist.gov/glossary/term/psac","abbrSyn":[{"text":"Public Safety Advisory Committee","link":"https://csrc.nist.gov/glossary/term/public_safety_advisory_committee"}],"definitions":null},{"term":"PSAP","link":"https://csrc.nist.gov/glossary/term/psap","abbrSyn":[{"text":"Public Safety Access Point","link":"https://csrc.nist.gov/glossary/term/public_safety_access_point"}],"definitions":null},{"term":"PSC","link":"https://csrc.nist.gov/glossary/term/psc","abbrSyn":[{"text":"Platform Services Controller","link":"https://csrc.nist.gov/glossary/term/platform_services_controller"}],"definitions":null},{"term":"PSCCC","link":"https://csrc.nist.gov/glossary/term/psccc","abbrSyn":[{"text":"IEEE Power System Communications and Cybersecurity","link":"https://csrc.nist.gov/glossary/term/ieee_power_system_comms_and_cybersecurity"}],"definitions":null},{"term":"PSCP","link":"https://csrc.nist.gov/glossary/term/pscp","abbrSyn":[{"text":"PuTTY Secure Copy Protocol","link":"https://csrc.nist.gov/glossary/term/putty_secure_copy_protocol"}],"definitions":null},{"term":"PSCR","link":"https://csrc.nist.gov/glossary/term/pscr","abbrSyn":[{"text":"Public Safety Communications Research","link":"https://csrc.nist.gov/glossary/term/public_safety_communications_research"},{"text":"Public Safety Communications Research Division","link":"https://csrc.nist.gov/glossary/term/public_safety_communications_research_division"}],"definitions":null},{"term":"Pseudonymity","link":"https://csrc.nist.gov/glossary/term/pseudonymity","definitions":[{"text":"The use of a pseudonym to identify a subject.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Pseudonymous Identifier","link":"https://csrc.nist.gov/glossary/term/pseudonymous_identifier","definitions":[{"text":"An opaque unguessable subscriber identifier generated by a CSP for use at a specific individual RP. This identifier is only known to and only used by one CSP-RP pair.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A meaningless but unique number that does not allow the RP to infer anything regarding the subscriber but which does permit the RP to associate multiple interactions with the subscriber’s claimed identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Pseudorandom","link":"https://csrc.nist.gov/glossary/term/pseudorandom","definitions":[{"text":"A process or data produced by a process is said to be pseudorandom when the outcome is deterministic yet also effectively random as long as the internal action of the process is hidden from observation. For cryptographic purposes, “effectively random” means “computationally indistinguishable from random within the limits of the intended security strength.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"A process (or data produced by a process) is said to be pseudorandom when the outcome is deterministic, yet also effectively random, as long as the internal action of the process is hidden from observation. For cryptographic purposes, “effectively” means “within the limits of the intended cryptographic strength.”","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A deterministic process (or data produced by such a process) whose output values are effectively indistinguishable from those of a random process as long as the internal states and internal actions of the process are unknown. For cryptographic purposes, “effectively indistinguishable” means “not within the computational limits established by the intended security strength.”","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Pseudorandom function (PRF)","link":"https://csrc.nist.gov/glossary/term/pseudorandom_function","abbrSyn":[{"text":"PRF","link":"https://csrc.nist.gov/glossary/term/prf"}],"definitions":[{"text":"An indexed family of (efficiently computable) functions, each defined for the same input and output spaces. (For the purposes of this Recommendation, one may assume that both the index set and the output space are finite.) If a function from the family is selected by choosing an index value uniformly at random, and one’s knowledge of the selected function is limited to the output values corresponding to a feasible number of (adaptively) chosen input values, then the selected function is computationally indistinguishable from a function whose outputs were fixed uniformly at random.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]","underTerm":" under pseudorandom function "}]},{"text":"A function that can be used to generate output from a random seed and a data variable such that the output is computationally indistinguishable from truly random output.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Pseudorandom function "}]},{"text":"Pseudorandom Function.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under PRF "},{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under PRF "}]},{"text":"A function that can be used to generate output from a random seed and a data variable, such that the output is computationally indistinguishable from truly random output.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]},{"text":"A function that can be used to generate output from a random seed such that the output is computationally indistinguishable from truly random output.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under Pseudorandom Function (PRF) "}]},{"text":"A function that can be used to generate output from a secret random seed and a data variable, such that the output is computationally indistinguishable from truly random output. In this Recommendation, an approved message authentication code (MAC) is used as a pseudorandom function in the key expansion step, where a key derivation key is used as the secret random seed.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Pseudorandom function "}]}]},{"term":"Pseudorandom function family","link":"https://csrc.nist.gov/glossary/term/pseudorandom_function_family","definitions":[{"text":"

An indexed family of (efficiently computable) functions, each defined for the same particular pair of input and output spaces. (For the purposes of this Recommendation, one may assume that both the index set and the output space are finite.) The indexed functions are pseudorandom in the following sense:

If a function from the family is selected by choosing an index value uniformly at random, and one’s knowledge of the selected function is limited to the output values corresponding to a feasible number of (adaptively) chosen input values, then the selected function is computationally indistinguishable from a function whose outputs were fixed uniformly at random.

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]}]},{"term":"Pseudorandom key","link":"https://csrc.nist.gov/glossary/term/pseudorandom_key","definitions":[{"text":"As used in this Recommendation, a binary string that is taken from the output of a PRF.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]}]},{"term":"pseudorandom number generator","link":"https://csrc.nist.gov/glossary/term/pseudorandom_number_generator","abbrSyn":[{"text":"Deterministic Random Bit Generator","link":"https://csrc.nist.gov/glossary/term/deterministic_random_bit_generator"},{"text":"Deterministic random bit generator (DRBG)"},{"text":"PRNG","link":"https://csrc.nist.gov/glossary/term/prng"}],"definitions":[{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a randomness source. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator. Contrast with NRBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Deterministic Random Bit Generator "}]},{"text":"An RBG that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Deterministic Random Bit Generator "}]},{"text":"A deterministic computational process that has one or more inputs called \"seeds\", and it outputs a sequence of values that appears to be random according to specified statistical tests. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949","note":" - Adapted"}]}]},{"text":"A deterministic algorithm which, given a truly random binary sequence of length k, outputs a binary sequence of length l >> k which appears to be random. The input to the generator is called the seed, while the output is called a pseudorandom bit sequence.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Pseudorandom Number Generator (PRNG) "}]},{"text":"See Deterministic random bit generator (DRBG).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Pseudorandom number generator (PRNG) "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Pseudorandom number generator (PRNG) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Pseudorandom number generator (PRNG) "}]},{"text":"See Deterministic Random Bit Generator.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Pseudorandom Number Generator "}]},{"text":"A random bit generator that includes a DRBG algorithm and (at least initially) has access to a source of randomness. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A cryptographic DRBG has the additional property that the output is unpredictable, given that the seed is not known. A DRBG is sometimes also called a Pseudo-random Number Generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Deterministic random bit generator (DRBG) "}]},{"text":"A random bit generator that includes a DRBG algorithm and (at least initially) has access to a source of randomness. The DRBG produces a sequence of bits from a secret initial value called a seed. A cryptographic DRBG has the additional property that the output is unpredictable given that the seed is not known. A DRBG is sometimes also called a pseudo-random number generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Deterministic random bit generator (DRBG) "}]},{"text":"An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the DRBG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic DRBG has the additional property that the output is unpredictable, given that the seed is not known. A DRBG is sometimes also called a Pseudo Random Number Generator (PRNG) or a deterministic random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Deterministic random bit generator (DRBG) "}]}],"seeAlso":[{"text":"Deterministic Algorithm","link":"deterministic_algorithm"}]},{"term":"Pseudo-Random Permutation","link":"https://csrc.nist.gov/glossary/term/pseudo_random_permutation","abbrSyn":[{"text":"PRP","link":"https://csrc.nist.gov/glossary/term/prp"}],"definitions":null},{"term":"PSFR","link":"https://csrc.nist.gov/glossary/term/psfr","abbrSyn":[{"text":"Public Safety and First Responder","link":"https://csrc.nist.gov/glossary/term/public_safety_and_first_responder"}],"definitions":null},{"term":"PSIRT","link":"https://csrc.nist.gov/glossary/term/psirt","abbrSyn":[{"text":"Product Security Incident Response Team","link":"https://csrc.nist.gov/glossary/term/product_security_incident_response_team"}],"definitions":null},{"term":"PSK","link":"https://csrc.nist.gov/glossary/term/psk","abbrSyn":[{"text":"Pre-shared Key"},{"text":"Pre-Shared Key"}],"definitions":[{"text":"A single secret key used by IPsec endpoints to authenticate endpoints to each other.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1","underTerm":" under Pre-shared Key "}]},{"text":"Single key used by IPsec endpoints to authenticate endpoints to each other.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Pre-Shared Key "}]}]},{"term":"PSN","link":"https://csrc.nist.gov/glossary/term/psn","abbrSyn":[{"text":"Product Source Node"},{"text":"Public Switched Network","link":"https://csrc.nist.gov/glossary/term/public_switched_network"}],"definitions":null},{"term":"PSO","link":"https://csrc.nist.gov/glossary/term/pso","abbrSyn":[{"text":"Public Safety Organization","link":"https://csrc.nist.gov/glossary/term/public_safety_organization"}],"definitions":null},{"term":"PSS","link":"https://csrc.nist.gov/glossary/term/pss","abbrSyn":[{"text":"Probabilistic Signature Scheme","link":"https://csrc.nist.gov/glossary/term/probabilistic_signature_scheme"},{"text":"Process Safety Shutdown","link":"https://csrc.nist.gov/glossary/term/process_safety_shutdown"}],"definitions":null},{"term":"PSTN","link":"https://csrc.nist.gov/glossary/term/pstn","abbrSyn":[{"text":"Public Switched Telephone Network"}],"definitions":null},{"term":"PSX","link":"https://csrc.nist.gov/glossary/term/psx","abbrSyn":[{"text":"Public Safety Experience","link":"https://csrc.nist.gov/glossary/term/public_safety_experience"}],"definitions":null},{"term":"pt","link":"https://csrc.nist.gov/glossary/term/pt","abbrSyn":[{"text":"Point","link":"https://csrc.nist.gov/glossary/term/point"}],"definitions":null},{"term":"PTK","link":"https://csrc.nist.gov/glossary/term/ptk","abbrSyn":[{"text":"Pairwise Transient Key","link":"https://csrc.nist.gov/glossary/term/pairwise_transient_key"}],"definitions":null},{"term":"PTP","link":"https://csrc.nist.gov/glossary/term/ptp","abbrSyn":[{"text":"Precision Time Protocol","link":"https://csrc.nist.gov/glossary/term/precision_time_protocol"}],"definitions":null},{"term":"PTT","link":"https://csrc.nist.gov/glossary/term/ptt","abbrSyn":[{"text":"Push to Talk"},{"text":"Push-To-Talk"}],"definitions":null},{"term":"PUB","link":"https://csrc.nist.gov/glossary/term/pub","abbrSyn":[{"text":"Publication","link":"https://csrc.nist.gov/glossary/term/publication"}],"definitions":null},{"term":"public","link":"https://csrc.nist.gov/glossary/term/public","definitions":[{"text":"Any entity or person who might be impacted by or need to take action for a specific vulnerability; intended to be loosely interpreted.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Public and Private Key","link":"https://csrc.nist.gov/glossary/term/public_and_private_key","definitions":[{"text":"Public and private keys are two very large numbers that (through advanced mathematics) have a unique relationship, whereby information encrypted with one number (key) can only be decrypted with the other number (key) and vice versa. In order to leverage this characteristic for security operations, once two numbers are mathematically selected (generated), one is kept secret (private key) and the other is shared (public key). The holder of the private key can then authenticate themselves to another party who has the public key. \nAlternatively, a public key may be used by one party to send a confidential message to the holder of the corresponding private key. With SSH, the identity key is a private key and authorized keys are public keys.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Public CA","link":"https://csrc.nist.gov/glossary/term/public_ca","definitions":[{"text":"A trusted third party that issues certificates as defined in IETF RFC 5280. A CA is considered public if its root certificate is included in browsers and other applications by the developers of those browsers and applications. The CA/Browser Forum defines the requirements public CAs must follow in their operations.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Public cloud","link":"https://csrc.nist.gov/glossary/term/public_cloud","definitions":[{"text":"The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Public Credentials","link":"https://csrc.nist.gov/glossary/term/public_credentials","definitions":[{"text":"Credentials that describe the binding in a way that does not compromise the authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"Credentials that describe the binding in a way that does not compromise the token. (For more discussion, see Section 7.1.1.)","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"public domain software","link":"https://csrc.nist.gov/glossary/term/public_domain_software","definitions":[{"text":"Software not protected by copyright laws of any nation that may be freely used without permission of or payment to the creator, and that carries no warranties from or liabilities to the creator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Public Information","link":"https://csrc.nist.gov/glossary/term/public_information","definitions":[{"text":"The term 'public information' means any information, regardless of form or format, that an agency discloses, disseminates, or makes available to the public.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","refSources":[{"text":"44 U.S.C., Sec. 3502 (12)","link":"https://www.govinfo.gov/app/details/USCODE-2021-title44/USCODE-2021-title44-chap35-subchapI-sec3502"}]}]},{"text":"Any information, regardless of form or format that an agency discloses, disseminates, or makes available to the public.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"Public Internet Registry","link":"https://csrc.nist.gov/glossary/term/public_internet_registry","abbrSyn":[{"text":"PIR","link":"https://csrc.nist.gov/glossary/term/pir"}],"definitions":null},{"term":"public key","link":"https://csrc.nist.gov/glossary/term/public_key","definitions":[{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm and is associated with a private key. The public key is associated with an owner and may be made public. In the case of digital signatures, the public key is used to verify a digital signature that was generated using the corresponding private key.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Public key "}]},{"text":"A mathematical key that has public availability and that applications use to verify signatures created with its corresponding private key. Depending on the algorithm, public keys can encrypt messages or files that the corresponding private key can decrypt.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that may be made public.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Public Key ","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"},{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Public Key "},{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Public Key "}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that may be made public and is associated with a private key and an entity that is authorized to use that private key. Depending on the algorithm that employs the public key, it may be used to: \n1. Verify a digital signature that is signed by the corresponding private key, \n2. Encrypt data that can be decrypted by the corresponding private key, or \n3. Compute a piece of shared data (i.e., data that is known only by two or more specific entities).","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Public key "}]},{"text":"A cryptographic key used by a public-key (asymmetric) cryptographic algorithm that may be made public.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Public key "}]},{"text":"(1) The key of a signature key pair used to validate a digital signature. (2) The key ofan encryption key pair that is used to encrypt confidential information. In both cases, this key is made publicly available normally in the form of a digital certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Public Key "}]},{"text":"A cryptographic key that may be made public and is used with a public-key cryptographic algorithm. A public key is associated with a private key.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Public key "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Public key "}]},{"text":"The public part of an asymmetric key pair that is used to verify signatures or encrypt data.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Public Key "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Public Key "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Public Key "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Public Key "}]},{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm and is associated with a private key. The public key is associated with an owner and may be made public. In the case of digital signatures, the public key is used to verify a digital signature that was signed by the corresponding private key.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Public key "}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that may be made public and is associated with a private key and an entity that is authorized to use that private key. Depending on the algorithm that employs the public key, it may be used to: 1. Verify a digital signature that is signed by the corresponding private key, 2. Encrypt data that can be decrypted by the corresponding private key, or 3. Compute a piece of shared data (i.e., data that is known only by two or more specific entities).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Public key "}]},{"text":"A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that may be made public. In an asymmetric (public) cryptosystem, the public key is associated with a private key. The public key may be known by anyone and is used to:\n\n1. Verify a digital signature that is signed by the corresponding private key,\n\n2. Encrypt data that can be decrypted by the corresponding private key, or\n\n3. Compute a piece of shared data.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Public key "}]},{"text":"A cryptographic key used with a public-key cryptographic algorithm that is uniquely associated with an entity and that may be made public. The public key has a corresponding private key. The public key may be known by anyone and, depending on the algorithm, may be used: 1. To verify a digital signature that is signed by the corresponding private key, 2. To encrypt keys that can be decrypted using corresponsing private key, or 3. As on of the input values to compute a shared secret during a key agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Public key "}]},{"text":"A cryptographic key, used with a public-key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. In an asymmetric (public) cryptosystem, the public key has a corresponding private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: \n1. Verify a digital signature that is signed by the corresponding private key, \n2. Encrypt keys that can be decrypted using the corresponding private key, or \n3. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Public key "}]},{"text":"A cryptographic key used with a public-key (asymmetric-key) algorithm that is uniquely associated with an entity and that may be made public. In an asymmetric (public) key cryptosystem, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used to 1. Verify a digital signature that is signed by the corresponding private key, 2. Encrypt data that can be decrypted by the corresponding private key, or 3. Compute a shared secret during a key-agreement process.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Public key "}]},{"text":"A cryptographic key used with a public-key cryptographic algorithm that is uniquely associated with an entity and that may be made public. In an asymmetric-key (public-key) cryptosystem, the public key has a corresponding private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: 1. Verify a digital signature that was generated using the corresponding private key, 2. Encrypt keys that can be decrypted using the corresponding private key, or 3. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Public key "}]},{"text":"A cryptographic key used with an asymmetric-key (public-key) cryptographic algorithm that may be made public and is associated with a private key and an entity that is authorized to use that private key. Depending on the algorithm that employs the public key, it may be used to:\n1. Verify a digital signature that is signed by the corresponding private key;\n2. Encrypt data that can be decrypted by the corresponding private key; or\n3. Compute a piece of shared data (i.e., data that is known only by two or more specific entities).","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Public key "}]},{"text":"A cryptographic key, used with a public-key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. In an asymmetric (public) cryptosystem, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: 1. Verify a digital signature that is signed by the corresponding private key, 2. Encrypt keys that can be decrypted using the corresponding private key, or 3. Compute a shared secret during a key-agreement transaction.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Public key "}]}]},{"term":"public key certificate","link":"https://csrc.nist.gov/glossary/term/public_key_certificate","abbrSyn":[{"text":"certificate","link":"https://csrc.nist.gov/glossary/term/certificate"},{"text":"Certificate"}],"definitions":[{"text":"A digital document issued and digitally signed by the private key of a certification authority that binds an identifier to a cardholder through a public key. The certificate indicates that the cardholder identified in the certificate has sole control and access to the private key.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Public Key Certificate ","refSources":[{"text":"RFC 5280","link":"https://doi.org/10.17487/RFC5280","note":" - adapted"}]}]},{"text":"A set of data that uniquely identifies a public key (which has a corresponding private key) and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Certificate "}]},{"text":"A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it. [ABADSG]. As used in this CP, the term “Certificate” refers to certificates that expressly reference the OID of this CP in the “Certificate Policies” field of an X.509 v.3 certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate ","refSources":[{"text":"ABADSG","note":" - plus note"}]}]},{"text":"A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies it’s Subscriber, (3) contains the Subscriber’s public key, (4) identifies it’s operational period, and (5) is digitally signed by the certification authority issuing it.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Certificate ","refSources":[{"text":"ABADSG"}]}]},{"text":"A digital representation of information which at least (1) identifies the certification authority (CA) issuing it, (2) names or identifies its subscriber, (3) contains the subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under certificate ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"},{"text":"CNSSI No. 1300"}]}]},{"text":"See certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key (including an indication of the associated set of domain parameters) and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e. a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Public key certificate "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies a key pair owner that is authorized to use the key pair, contains the owner’s public key and possibly other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Certificate "}]},{"text":"See public-key certificate.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Certificate "}]},{"text":"See public key certificate.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Certificate "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity (e.g., using an X.509 certificate). Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Public key certificate "}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key (including an indication of the associated set of domain parameters) and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e., a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Public-key certificate "},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A digital document issued and digitally signed by the private key of a certificate authority that binds an identifier to a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key. See also Request for Comment 5280.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Public Key Certificate "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Public Key Certificate "}]},{"text":"A digital document issued and digitally signed by the private key of a certificate authority that binds an identifier to a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key. See also RFC 5280.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Public Key Certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Public-key certificate "}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-key certificate"}]}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period. (Certificates in this practice guide are based on IETF RFC 5280).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-Key Certificate"}]}]},{"text":"A set of data that uniquely identifies an entity, contains the entity's public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its validity period. (Certificates in this practice guide are based on IETF RFC 5280.)","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Certificate ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" - under Public-key certificate"}]}]},{"text":"Also known as a digital certificate. A digital representation of information which at least\n1. identifies the certification authority issuing it,\n2. names or identifies its subscriber,\n3. contains the subscriber's public key,\n4. identifies its operational period, and\n5. is digitally signed by the certification authority issuing it.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Certificate "}]},{"text":"A data structure that contains an entity’s identifier(s), the entity's public key and possibly other information, along with a signature on that data set that is generated by a trusted party, i.e. a certificate authority, thereby binding the public key to the included identifier(s).","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Public-key certificate "}]},{"text":"A digital document issued and digitally signed by the private key of a Certificate authority that binds the name of a Subscriber to a public key. The certificate indicates that the Subscriber identified in the certificate has sole control and access to the private key. See also [RFC 5280].","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Public Key Certificate "}]}],"seeAlso":[{"text":"Request for Comment"}]},{"term":"Public Key Certificate Standard","link":"https://csrc.nist.gov/glossary/term/public_key_certificate_standard","abbrSyn":[{"text":"PKCS","link":"https://csrc.nist.gov/glossary/term/pkcs"}],"definitions":null},{"term":"public key cryptographic algorithm","link":"https://csrc.nist.gov/glossary/term/public_key_cryptographic_algorithm","abbrSyn":[{"text":"Asymmetric key algorithm"},{"text":"Asymmetric-key algorithm"}],"definitions":[{"text":"A cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that determining the private key from the public key is computationally infeasible. Also known as a public-key algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Asymmetric-key algorithm "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Asymmetric-key algorithm "}]},{"text":"See Asymmetric-key algorithm.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Public-key algorithm "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Public-key algorithm "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Public-key algorithm "}]},{"text":"A cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that determining the private key from the public key is computationally infeasible.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Public key (asymmetric) cryptographic algorithm "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Public-key (asymmetric) cryptographic algorithm "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Public-key algorithm "}]},{"text":"See Public-key cryptographic algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Asymmetric key algorithm "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Asymmetric-key algorithm "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Asymmetric key algorithm "}]},{"text":"A cryptographic algorithm that uses two related keys: a public key and a private key. The two keys have the property that determining the private key from the public key is computationally infeasible.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Public-key algorithm "},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Public-key (asymmetric) cryptographic algorithm "},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Public key (asymmetric-key) cryptographic algorithm "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Public-key (asymmetric-key) cryptographic algorithm "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Public-key (asymmetric) cryptographic algorithm "}]},{"text":"See Public key cryptographic algorithm.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Asymmetric key algorithm "}]},{"text":"See public-key algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Asymmetric-key algorithm "}]},{"text":"A cryptographic algorithm that uses two related keys: a public key and a private key. The two keys have the property that determining the private key from the public key is computationally infeasible; also known as a public-key algorithm.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Asymmetric-key algorithm "}]}]},{"term":"public key cryptography (PKC)","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography","abbrSyn":[{"text":"asymmetric cryptography","link":"https://csrc.nist.gov/glossary/term/asymmetric_cryptography"},{"text":"Asymmetric-key cryptography","link":"https://csrc.nist.gov/glossary/term/asymmetric_key_cryptography"},{"text":"PKC","link":"https://csrc.nist.gov/glossary/term/pkc"},{"text":"PKE","link":"https://csrc.nist.gov/glossary/term/pke"}],"definitions":[{"text":"Encryption system that uses a public-private key pair for encryption and/or digital signature.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Public Key Cryptography ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"See public key cryptography (PKC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under asymmetric cryptography "}]},{"text":"Cryptography that uses separate keys for encryption and decryption; also known as asymmetric cryptography.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Public Key Cryptography "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Cryptography ","refSources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77"}]}]},{"text":"A form of cryptography that uses two related keys, a public key and a private key; the two keys have the property that, given the public key, it is computationally infeasible to derive the private key. For key establishment, public-key cryptography allows different parties to communicate securely without havng prior access to a secret key that is shared, by using one or more pairs (public key and private key) of cryptographic keys.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Public-key cryptography "}]},{"text":"A cryptographic system where users have a private key that is kept secret and used to generate a public key (which is freely provided to others). Users can digitally sign data with their private key and the resulting signature can be verified by anyone using the corresponding public key. Also known as a Public-key cryptography.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Asymmetric-key cryptography "}]},{"text":"See Asymmetric-key cryptography.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Public key cryptography "}]},{"text":"A form of cryptography that uses two related keys, a public key and a private key; the two keys have the property that, given the public key, it is computationally infeasible to derive the private key. \nFor key establishment, public-key cryptography allows different parties to communicate securely without having prior access to a secret key that is shared, by using one or more pairs (public key and private key) of cryptographic keys.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Public-key cryptography "}]}]},{"term":"Public Key Cryptography Standard","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography_standard","abbrSyn":[{"text":"PKCS","link":"https://csrc.nist.gov/glossary/term/pkcs"}],"definitions":null},{"term":"Public Key Cryptography Standard 1","link":"https://csrc.nist.gov/glossary/term/public_key_cryptography_standard_1","abbrSyn":[{"text":"PKCS1","link":"https://csrc.nist.gov/glossary/term/pkcs1"}],"definitions":null},{"term":"public key enabling (PKE)","link":"https://csrc.nist.gov/glossary/term/public_key_enabling","abbrSyn":[{"text":"PKE","link":"https://csrc.nist.gov/glossary/term/pke"}],"definitions":[{"text":"The incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity, and non-repudiation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"public key infrastructure (PKI)","link":"https://csrc.nist.gov/glossary/term/public_key_infrastructure","abbrSyn":[{"text":"PKI","link":"https://csrc.nist.gov/glossary/term/pki"}],"definitions":[{"text":"A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and the storage of sensitive verification system data within identity cards and the verification system.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. Framework established to issue, maintain, and revoke public key certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under public key infrastructure ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Public Key Infrastructure ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A Framework that is established to issue, maintain, and revoke public key certificates.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"FIPS 186-4","link":"https://doi.org/10.6028/NIST.FIPS.186-4"}]},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. The PKI includes the hierarchy of certificate authorities that allow for the deployment of digital certificates that support encryption, digital signature and authentication to meet business and security requirements.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"},{"text":"OASIS Glossary of Terms","link":"https://www.oasis-open.org/glossary/index.php"}]}]},{"text":"A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Public Key Infrastructure (PKI) "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Public Key Infrastructure (PKI) ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Public Key Infrastructure "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A framework that is established to issue, maintain and revoke public key certificates.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Public Key Infrastructure (PKI) "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Public Key Infrastructure (PKI) "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Public Key Infrastructure (PKI) "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A framework that is established to issue, maintain and revoke public-key certificates.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of enterprise data.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12","underTerm":" under public key infrastructure "}]},{"text":"A framework that is established to issue, maintain, and revoke public-key certificates.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Public Key Infrastructure (PKI) "}]},{"text":"A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Public Key Infrastructure (PKI) "}]}]},{"term":"Public Key Infrastructure X.509—Certificate Management Protocol","link":"https://csrc.nist.gov/glossary/term/public_key_infrastructure_x_509_certificate_management_protocol","abbrSyn":[{"text":"PKIX-CMP","link":"https://csrc.nist.gov/glossary/term/pkix_cmp"}],"definitions":null},{"term":"Public key/public signature verification key","link":"https://csrc.nist.gov/glossary/term/public_key_public_signature_verification_key","definitions":[{"text":"A cryptographic key that is used with an asymmetric (public key) cryptographic algorithm and is associated with a private key. The public key is associated with an owner and may be made public. In the case of digital signatures, the public key is used to verify a digital signature that was signed using the corresponding private key.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"Public Law","link":"https://csrc.nist.gov/glossary/term/public_law","abbrSyn":[{"text":"P.L.","link":"https://csrc.nist.gov/glossary/term/p_l_"},{"text":"PL","link":"https://csrc.nist.gov/glossary/term/pl"}],"definitions":null},{"term":"Public Reviewer","link":"https://csrc.nist.gov/glossary/term/public_reviewer","definitions":[{"text":"A member of the general public who reviews a candidate checklist and sends comments to NIST.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Member of the general public who reviews a candidate checklist and sends comments to NIST.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Public Safety Access Point","link":"https://csrc.nist.gov/glossary/term/public_safety_access_point","abbrSyn":[{"text":"PSAP","link":"https://csrc.nist.gov/glossary/term/psap"}],"definitions":null},{"term":"Public Safety Advisory Committee","link":"https://csrc.nist.gov/glossary/term/public_safety_advisory_committee","abbrSyn":[{"text":"PSAC","link":"https://csrc.nist.gov/glossary/term/psac"}],"definitions":null},{"term":"Public Safety and First Responder","link":"https://csrc.nist.gov/glossary/term/public_safety_and_first_responder","abbrSyn":[{"text":"PSFR","link":"https://csrc.nist.gov/glossary/term/psfr"}],"definitions":null},{"term":"Public Safety Communications Research","link":"https://csrc.nist.gov/glossary/term/public_safety_communications_research","abbrSyn":[{"text":"PSCR","link":"https://csrc.nist.gov/glossary/term/pscr"}],"definitions":null},{"term":"Public Safety Communications Research Division","link":"https://csrc.nist.gov/glossary/term/public_safety_communications_research_division","abbrSyn":[{"text":"PSCR","link":"https://csrc.nist.gov/glossary/term/pscr"}],"definitions":null},{"term":"Public Safety Experience","link":"https://csrc.nist.gov/glossary/term/public_safety_experience","abbrSyn":[{"text":"PSX","link":"https://csrc.nist.gov/glossary/term/psx"}],"definitions":null},{"term":"Public Safety Organization","link":"https://csrc.nist.gov/glossary/term/public_safety_organization","abbrSyn":[{"text":"PSO","link":"https://csrc.nist.gov/glossary/term/pso"}],"definitions":null},{"term":"public seed","link":"https://csrc.nist.gov/glossary/term/public_seed","definitions":[{"text":"A starting value for a pseudorandom number generator. The value produced by the random number generator may be made public. The public seed is often called a “salt”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"salt","link":"salt"}]},{"term":"Public Use File","link":"https://csrc.nist.gov/glossary/term/public_use_file","abbrSyn":[{"text":"PUF","link":"https://csrc.nist.gov/glossary/term/puf"}],"definitions":null},{"term":"Publication","link":"https://csrc.nist.gov/glossary/term/publication","abbrSyn":[{"text":"PUB","link":"https://csrc.nist.gov/glossary/term/pub"}],"definitions":null},{"term":"Public-Key Encryption","link":"https://csrc.nist.gov/glossary/term/public_key_encryption","abbrSyn":[{"text":"PKE","link":"https://csrc.nist.gov/glossary/term/pke"}],"definitions":null},{"term":"Public-key validation","link":"https://csrc.nist.gov/glossary/term/public_key_validation","definitions":[{"text":"The procedure whereby the recipient of a public key checks that the key conforms to the arithmetic requirements for such a key in order to thwart certain types of attacks.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Published Internet Protocol","link":"https://csrc.nist.gov/glossary/term/published_internet_protocol","abbrSyn":[{"text":"PIP","link":"https://csrc.nist.gov/glossary/term/pip"}],"definitions":null},{"term":"Publishing node","link":"https://csrc.nist.gov/glossary/term/publishing_node","definitions":[{"text":"A node that, in addition to all responsibilities required of a full node, is tasked with extending the blockchain by creating and publishing new blocks. Also known as mining node, committing node, minting node.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"a full node that also publishes new blocks","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"PUF","link":"https://csrc.nist.gov/glossary/term/puf","abbrSyn":[{"text":"Public Use File","link":"https://csrc.nist.gov/glossary/term/public_use_file"}],"definitions":null},{"term":"PUK","link":"https://csrc.nist.gov/glossary/term/puk","abbrSyn":[{"text":"PIN Unblocking Key","link":"https://csrc.nist.gov/glossary/term/pin_unblocking_key"}],"definitions":null},{"term":"pulse per second","link":"https://csrc.nist.gov/glossary/term/pulse_per_second","abbrSyn":[{"text":"PPS","link":"https://csrc.nist.gov/glossary/term/pps"}],"definitions":null},{"term":"Pulverization","link":"https://csrc.nist.gov/glossary/term/pulverization","definitions":[{"text":"A physically Destructive method of sanitizing media; the act of grinding to a powder or dust.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"PUMP","link":"https://csrc.nist.gov/glossary/term/pump","abbrSyn":[{"text":"Patch and Update Management Program","link":"https://csrc.nist.gov/glossary/term/patch_and_update_management_program"}],"definitions":null},{"term":"Purdue Enterprise Reference Architecture","link":"https://csrc.nist.gov/glossary/term/purdue_enterprise_reference_architecture","abbrSyn":[{"text":"PERA","link":"https://csrc.nist.gov/glossary/term/pera"}],"definitions":null},{"term":"purge","link":"https://csrc.nist.gov/glossary/term/purge","definitions":[{"text":"A method of sanitization that applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"Rendering sanitized data unrecoverable by laboratory attack methods.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Purge "}]},{"text":"A method of Sanitization by applying physical or logical techniques that renders Target Data recovery infeasible using state of the art laboratory techniques.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Purge "}]}]},{"term":"Purposeful Interference Response Team","link":"https://csrc.nist.gov/glossary/term/purposeful_interference_response_team","abbrSyn":[{"text":"PIRT","link":"https://csrc.nist.gov/glossary/term/pirt"}],"definitions":null},{"term":"Push-To-Talk (PTT)","link":"https://csrc.nist.gov/glossary/term/push_to_talk","abbrSyn":[{"text":"PTT","link":"https://csrc.nist.gov/glossary/term/ptt"}],"definitions":[{"text":"A method of communicating on half-duplex communication lines, including two-way radio, using a “walkie-talkie” button to switch from voice reception to transmit mode.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"putative re-identifications","link":"https://csrc.nist.gov/glossary/term/putative_re_identifications","definitions":[{"text":"Apparent re-identifications that may or may not be correct.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"PuTTY Secure Copy Protocol","link":"https://csrc.nist.gov/glossary/term/putty_secure_copy_protocol","abbrSyn":[{"text":"PSCP","link":"https://csrc.nist.gov/glossary/term/pscp"}],"definitions":null},{"term":"P-value","link":"https://csrc.nist.gov/glossary/term/p_value","definitions":[{"text":"The probability (under the null hypothesis of randomness) that the chosen test statistic will assume values that are equal to or worse than the observed test statistic value when considering the null hypothesis. The P-valueis frequently called the “tail probability.”","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"The probability that the chosen test statistic will assume values that are equal to or more extreme than the observed test statistic value, assuming that the null hypothesis is true.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"PWA","link":"https://csrc.nist.gov/glossary/term/pwa","abbrSyn":[{"text":"Printed Wiring Assembly","link":"https://csrc.nist.gov/glossary/term/printed_wiring_assembly"}],"definitions":null},{"term":"PWWG","link":"https://csrc.nist.gov/glossary/term/pwwg","abbrSyn":[{"text":"Privacy Workforce Public Working Group","link":"https://csrc.nist.gov/glossary/term/privacy_workforce_public_working_group"}],"definitions":null},{"term":"PWWN","link":"https://csrc.nist.gov/glossary/term/pwwn","abbrSyn":[{"text":"Port World-Wide Name","link":"https://csrc.nist.gov/glossary/term/port_world_wide_name"}],"definitions":null},{"term":"PXE","link":"https://csrc.nist.gov/glossary/term/pxe","abbrSyn":[{"text":"Pre-boot eXecution Environment","link":"https://csrc.nist.gov/glossary/term/pre_boot_execution_environment"},{"text":"Preboot Execution Environment"}],"definitions":null},{"term":"PXN","link":"https://csrc.nist.gov/glossary/term/pxn","abbrSyn":[{"text":"Privileged Execute Never","link":"https://csrc.nist.gov/glossary/term/privileged_execute_never"}],"definitions":null},{"term":"PY","link":"https://csrc.nist.gov/glossary/term/py","abbrSyn":[{"text":"Prior Year","link":"https://csrc.nist.gov/glossary/term/prior_year"}],"definitions":null},{"term":"QA","link":"https://csrc.nist.gov/glossary/term/qa","abbrSyn":[{"text":"Quality Assurance"}],"definitions":null},{"term":"QA/QC","link":"https://csrc.nist.gov/glossary/term/qa_qc","abbrSyn":[{"text":"Quality Assurance/Quality Control","link":"https://csrc.nist.gov/glossary/term/quality_assurance_quality_control"}],"definitions":null},{"term":"QAT","link":"https://csrc.nist.gov/glossary/term/qat","abbrSyn":[{"text":"QuickAssist Technology","link":"https://csrc.nist.gov/glossary/term/quickassist_technology"}],"definitions":null},{"term":"QCCF","link":"https://csrc.nist.gov/glossary/term/qccf","abbrSyn":[{"text":"Quasi-cyclic Codeword Finding","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_codeword_finding"}],"definitions":null},{"term":"QC-MDPC","link":"https://csrc.nist.gov/glossary/term/qc_mdpc","abbrSyn":[{"text":"Quasi-Cyclic Moderate Density Parity Check","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_moderate_density_parity_check"}],"definitions":null},{"term":"QCSD","link":"https://csrc.nist.gov/glossary/term/qcsd","abbrSyn":[{"text":"quasi-cyclic syndrome decoding","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_syndrome_decoding"},{"text":"Quasi-cyclic Syndrome Decoding"}],"definitions":null},{"term":"QEMU (Quick Emulator)","link":"https://csrc.nist.gov/glossary/term/qemu","definitions":[{"text":"A software module that is a component of the hypervisor platform that supports full virtualization by providing emulation of various hardware devices.","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A"}]}]},{"term":"QMS","link":"https://csrc.nist.gov/glossary/term/qms","abbrSyn":[{"text":"Quality Management Systems","link":"https://csrc.nist.gov/glossary/term/quality_management_systems"}],"definitions":null},{"term":"QoP","link":"https://csrc.nist.gov/glossary/term/qop","abbrSyn":[{"text":"Quality of Protection","link":"https://csrc.nist.gov/glossary/term/quality_of_protection"}],"definitions":null},{"term":"QoS","link":"https://csrc.nist.gov/glossary/term/qos","abbrSyn":[{"text":"Quality of Service"}],"definitions":null},{"term":"QR","link":"https://csrc.nist.gov/glossary/term/qr","abbrSyn":[{"text":"Quick Response","link":"https://csrc.nist.gov/glossary/term/quick_response"},{"text":"Quick Response (code)"}],"definitions":null},{"term":"QR Code","link":"https://csrc.nist.gov/glossary/term/qr_code","abbrSyn":[{"text":"Quick Response Code","link":"https://csrc.nist.gov/glossary/term/quick_response_code"}],"definitions":null},{"term":"QROM","link":"https://csrc.nist.gov/glossary/term/qrom","abbrSyn":[{"text":"Quantum random oracle model","link":"https://csrc.nist.gov/glossary/term/quantum_random_oracle_model"},{"text":"Quantum-accessible Random Oracle Model","link":"https://csrc.nist.gov/glossary/term/quantum_accessible_random_oracle_model"}],"definitions":null},{"term":"quadrant","link":"https://csrc.nist.gov/glossary/term/quadrant","definitions":[{"text":"Short name referring to technology that provides tamper-resistant protection to cryptographic equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"quadratic twist","link":"https://csrc.nist.gov/glossary/term/quadratic_twist","definitions":[{"text":"Certain elliptic curve related to a specified elliptic curve.","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"qualification","link":"https://csrc.nist.gov/glossary/term/qualification","definitions":[{"text":"Process of demonstrating whether an entity is capable of fulfilling specified requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 12207"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 12207:2017"}]}]}]},{"term":"Qualified Products List","link":"https://csrc.nist.gov/glossary/term/qualified_products_list","definitions":[{"text":"a list of products that have met the qualification requirements stated in the applicable specification, including appropriate product identification and test or qualification reference number, with the name and plant address of the manufacturer and distributor, as applicable.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","refSources":[{"text":"41 U.S.C., Part 101-29.207","link":"https://www.govinfo.gov/app/details/CFR-1997-title41-vol2/CFR-1997-title41-vol2-sec101-29-207"}]}]}]},{"term":"Qualitative Assessment","link":"https://csrc.nist.gov/glossary/term/qualitative_assessment","definitions":[{"text":"Use of a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"DHS Risk Lexicon","link":"https://www.dhs.gov/dhs-risk-lexicon"}]}]}]},{"term":"Qualitative Risk Analysis","link":"https://csrc.nist.gov/glossary/term/qualitative_risk_analysis","definitions":[{"text":"A method for risk analysis that is based on the assignment of a descriptor such as low, medium, or high.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"quality assurance","link":"https://csrc.nist.gov/glossary/term/quality_assurance","abbrSyn":[{"text":"QA","link":"https://csrc.nist.gov/glossary/term/qa"}],"definitions":[{"text":"Part of quality management focused on providing confidence that quality requirements will be fulfilled.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]}]},{"term":"Quality Assurance/Quality Control","link":"https://csrc.nist.gov/glossary/term/quality_assurance_quality_control","abbrSyn":[{"text":"QA/QC","link":"https://csrc.nist.gov/glossary/term/qa_qc"}],"definitions":null},{"term":"quality characteristic","link":"https://csrc.nist.gov/glossary/term/quality_characteristic","definitions":[{"text":"Inherent characteristic of a product, process, or system related to a requirement.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]}]},{"term":"quality management","link":"https://csrc.nist.gov/glossary/term/quality_management","definitions":[{"text":"Coordinated activities to direct and control an organization with regard to quality.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]}]},{"term":"Quality Management Systems","link":"https://csrc.nist.gov/glossary/term/quality_management_systems","abbrSyn":[{"text":"QMS","link":"https://csrc.nist.gov/glossary/term/qms"}],"definitions":null},{"term":"Quality of Protection","link":"https://csrc.nist.gov/glossary/term/quality_of_protection","abbrSyn":[{"text":"QoP","link":"https://csrc.nist.gov/glossary/term/qop"}],"definitions":null},{"term":"quality property","link":"https://csrc.nist.gov/glossary/term/quality_property","definitions":[{"text":"An emergent property of a system that includes, for example: safety, security, maintainability, resilience, reliability, availability, agility, and survivability. This property is also referred to as a systemic property across many engineering domains.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]}]},{"term":"Quantitative Assessment","link":"https://csrc.nist.gov/glossary/term/quantitative_assessment","definitions":[{"text":"Use of a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"DHS Risk Lexicon","link":"https://www.dhs.gov/dhs-risk-lexicon"}]}]}]},{"term":"Quantitative Risk Analysis","link":"https://csrc.nist.gov/glossary/term/quantitative_risk_analysis","definitions":[{"text":"A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Quantum random oracle model","link":"https://csrc.nist.gov/glossary/term/quantum_random_oracle_model","abbrSyn":[{"text":"QROM","link":"https://csrc.nist.gov/glossary/term/qrom"}],"definitions":null},{"term":"Quantum-accessible Random Oracle Model","link":"https://csrc.nist.gov/glossary/term/quantum_accessible_random_oracle_model","abbrSyn":[{"text":"QROM","link":"https://csrc.nist.gov/glossary/term/qrom"}],"definitions":null},{"term":"Quarantining","link":"https://csrc.nist.gov/glossary/term/quarantining","definitions":[{"text":"Storing files containing malware in isolation for future disinfection or examination.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1"}]}]},{"term":"Quasi","link":"https://csrc.nist.gov/glossary/term/quasi","abbrSyn":[{"text":"Q","link":"https://csrc.nist.gov/glossary/term/q"}],"definitions":[{"text":"A bit string representation of the octet length of P.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C","underTerm":" under Q "}]}]},{"term":"Quasi-cyclic Codeword Finding","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_codeword_finding","abbrSyn":[{"text":"QCCF","link":"https://csrc.nist.gov/glossary/term/qccf"}],"definitions":null},{"term":"Quasi-Cyclic Moderate Density Parity Check","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_moderate_density_parity_check","abbrSyn":[{"text":"QC-MDPC","link":"https://csrc.nist.gov/glossary/term/qc_mdpc"}],"definitions":null},{"term":"quasi-cyclic syndrome decoding","link":"https://csrc.nist.gov/glossary/term/quasi_cyclic_syndrome_decoding","abbrSyn":[{"text":"QCSD","link":"https://csrc.nist.gov/glossary/term/qcsd"}],"definitions":null},{"term":"quasi-identifier","link":"https://csrc.nist.gov/glossary/term/quasi_identifier","definitions":[{"text":"A variable that can be used to identify an individual through association with another variable.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"question","link":"https://csrc.nist.gov/glossary/term/question","definitions":[{"text":"The text of a question to pose, optionally accompanied by instructions to help guide a person to a response.","sources":[{"text":"NISTIR 7692","link":"https://doi.org/10.6028/NIST.IR.7692"}]}]},{"term":"questionnaire","link":"https://csrc.nist.gov/glossary/term/questionnaire","definitions":[{"text":"A sequence of questions to be used in determining a state or condition.","sources":[{"text":"NISTIR 7692","link":"https://doi.org/10.6028/NIST.IR.7692"}]}]},{"term":"Quick Response","link":"https://csrc.nist.gov/glossary/term/quick_response","abbrSyn":[{"text":"QR","link":"https://csrc.nist.gov/glossary/term/qr"}],"definitions":null},{"term":"Quick Response Code","link":"https://csrc.nist.gov/glossary/term/quick_response_code","abbrSyn":[{"text":"QR","link":"https://csrc.nist.gov/glossary/term/qr"},{"text":"QR Code","link":"https://csrc.nist.gov/glossary/term/qr_code"}],"definitions":null},{"term":"QuickAssist Technology","link":"https://csrc.nist.gov/glossary/term/quickassist_technology","abbrSyn":[{"text":"QAT","link":"https://csrc.nist.gov/glossary/term/qat"}],"definitions":null},{"term":"Quote","link":"https://csrc.nist.gov/glossary/term/quote","definitions":[{"text":"To precede printable non-alphanumeric characters (e.g., *, $, ?) with the backslash ( \\) escape character in a value string. When a non-alphanumeric character is quoted in a WFN, it SHALL be processed as string data. When a non-alphanumeric character is unquoted in a WFN, it may be interpreted as a special character by CPE 2.3 specifications, including this one.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"R&D","link":"https://csrc.nist.gov/glossary/term/randd","abbrSyn":[{"text":"Research and Design","link":"https://csrc.nist.gov/glossary/term/research_and_design"},{"text":"Research and Development","link":"https://csrc.nist.gov/glossary/term/research_and_development"}],"definitions":null},{"term":"R/W","link":"https://csrc.nist.gov/glossary/term/r_w","abbrSyn":[{"text":"Read/Write","link":"https://csrc.nist.gov/glossary/term/read_write"}],"definitions":null},{"term":"RA","link":"https://csrc.nist.gov/glossary/term/ra","abbrSyn":[{"text":"Receiver Address","link":"https://csrc.nist.gov/glossary/term/receiver_address"},{"text":"Reference Architecture","link":"https://csrc.nist.gov/glossary/term/reference_architecture"},{"text":"Registration Authority"},{"text":"Risk Assessment"}],"definitions":[{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Risk Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \r\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Risk Assessment "},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Risk Assessment "},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Assessment "}]},{"text":"An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential subscribers, which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function.","sources":[{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Registration Authority ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.","sources":[{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Assessment "}]},{"text":"An organization approved by ISO/IEC for performing registration.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","underTerm":" under Registration Authority ","refSources":[{"text":"ISO/IEC JTC1 N820"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact.\nPart of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Risk Assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Risk Assessment "}]}]},{"term":"RACE Integrity Primitives Evaluation Message Digest","link":"https://csrc.nist.gov/glossary/term/race_integrity_primitives_evaluation_message_digest","abbrSyn":[{"text":"RIPEMD","link":"https://csrc.nist.gov/glossary/term/ripemd"}],"definitions":null},{"term":"RAdAC","link":"https://csrc.nist.gov/glossary/term/radac","abbrSyn":[{"text":"Risk Adaptable Access Control"},{"text":"Risk Adaptive (Adaptable) Access Control","link":"https://csrc.nist.gov/glossary/term/risk_adaptive_adaptable_access_control"},{"text":"Risk-Adaptable Access Control"},{"text":"Risk-Adaptive Access Control"}],"definitions":null},{"term":"Radial Basis Function","link":"https://csrc.nist.gov/glossary/term/radial_basis_function","abbrSyn":[{"text":"RBF","link":"https://csrc.nist.gov/glossary/term/rbf"}],"definitions":null},{"term":"Radio Access Network","link":"https://csrc.nist.gov/glossary/term/radio_access_network","abbrSyn":[{"text":"RAN","link":"https://csrc.nist.gov/glossary/term/ran"}],"definitions":null},{"term":"Radio Resource Control","link":"https://csrc.nist.gov/glossary/term/radio_resource_control","abbrSyn":[{"text":"RRC","link":"https://csrc.nist.gov/glossary/term/rrc"}],"definitions":null},{"term":"Radio Technical Commission for Aeronautics","link":"https://csrc.nist.gov/glossary/term/radio_technical_commission_for_aeronautics","abbrSyn":[{"text":"RTCA","link":"https://csrc.nist.gov/glossary/term/rtca"}],"definitions":null},{"term":"Radio-Frequency Identification","link":"https://csrc.nist.gov/glossary/term/radio_frequency_identification","abbrSyn":[{"text":"RFID","link":"https://csrc.nist.gov/glossary/term/rfid"}],"definitions":null},{"term":"Radiology Information System","link":"https://csrc.nist.gov/glossary/term/radiology_information_system","abbrSyn":[{"text":"RIS","link":"https://csrc.nist.gov/glossary/term/ris"}],"definitions":null},{"term":"Radionuclide Transportation Agency","link":"https://csrc.nist.gov/glossary/term/radionuclide_transportation_agency","note":"(fictional)","abbrSyn":[{"text":"RTA","link":"https://csrc.nist.gov/glossary/term/rta"}],"definitions":null},{"term":"RAID","link":"https://csrc.nist.gov/glossary/term/raid","abbrSyn":[{"text":"Redundant Array of Independent Disks","link":"https://csrc.nist.gov/glossary/term/redundant_array_of_independent_disks"},{"text":"Redundant Array of Inexpensive Disks"},{"text":"Redundant Arrays of Inexpensive Disks"}],"definitions":null},{"term":"RAIM","link":"https://csrc.nist.gov/glossary/term/raim","abbrSyn":[{"text":"receiver autonomous integrity monitoring","link":"https://csrc.nist.gov/glossary/term/receiver_autonomous_integrity_monitoring"}],"definitions":null},{"term":"RAM","link":"https://csrc.nist.gov/glossary/term/ram","abbrSyn":[{"text":"Random Access Machine","link":"https://csrc.nist.gov/glossary/term/random_access_machine"},{"text":"Random access memory"},{"text":"Random Access Memory","link":"https://csrc.nist.gov/glossary/term/random_access_memory"}],"definitions":null},{"term":"RAMPS","link":"https://csrc.nist.gov/glossary/term/ramps","abbrSyn":[{"text":"Regional Alliances and Multistakeholder Partnerships to Stimulate","link":"https://csrc.nist.gov/glossary/term/regional_alliances_and_multistakeholder_partnerships_to_stimulate"}],"definitions":null},{"term":"RAN","link":"https://csrc.nist.gov/glossary/term/ran","abbrSyn":[{"text":"Radio Access Network","link":"https://csrc.nist.gov/glossary/term/radio_access_network"}],"definitions":null},{"term":"RAND","link":"https://csrc.nist.gov/glossary/term/rand","abbrSyn":[{"text":"Random Number","link":"https://csrc.nist.gov/glossary/term/random_number"},{"text":"Random Parameter","link":"https://csrc.nist.gov/glossary/term/random_parameter"}],"definitions":[{"text":"For the purposes of this Recommendation, a value in a set that has an equal probability of being selected from the total population of possibilities and, hence, is unpredictable. A random number is an instance of an unbiased random variable, that is, the output produced by a uniformly distributed random process.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Random Number "}]}]},{"term":"Random Access Machine","link":"https://csrc.nist.gov/glossary/term/random_access_machine","abbrSyn":[{"text":"RAM","link":"https://csrc.nist.gov/glossary/term/ram"}],"definitions":null},{"term":"Random Access Memory","link":"https://csrc.nist.gov/glossary/term/random_access_memory","abbrSyn":[{"text":"RAM","link":"https://csrc.nist.gov/glossary/term/ram"}],"definitions":null},{"term":"Random Binary Sequence","link":"https://csrc.nist.gov/glossary/term/random_binary_sequence","definitions":[{"text":"A sequence of bits for which the probability of each bit being a “0” or “1” is ½. The value of each bit is independent of any other bit in the sequence, i.e., each bit is unpredictable.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Random bit","link":"https://csrc.nist.gov/glossary/term/random_bit","definitions":[{"text":"A bit for which an attacker has exactly a 50% probability of success of guessing the value of the bit as either zero or one.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A bit for which an attacker has exactly a 50% probability of success of guessing the value of the bit as either a zero or one. It is also called an unbiased bit.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"term":"Random Bit Generator (RBG)","link":"https://csrc.nist.gov/glossary/term/random_bit_generator","abbrSyn":[{"text":"RBG","link":"https://csrc.nist.gov/glossary/term/rbg"}],"definitions":[{"text":"A device or algorithm that can produce a sequence of bits that appear to be both statistically independent and unbiased.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Random bit generator "}]},{"text":"A device or algorithm that outputs bits that are computationally indistinguishable from bits that are independent and unbiased.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"Random Bit Generator","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D","underTerm":" under RBG "}]},{"text":"A device or algorithm that outputs a sequence of bits that appears to be statistically independent and unbiased. Also, see Random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Random bit generator (RBG) "}]},{"text":"A device or algorithm that outputs a sequence of binary bits that appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A device or algorithm that outputs a random sequence that is effectively indistinguishable from statistically independent and unbiased bits. An RBG is classified as either a DRBG or an NRBG.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]},{"text":"A device or algorithm that outputs a sequence of bits that appears to be statistically independent and unbiased.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Random bit generator (RBG) "}]},{"text":"A device or algorithm that outputs a sequence of bits that appears to be statistically independent and unbiased. Also see Random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Random bit generator (RBG) "}]},{"text":"A device or algorithm that outputs a sequence of bits that appear to be statistically independent and unbiased. Also, see Random number generator.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Random bit generator (RBG) "}]}],"seeAlso":[{"text":"Random number generator"}]},{"term":"Random Excursion Test","link":"https://csrc.nist.gov/glossary/term/random_excursion_test","definitions":[{"text":"The purpose of this test is to determine if the number of visits to a state within a random walk exceeds what one would expect for a random sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Random Excursion Variant Test","link":"https://csrc.nist.gov/glossary/term/random_excursion_variant_test","definitions":[{"text":"The purpose of this test is to detect deviations from the distribution of the number of visits of a random walk to a certain state.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Random Field","link":"https://csrc.nist.gov/glossary/term/random_field","definitions":[{"text":"In the RBG-based construction of IVs, either a direct random string or one of its successors.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"random forest classification","link":"https://csrc.nist.gov/glossary/term/random_forest_classification","abbrSyn":[{"text":"RFC","link":"https://csrc.nist.gov/glossary/term/rfc"}],"definitions":null},{"term":"Random Forests","link":"https://csrc.nist.gov/glossary/term/random_forests","abbrSyn":[{"text":"RF","link":"https://csrc.nist.gov/glossary/term/rf"}],"definitions":null},{"term":"Random nonce","link":"https://csrc.nist.gov/glossary/term/random_nonce","definitions":[{"text":"A nonce containing a random-value component that is generated anew for each nonce.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"Random Number","link":"https://csrc.nist.gov/glossary/term/random_number","abbrSyn":[{"text":"Rand"}],"definitions":[{"text":"A value in a set of numbers that has an equal probability of being selected from the total population of possibilities and, in that sense, is unpredictable. A random number is an instance of an unbiased random variable, that is, the output produced by a uniformly distributed random process. Random numbers may, e.g., be obtained by converting suitable stings of random bits (see [NIST SP 800-90A], Appendix B.5 for details).","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Random number "}]},{"text":"For the purposes of this Recommendation, a value in a set that has an equal probability of being selected from the total population of possibilities and, hence, is unpredictable. A random number is an instance of an unbiased random variable, that is, the output produced by a uniformly distributed random process.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"random number generation","link":"https://csrc.nist.gov/glossary/term/random_number_generation","abbrSyn":[{"text":"RNG","link":"https://csrc.nist.gov/glossary/term/rng"}],"definitions":null},{"term":"random number generator (RNG)","link":"https://csrc.nist.gov/glossary/term/random_number_generator","abbrSyn":[{"text":"RNG","link":"https://csrc.nist.gov/glossary/term/rng"}],"definitions":[{"text":"A process that is invoked to generate a random sequence of values (usually a sequence of bits) or an individual random value.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"A mechanism that purports to generate truly random data.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Random Number Generator (RNG) "}]},{"text":"A process used to generate an unpredictable series of numbers. Also called a Random bit generator (RBG).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Random number generator (RNG) "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Random number generator (RNG) "}]},{"text":"Produces a sequence of zero and one bits that is random in the sense, that there is no way to describe its output that is more efficient than simply listing the entire string of output. There are two basic classes: deterministic and non-deterministic. A deterministic RNG (also known as a pseudorandom number generator) consists of an algorithm that produces a sequence of bits from an initial value called a seed. A non-deterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control, such as thermal noise or radioactive decay.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Random Number Generator (RNG) "}]},{"text":"A process used to generate an unpredictable series of numbers. Also, referred to as a Random bit generator (RBG).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Random number generator (RNG) "}]}],"seeAlso":[{"text":"Random bit generator (RBG)"}]},{"term":"random oracle model","link":"https://csrc.nist.gov/glossary/term/random_oracle_model","abbrSyn":[{"text":"ROM","link":"https://csrc.nist.gov/glossary/term/rom"}],"definitions":[{"text":"See Read-Only Memory.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under ROM "}]}]},{"term":"Random Parameter","link":"https://csrc.nist.gov/glossary/term/random_parameter","abbrSyn":[{"text":"RAND","link":"https://csrc.nist.gov/glossary/term/rand"}],"definitions":null},{"term":"Random value","link":"https://csrc.nist.gov/glossary/term/random_value","definitions":[{"text":"A sufficient entropy bit string.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"Random Variable","link":"https://csrc.nist.gov/glossary/term/random_variable","definitions":[{"text":"Random variables differ from the usual deterministic variables (of science and engineering) in that random variables allow the systematic distributional assignment of probability values to each possible outcome.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Randomized hashing","link":"https://csrc.nist.gov/glossary/term/randomized_hashing","definitions":[{"text":"A technique for randomizing the input to a cryptographic hash function.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A process by which the input to a hash function is randomized before being processed by the hash function.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}]},{"term":"Randomized message","link":"https://csrc.nist.gov/glossary/term/randomized_message","definitions":[{"text":"A message that has been modified using a random value.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]}]},{"term":"randomizer","link":"https://csrc.nist.gov/glossary/term/randomizer","definitions":[{"text":"Analog or digital source of unpredictable, unbiased, and usually independent bits. Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Randomness extraction","link":"https://csrc.nist.gov/glossary/term/randomness_extraction","definitions":[{"text":"The first step in the two-step key-derivation procedure specified in this Recommendation; during this step, a key-derivation key is produced from a shared secret.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"The first step in the key derivation procedure specified in this Recommendation, which produces a key derivation key from a shared secret.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]"}]},{"text":"The first step in the two-step key-derivation procedure during which a key-derivation key is produced. The second step in the procedure is key expansion.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Randomness Source","link":"https://csrc.nist.gov/glossary/term/randomness_source","abbrSyn":[{"text":"Source of Randomness","link":"https://csrc.nist.gov/glossary/term/source_of_randomness"}],"definitions":[{"text":"A component of a DRBG (which consists of a DRBG mechanism and a randomness source) that outputs bitstrings that are used as entropy input by the DRBG mechanism. The randomness source can be an entropy source or an RBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"See Randomness Source.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Source of Randomness "}]}]},{"term":"Range","link":"https://csrc.nist.gov/glossary/term/range","definitions":[{"text":"The maximum possible distance for communicating with a wireless network infrastructure or wireless client.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"Rank (of a matrix)","link":"https://csrc.nist.gov/glossary/term/rank","definitions":[{"text":"Refers to the rank of a matrix in linear algebra over GF(2).  Having reduced a matrix into row-echelon form via elementary row operations, the number of nonzero rows, if any, are counted in order to determine the number of linearly independent rows or columns in the matrix.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"rank syndrome decoding","link":"https://csrc.nist.gov/glossary/term/rank_syndrome_decoding","abbrSyn":[{"text":"RSD","link":"https://csrc.nist.gov/glossary/term/rsd"}],"definitions":null},{"term":"Rank Test","link":"https://csrc.nist.gov/glossary/term/rank_test","definitions":[{"text":"The purpose of this test is to check for linear dependence among fixed length substrings of the original sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"RAP","link":"https://csrc.nist.gov/glossary/term/rap","abbrSyn":[{"text":"Resource Access Point","link":"https://csrc.nist.gov/glossary/term/resource_access_point"}],"definitions":null},{"term":"RAPI","link":"https://csrc.nist.gov/glossary/term/rapi","abbrSyn":[{"text":"Remote Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/remote_application_programming_interface"}],"definitions":null},{"term":"Rapid elasticity","link":"https://csrc.nist.gov/glossary/term/rapid_elasticity","abbrSyn":[{"text":"RE","link":"https://csrc.nist.gov/glossary/term/re"}],"definitions":[{"text":"Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"RAR","link":"https://csrc.nist.gov/glossary/term/rar","abbrSyn":[{"text":"Risk Assessment Report"}],"definitions":[{"text":"The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessment Report "}]}]},{"term":"RARP","link":"https://csrc.nist.gov/glossary/term/rarp","abbrSyn":[{"text":"Reverse Address Resolution Protocol","link":"https://csrc.nist.gov/glossary/term/reverse_address_resolution_protocol"}],"definitions":null},{"term":"RAS","link":"https://csrc.nist.gov/glossary/term/ras","abbrSyn":[{"text":"IEEE Robotics and Automation Society","link":"https://csrc.nist.gov/glossary/term/ieee_robotics_and_automation_society"}],"definitions":null},{"term":"Rate","link":"https://csrc.nist.gov/glossary/term/rate","definitions":[{"text":"In the sponge construction, the number of input bits processed per invocation of the underlying function.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Rationale","link":"https://csrc.nist.gov/glossary/term/rationale","definitions":[{"text":"The explanation for why a Reference Document Element and a Focal Document Element are related within a set theory relationship mapping. This will be one of the following: syntactic, semantic, or functional.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"The explanation for why a Reference Document element and a Focal Document element are related. This will be one of the following: Syntactic, Semantic, or Functional.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"RBAC","link":"https://csrc.nist.gov/glossary/term/rbac","abbrSyn":[{"text":"Role Based Access Control"},{"text":"Role-Based Access Control"}],"definitions":[{"text":"Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Role-Based Access Control "}]}]},{"term":"RBF","link":"https://csrc.nist.gov/glossary/term/rbf","abbrSyn":[{"text":"Radial Basis Function","link":"https://csrc.nist.gov/glossary/term/radial_basis_function"}],"definitions":null},{"term":"RBG","link":"https://csrc.nist.gov/glossary/term/rbg","abbrSyn":[{"text":"Random Bit Generator"}],"definitions":[{"text":"Random Bit Generator","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"RBG seed","link":"https://csrc.nist.gov/glossary/term/rbg_seed","abbrSyn":[{"text":"Seed","link":"https://csrc.nist.gov/glossary/term/seed"}],"definitions":[{"text":"The input to a pseudorandom number generator. Different seeds generate different pseudorandom sequences.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under Seed "}]},{"text":"A string of bits that is used to initialize a DRBG. Also just called a Seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A secret value that is used to initialize a process (e.g., a DRBG). Also see RBG seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Seed "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Seed "}]},{"text":"Noun : A string of bits that is used as input to a DRBG mechanism. The seed will determine a portion of the internal state of the DRBG, and its entropy must be sufficient to support the security strength of the DRBG. Verb : To acquire bits with sufficient entropy for the desired security strength. These bits will be used as input to a DRBG mechanism to determine a portion of the initial internal state. Also see reseed.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Seed "}]},{"text":"A string of bits that is used to initialize a DRBG. Also called a Seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A secret value that is used to initialize a process (e.g., a deterministic random bit generator). Also see RNG seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Seed "}]}],"seeAlso":[{"text":"RNG seed","link":"rng_seed"},{"text":"Seed","link":"seed"}]},{"term":"RC","link":"https://csrc.nist.gov/glossary/term/rc","abbrSyn":[{"text":"Recover","link":"https://csrc.nist.gov/glossary/term/recover"},{"text":"recover (CSF function)","link":"https://csrc.nist.gov/glossary/term/recover_csf"},{"text":"resource consumer","link":"https://csrc.nist.gov/glossary/term/resource_consumer"}],"definitions":[{"text":"Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under recover (CSF function) ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"RC.CO","link":"https://csrc.nist.gov/glossary/term/rc_co","abbrSyn":[{"text":"Recover, Communications","link":"https://csrc.nist.gov/glossary/term/recover_communications"}],"definitions":null},{"term":"RC4","link":"https://csrc.nist.gov/glossary/term/rc4","abbrSyn":[{"text":"Rivest Cipher 4","link":"https://csrc.nist.gov/glossary/term/rivest_cipher_4"}],"definitions":null},{"term":"RCFL","link":"https://csrc.nist.gov/glossary/term/rcfl","abbrSyn":[{"text":"Regional Computer Forensics Laboratory","link":"https://csrc.nist.gov/glossary/term/regional_computer_forensics_laboratory"}],"definitions":null},{"term":"RCP","link":"https://csrc.nist.gov/glossary/term/rcp","abbrSyn":[{"text":"Remote Copy Protocol","link":"https://csrc.nist.gov/glossary/term/remote_copy_protocol"}],"definitions":null},{"term":"RCS","link":"https://csrc.nist.gov/glossary/term/rcs","abbrSyn":[{"text":"Rich Communication Services","link":"https://csrc.nist.gov/glossary/term/rich_communication_services"}],"definitions":null},{"term":"RD","link":"https://csrc.nist.gov/glossary/term/rd","abbrSyn":[{"text":"Restricted Data"}],"definitions":[{"text":"All data concerning (i) design, manufacture, or utilization of atomic weapons; (ii) the production of special nuclear material; or (iii) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 [of the Atomic Energy Act of 1954].","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Restricted Data ","refSources":[{"text":"PL 83-703","link":"https://www.govinfo.gov/content/pkg/STATUTE-68/pdf/STATUTE-68-Pg919.pdf"}]}]}]},{"term":"RDBMS","link":"https://csrc.nist.gov/glossary/term/rdbms","abbrSyn":[{"text":"Regional Database Management System","link":"https://csrc.nist.gov/glossary/term/regional_database_management_system"},{"text":"Relational Database Management System"},{"text":"Relational DataBase Management System","link":"https://csrc.nist.gov/glossary/term/relational_database_management_system"}],"definitions":null},{"term":"RDMA","link":"https://csrc.nist.gov/glossary/term/rdma","abbrSyn":[{"text":"Remote Direct Memory Access","link":"https://csrc.nist.gov/glossary/term/remote_direct_memory_access"}],"definitions":null},{"term":"RDP","link":"https://csrc.nist.gov/glossary/term/rdp","abbrSyn":[{"text":"Remote Desktop Protocol","link":"https://csrc.nist.gov/glossary/term/remote_desktop_protocol"}],"definitions":null},{"term":"RDR","link":"https://csrc.nist.gov/glossary/term/rdr","abbrSyn":[{"text":"Risk Detail Record","link":"https://csrc.nist.gov/glossary/term/risk_detail_record"}],"definitions":null},{"term":"RDS","link":"https://csrc.nist.gov/glossary/term/rds","abbrSyn":[{"text":"Reference Data Set","link":"https://csrc.nist.gov/glossary/term/reference_data_set"},{"text":"Reliable Datagram Sockets","link":"https://csrc.nist.gov/glossary/term/reliable_datagram_sockets"}],"definitions":null},{"term":"RE","link":"https://csrc.nist.gov/glossary/term/re","abbrSyn":[{"text":"Rapid Elasticity"}],"definitions":null},{"term":"RE(f)","link":"https://csrc.nist.gov/glossary/term/re_f","abbrSyn":[{"text":"Risk Executive (function)"},{"text":"Risk Executive Function","link":"https://csrc.nist.gov/glossary/term/risk_executive_function"}],"definitions":null},{"term":"Read","link":"https://csrc.nist.gov/glossary/term/read","definitions":[{"text":"Fundamental process in an information system that results only in the flow of information from storage media to a requester.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Read/Write","link":"https://csrc.nist.gov/glossary/term/read_write","abbrSyn":[{"text":"R/W","link":"https://csrc.nist.gov/glossary/term/r_w"},{"text":"RW","link":"https://csrc.nist.gov/glossary/term/rw"}],"definitions":null},{"term":"Read/Write/Execute","link":"https://csrc.nist.gov/glossary/term/read_write_execute","abbrSyn":[{"text":"RWX","link":"https://csrc.nist.gov/glossary/term/rwx"}],"definitions":null},{"term":"Reader","link":"https://csrc.nist.gov/glossary/term/reader","definitions":[{"text":"A device that can wirelessly communicate with tags. Readers can detect the presence of tags as well as send and receive data and commands from the tags.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Reader Spoofing","link":"https://csrc.nist.gov/glossary/term/reader_spoofing","definitions":[{"text":"The act of impersonating a legitimate reader of an RFID system to read tags.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Reader Talks First","link":"https://csrc.nist.gov/glossary/term/reader_talks_first","abbrSyn":[{"text":"RTF","link":"https://csrc.nist.gov/glossary/term/rtf"}],"definitions":[{"text":"An RF transaction in which the reader transmits a signal that is received by tags in its vicinity. The tags may be commanded to respond to the reader and continue with further transactions.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/read_only_memory","abbrSyn":[{"text":"ROM","link":"https://csrc.nist.gov/glossary/term/rom"}],"definitions":[{"text":"ROM is a pre-recorded storage medium that can only be read from and not written to.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"See Read-Only Memory.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under ROM "}]}]},{"term":"Real Mode","link":"https://csrc.nist.gov/glossary/term/real_mode","definitions":[{"text":"A legacy high-privilege operating mode in x86-compatible processors.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"}]}]},{"term":"Real Time Clock","link":"https://csrc.nist.gov/glossary/term/real_time_clock","abbrSyn":[{"text":"RTC","link":"https://csrc.nist.gov/glossary/term/rtc"}],"definitions":null},{"term":"real time reaction","link":"https://csrc.nist.gov/glossary/term/real_time_reaction","definitions":[{"text":"Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Really Simple Syndication","link":"https://csrc.nist.gov/glossary/term/really_simple_syndication","abbrSyn":[{"text":"RSS","link":"https://csrc.nist.gov/glossary/term/rss"}],"definitions":null},{"term":"Realm Management Extension","link":"https://csrc.nist.gov/glossary/term/realm_management_extension","abbrSyn":[{"text":"RME","link":"https://csrc.nist.gov/glossary/term/rme"}],"definitions":null},{"term":"Real-Time Inter-Network Defense","link":"https://csrc.nist.gov/glossary/term/real_time_inter_network_defense","abbrSyn":[{"text":"RID","link":"https://csrc.nist.gov/glossary/term/rid"}],"definitions":null},{"term":"Real-Time Locating Systems","link":"https://csrc.nist.gov/glossary/term/real_time_locating_systems","abbrSyn":[{"text":"RTLS","link":"https://csrc.nist.gov/glossary/term/rtls"}],"definitions":null},{"term":"Real-Time Location System","link":"https://csrc.nist.gov/glossary/term/real_time_location_system","abbrSyn":[{"text":"RTLS","link":"https://csrc.nist.gov/glossary/term/rtls"}],"definitions":null},{"term":"Real-Time Operating System","link":"https://csrc.nist.gov/glossary/term/real_time_operating_system","abbrSyn":[{"text":"RTOS","link":"https://csrc.nist.gov/glossary/term/rtos"}],"definitions":null},{"term":"Re-authentication","link":"https://csrc.nist.gov/glossary/term/re_authentication","definitions":[{"text":"The process of confirming the subscriber’s continued presence and intent to be authenticated during an extended usage session.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Received Signal Strength Indication","link":"https://csrc.nist.gov/glossary/term/received_signal_strength_indication","abbrSyn":[{"text":"RSSI","link":"https://csrc.nist.gov/glossary/term/rssi"}],"definitions":null},{"term":"Receiver","link":"https://csrc.nist.gov/glossary/term/receiver","definitions":[{"text":"The party that receives secret keying material via a key-transport transaction. Contrast with sender.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Receiver Address","link":"https://csrc.nist.gov/glossary/term/receiver_address","abbrSyn":[{"text":"RA","link":"https://csrc.nist.gov/glossary/term/ra"}],"definitions":null},{"term":"receiver autonomous integrity monitoring","link":"https://csrc.nist.gov/glossary/term/receiver_autonomous_integrity_monitoring","abbrSyn":[{"text":"RAIM","link":"https://csrc.nist.gov/glossary/term/raim"}],"definitions":null},{"term":"Recipient-usage period","link":"https://csrc.nist.gov/glossary/term/recipient_usage_period","definitions":[{"text":"The period of time during which the protected information is processed (e.g., decrypted).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The period of time during which the protected information may be processed (e.g., decrypted).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The period of time during the cryptoperiod of a symmetric key during which the protected information is processed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Reciprocal Agreement","link":"https://csrc.nist.gov/glossary/term/reciprocal_agreement","definitions":[{"text":"An agreement that allows two organizations to back up each other.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"reciprocity","link":"https://csrc.nist.gov/glossary/term/reciprocity","definitions":[{"text":"The mutual agreement among participating organizations to accept each other’s security assessments in order to reuse information-system resources and/or to accept each other’s assessed security posture in order to share information.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"Mutual agreement among participating organizations to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Reciprocity "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Reciprocity "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Reciprocity ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Reciprocity "}]},{"text":"Mutual agreement among participating enterprises to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Reciprocity ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Agreement among participating organizations to accept each other’s security assessments to reuse system resources and/or to accept each other’s assessed security posture to share information.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]}]},{"term":"Recommendation","link":"https://csrc.nist.gov/glossary/term/recommendation","definitions":[{"text":"A special publication of the ITL that stipulates specific characteristics of the technology to use or the procedures to follow to achieve a common level of quality or level of interoperability.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]},{"text":"A term used to refer to this specific document (i.e., SP 800-133): the “R” is always capitalized.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A special publication of the ITL stipulating specific characteristics of technology to use or procedures to follow to achieve a common level of quality or level of interoperability.","sources":[{"text":"FIPS 201","note":" [version unknown]"}]}]},{"term":"Record","link":"https://csrc.nist.gov/glossary/term/record","definitions":[{"text":"To write data on a medium, such as a magnetic tape, magnetic disk, or optical disk.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"record-matching probability","link":"https://csrc.nist.gov/glossary/term/record_matching_probability","abbrSyn":[{"text":"RMP","link":"https://csrc.nist.gov/glossary/term/rmp"}],"definitions":null},{"term":"records","link":"https://csrc.nist.gov/glossary/term/records","definitions":[{"text":"The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results) that serve as a basis for verifying that the organization and the system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain a complete set of information on particular items).","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"All books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations or other activities of the Government or because of the informational value of the data in them.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under RECORDS ","refSources":[{"text":"44 U.S.C., Sec. 3301","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap33-sec3301"}]}]},{"text":"The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Records ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Records "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Records "}]},{"text":"The recordings of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Records "}]},{"text":"All recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"44 U.S.C., Sec. 3301","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap33-sec3301"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"The recordings (automated and manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"records management","link":"https://csrc.nist.gov/glossary/term/records_management","note":"(C.F.D.)","definitions":[{"text":"The process for tagging information for records keeping requirements as mandated in the Federal Records Act and the National Archival and Records Requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Recover","link":"https://csrc.nist.gov/glossary/term/recover","abbrSyn":[{"text":"RC","link":"https://csrc.nist.gov/glossary/term/rc"}],"definitions":null},{"term":"recover (CSF function)","link":"https://csrc.nist.gov/glossary/term/recover_csf","abbrSyn":[{"text":"RC","link":"https://csrc.nist.gov/glossary/term/rc"}],"definitions":[{"text":"Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Recover (function) "}]}]},{"term":"Recover, Communications","link":"https://csrc.nist.gov/glossary/term/recover_communications","abbrSyn":[{"text":"RC.CO","link":"https://csrc.nist.gov/glossary/term/rc_co"}],"definitions":null},{"term":"Recovery Point Objective","link":"https://csrc.nist.gov/glossary/term/recovery_point_objective","abbrSyn":[{"text":"RPO","link":"https://csrc.nist.gov/glossary/term/rpo"}],"definitions":[{"text":"The point in time to which data must be recovered after an outage.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"recovery procedures","link":"https://csrc.nist.gov/glossary/term/recovery_procedures","definitions":[{"text":"Actions necessary to restore data files of an information system and computational capability after a system failure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Recovery Time Objective","link":"https://csrc.nist.gov/glossary/term/recovery_time_objective","abbrSyn":[{"text":"RTO","link":"https://csrc.nist.gov/glossary/term/rto"}],"definitions":[{"text":"The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business processes.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]},{"term":"RED","link":"https://csrc.nist.gov/glossary/term/red","definitions":[{"text":"Information or messages that contain sensitive or classified information that is not encrypted. See also BLACK.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"BLACK","link":"black"}]},{"term":"RED data","link":"https://csrc.nist.gov/glossary/term/red_data","definitions":[{"text":"Date that is not protected by encryption. Also known as unencrypted data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"RED equipment","link":"https://csrc.nist.gov/glossary/term/red_equipment","definitions":[{"text":"A term applied to equipment that processes unencrypted national security information that requires protection during electrical/electronic processing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"Red Hat Enterprise Linux","link":"https://csrc.nist.gov/glossary/term/red_hat_enterprise_linux","abbrSyn":[{"text":"RHEL","link":"https://csrc.nist.gov/glossary/term/rhel"}],"definitions":null},{"term":"Red Hat Package Manager","link":"https://csrc.nist.gov/glossary/term/red_hat_package_manager","abbrSyn":[{"text":"RPM","link":"https://csrc.nist.gov/glossary/term/rpm"}],"definitions":null},{"term":"RED key","link":"https://csrc.nist.gov/glossary/term/red_key","definitions":[{"text":"Key that has not been encrypted in a system approved by NSA for key encryption or encrypted key in the presence of its associated key encryption key (KEK) or transfer key encryption key (TrKEK). Encrypted key in the same fill device as its associated KEK or TrKEK is considered unencrypted. (RED key is also known as unencrypted key). Such key is classified at the level of the data it is designed to protect. See BLACK data and encrypted key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"BLACK data","link":"black_data"},{"text":"encrypted key","link":"encrypted_key"}]},{"term":"RED line","link":"https://csrc.nist.gov/glossary/term/red_line","definitions":[{"text":"An optical fiber or a metallic wire that carries a RED signal or that originates/terminates in a RED equipment or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"RED optical fiber line","link":"https://csrc.nist.gov/glossary/term/red_optical_fiber_line","definitions":[{"text":"An optical fiber that carries RED signal or that originates/terminates in RED equipment or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"RED signal","link":"https://csrc.nist.gov/glossary/term/red_signal","definitions":[{"text":"Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"Red Team","link":"https://csrc.nist.gov/glossary/term/red_team","definitions":[{"text":"A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. Also known as Cyber Red Team.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"red team exercise","link":"https://csrc.nist.gov/glossary/term/red_team_exercise","definitions":[{"text":"An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Red Team Exercise "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Red Team Exercise ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An exercise, reflecting real-world conditions that is conducted as a simulated adversarial attempt to compromise organizational missions or business processes and to provide a comprehensive assessment of the security capabilities of an organization and its systems.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Red Team/Blue Team Approach","link":"https://csrc.nist.gov/glossary/term/red_team_blue_team_approach","definitions":[{"text":"A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.\n1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically, the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team). \n2. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.\n1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).  \n2. The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer's cyber security readiness posture. Often a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer's networks are as secure as possible before having the Red Team test the systems.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"CNSSI 4009-2010"}]}]}]},{"term":"RED wireline","link":"https://csrc.nist.gov/glossary/term/red_wireline","definitions":[{"text":"A metallic wire that carries a RED signal or that originates/terminates in a RED equipment or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"RED/BLACK concept","link":"https://csrc.nist.gov/glossary/term/red_black_concept","definitions":[{"text":"Separation of electrical and electronic circuits, components, equipment, and systems that handle national security information (RED), in electrical form, from those that handle non-national security information (BLACK) in the same form.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"},{"text":"NSTISSI No. 7002","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"redaction","link":"https://csrc.nist.gov/glossary/term/redaction","definitions":[{"text":"The removal of information from a document or dataset for legal or security purposes.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Reduced Instruction Set Computer","link":"https://csrc.nist.gov/glossary/term/reduced_instruction_set_computer","abbrSyn":[{"text":"RISC","link":"https://csrc.nist.gov/glossary/term/risc"}],"definitions":null},{"term":"Reduced Instruction Set Computing","link":"https://csrc.nist.gov/glossary/term/reduced_instruction_set_computing","abbrSyn":[{"text":"RISC","link":"https://csrc.nist.gov/glossary/term/risc"}],"definitions":null},{"term":"Redundant Array of Independent Disks","link":"https://csrc.nist.gov/glossary/term/redundant_array_of_independent_disks","abbrSyn":[{"text":"RAID","link":"https://csrc.nist.gov/glossary/term/raid"}],"definitions":null},{"term":"REE","link":"https://csrc.nist.gov/glossary/term/ree","abbrSyn":[{"text":"Rich Execution Environment","link":"https://csrc.nist.gov/glossary/term/rich_execution_environment"}],"definitions":null},{"term":"Reference","link":"https://csrc.nist.gov/glossary/term/reference","abbrSyn":[{"text":"Online Informative Reference"}],"definitions":[{"text":"Relationships between elements of two documents that are recorded in a NIST IR 8278A-compliant format and shared by the OLIR Catalog. There are three types of OLIRs: concept crosswalk, set theory relationship mapping, and supportive relationship mapping.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Online Informative Reference "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Online Informative Reference "}]},{"text":"See Informative Reference.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Reference Architecture","link":"https://csrc.nist.gov/glossary/term/reference_architecture","abbrSyn":[{"text":"RA","link":"https://csrc.nist.gov/glossary/term/ra"}],"definitions":null},{"term":"Reference Data Set","link":"https://csrc.nist.gov/glossary/term/reference_data_set","abbrSyn":[{"text":"RDS","link":"https://csrc.nist.gov/glossary/term/rds"}],"definitions":null},{"term":"Reference Document","link":"https://csrc.nist.gov/glossary/term/reference_document","definitions":[{"text":"A document being compared to a Focal Document, such as traditional documents, products, services, education materials, and training.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"A cybersecurity document that is related to the Framework.","sources":[{"text":"NISTIR 8204","link":"https://doi.org/10.6028/NIST.IR.8204"}]},{"text":"A document being compared to a Focal Document. Examples include traditional documents, products, services, education materials, and training.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"}]},{"text":"A source document being compared to a Focal Document. Examples include traditional documents, products, services, education materials, and training.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Reference Document Element","link":"https://csrc.nist.gov/glossary/term/reference_document_element","definitions":[{"text":"A discrete section, sentence, phrase, or other identifiable piece of content from a Reference Document.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1"},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"A discrete section, sentence, phrase, or other identifiable piece of content of a Reference Document.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278"},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Reference Integrity Manifest","link":"https://csrc.nist.gov/glossary/term/reference_integrity_manifest","abbrSyn":[{"text":"RIM","link":"https://csrc.nist.gov/glossary/term/rim"}],"definitions":null},{"term":"reference monitor","link":"https://csrc.nist.gov/glossary/term/reference_monitor","definitions":[{"text":"The security engineering term for IT functionality that (1) controls all access, (2) cannot be by-passed, (3) is tamper-resistant, and (4) provides confidence that the other three items are true.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"A set of design requirements on a reference validation mechanism which as key component of an operating system, enforces an access control policy over all subjects and objects. A reference validation mechanism must be: (i) always invoked (i.e., complete mediation); (ii) tamperproof; and (iii) small enough to be subject to analysis and tests, the completeness of which can be assured (i.e., verifiable).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Reference Monitor "}]},{"text":"A set of design requirements on a reference validation mechanism that, as a key component of an operating system, enforces an access control policy over all subjects and objects. A reference validation mechanism is always invoked (i.e., complete mediation), tamperproof, and small enough to be subject to analysis and tests, the completeness of which can be assured (i.e., verifiable).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"reference monitor concept","link":"https://csrc.nist.gov/glossary/term/reference_monitor_concept","definitions":[{"text":"An abstract model of the necessary and sufficient properties that must be achieved by any mechanism that performs an access mediation control function.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"NPS-CS-07-014","link":"https://apps.dtic.mil/sti/citations/ADA476035"},{"text":"ESD-TR-73-51","link":"https://apps.dtic.mil/sti/citations/AD0758206"}]}]}]},{"term":"reference validation mechanism","link":"https://csrc.nist.gov/glossary/term/reference_validation_mechanism","definitions":[{"text":"An implementation of the reference monitor concept that validates each access to resources against a list of authorized accesses allowed.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ESD-TR-73-51","link":"https://apps.dtic.mil/sti/citations/AD0758206"}]}]}]},{"term":"Reference Version","link":"https://csrc.nist.gov/glossary/term/reference_version","definitions":[{"text":"The version of the OLIR.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"The version of the Informative Reference.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"regenerative cyber defense","link":"https://csrc.nist.gov/glossary/term/regenerative_cyber_defense","definitions":[{"text":"The process for restoring capabilities after a successful, large scale cyberspace attack, ideally in a way that prevents future attacks of the same nature.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DSOC 2011"}]}]}]},{"term":"Regional Alliances and Multistakeholder Partnerships to Stimulate","link":"https://csrc.nist.gov/glossary/term/regional_alliances_and_multistakeholder_partnerships_to_stimulate","abbrSyn":[{"text":"RAMPS","link":"https://csrc.nist.gov/glossary/term/ramps"}],"definitions":null},{"term":"Regional Computer Forensics Laboratory","link":"https://csrc.nist.gov/glossary/term/regional_computer_forensics_laboratory","abbrSyn":[{"text":"RCFL","link":"https://csrc.nist.gov/glossary/term/rcfl"}],"definitions":null},{"term":"Regional Internet Registry","link":"https://csrc.nist.gov/glossary/term/regional_internet_registry","abbrSyn":[{"text":"RIR","link":"https://csrc.nist.gov/glossary/term/rir"}],"definitions":null},{"term":"register","link":"https://csrc.nist.gov/glossary/term/register","definitions":[{"text":"A set of records (paper, electronic, or a combination) maintained by a Registration Authority containing assigned names and the associated information.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","refSources":[{"text":"ISO/IEC JTC1 N820"}]}]}]},{"term":"Registered application provider IDentifier","link":"https://csrc.nist.gov/glossary/term/registered_application_provider_identifier","abbrSyn":[{"text":"RID","link":"https://csrc.nist.gov/glossary/term/rid"}],"definitions":null},{"term":"Registrar","link":"https://csrc.nist.gov/glossary/term/registrar","definitions":[{"text":"Also known as a Registration Agent, a person who performs the enrollment process.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"registration","link":"https://csrc.nist.gov/glossary/term/registration","abbrSyn":[{"text":"Enrollment","link":"https://csrc.nist.gov/glossary/term/enrollment"},{"text":"Identity Registration"}],"definitions":[{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. In some other NIST documents, such as [NIST SP 800-63A], identity registration is referred to as enrollment.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Identity Registration "}]},{"text":"The process through which a party applies to become a subscriber of a credentials service provider (CSP) and a registration authority validates the identity of that party on behalf of the CSP.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" - Adapted"}]}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and the CSP validates the applicant’s identity.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Enrollment "}]},{"text":"See Enrollment.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Registration "}]},{"text":"Making a person’s identity known to the enrollment/Identity Management System information system by associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the information system. Registration is necessary in order to initiate other processes, such as adjudication, card/token personalization and issuance and, maintenance that are necessary to issue and to re-issue or maintain a PIV Card or a Derived PIV Credential token.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Registration "}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate.)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Enrollment ","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The process that a CA uses to create a certificate for a web server or email user. (In the context of this practice guide, enrollment applies to the process of a certificate requester requesting a certificate, the CA issuing the certificate, and the requester retrieving the issued certificate).","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Enrollment ","refSources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"text":"The assignment of a name to an object.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","refSources":[{"text":"ISO/IEC JTC1 N820"}]}]},{"text":"The process through which an applicant applies to become a subscriber of a CSP and an RA validates the identity of the applicant on behalf of the CSP. (NIST SP 800-63-3)","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Registration ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"The process that a Certificate Authority (CA) uses to create a certificate for a web server or email user","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Enrollment "}]},{"text":"The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Identity Registration "}]},{"text":"See “Identity Registration”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Registration "}]},{"text":"The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Registration "}]}]},{"term":"Registration agent","link":"https://csrc.nist.gov/glossary/term/registration_agent","definitions":[{"text":"An FCKMS role that is responsible for registering new entities and perhaps other selected information.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Registration authority (RA)","link":"https://csrc.nist.gov/glossary/term/registration_authority_ra","definitions":[{"text":"A trusted entity that establishes and vouches for the identity and authorization of a certificate applicant on behalf of some authority (e.g., a CA).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"registration authority (RA)","link":"https://csrc.nist.gov/glossary/term/registration_authority","abbrSyn":[{"text":"RA","link":"https://csrc.nist.gov/glossary/term/ra"}],"definitions":[{"text":"1. An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential Subscribers which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"2. The key management entity (KME) within each Service or Agency responsible for registering KMEs and assigning electronic key management system (EKMS) IDs to them.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., a Registration Authority is delegated certain tasks on behalf of an authorized CA).","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Registration Authority (RA) "}]},{"text":"A trusted entity that establishes and vouches for the identity of a user.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Registration authority "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Registration authority "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Registration authority "}]},{"text":"An entity that is responsible for the identification and authentication of certificate subjects on behalf of an authority, but that does not sign or issue certificates (e.g., an RA is delegated certain tasks on behalf of a CA).","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Registration Authority (RA) "}]},{"text":"An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential subscribers, which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Registration Authority (RA) ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Registration Authority (RA) ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Registration Authority ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An organization approved by ISO/IEC for performing registration.","sources":[{"text":"NISTIR 5308","link":"https://doi.org/10.6028/NIST.IR.5308","underTerm":" under Registration Authority ","refSources":[{"text":"ISO/IEC JTC1 N820"}]}]},{"text":"A trusted entity that establishes and vouches for the identity or attributes of a subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Registration Authority (RA) ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Registration Authority (RA) "}]}]},{"term":"Registry","link":"https://csrc.nist.gov/glossary/term/registry","definitions":[{"text":"A service that allows developers to easily store images as they are created, tag and catalog images for identification and version control to aid in discovery and reuse, and find and download images that others have created.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]},{"text":"An authoritative, centrally-controlled store of information. Web services use registries to advertise their existence and to describe their interfaces and other attributes. Prospective clients query registries to locate required services and to discover their attributes.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]}]},{"term":"regrader","link":"https://csrc.nist.gov/glossary/term/regrader","definitions":[{"text":"A trusted process explicitly authorized to re-classify and re-label data in accordance with a defined policy exception. Untrusted /Unauthorized processes are such actions by the security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A trusted process explicitly authorized to re-classify and re-label data in accordance with a defined policy exception. Untrusted or unauthorized processes are such actions by the security policy.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Regular Expression","link":"https://csrc.nist.gov/glossary/term/regular_expression","definitions":[{"text":"A sequence of characters (or words) that forms a search pattern, mainly for use in pattern matching with strings, or string matching.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"re-identification precision","link":"https://csrc.nist.gov/glossary/term/re_identification_precision","definitions":[{"text":"The ratio of correct re-identifications to the sum of correct and incorrect apparent re-identifications.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"re-identification probability","link":"https://csrc.nist.gov/glossary/term/re_identification_probability","definitions":[{"text":"The probability that an individual’s identity will be correctly inferred by an outside party using information contained in a de-identified dataset.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"re-identification rate","link":"https://csrc.nist.gov/glossary/term/re_identification_rate","definitions":[{"text":"The percentage of records in a dataset that can be re-identified.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"re-identification risk","link":"https://csrc.nist.gov/glossary/term/re_identification_risk","definitions":[{"text":"The likelihood that a third party can re-identify data subjects in a de-identified dataset.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"the risk that de-identified records can be re-identified. Re-identification risk is typically reported as the percentage of records in a dataset that can be re-identified.","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Rekey","link":"https://csrc.nist.gov/glossary/term/rekey","definitions":[{"text":"A procedure in which a new cryptographic key is generated in a manner that is independent of the (old) cryptographic key that it will replace. Contrast with Key update.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"}]},{"text":"A procedure in which a new cryptographic key is generated in a manner that is independent of the (old) cryptographic key that it will replace.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. NIST SP 800-32 under Re-key (a certificate)","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" - under Rekey (a certificate)"}]}]}]},{"term":"re-key (a certificate)","link":"https://csrc.nist.gov/glossary/term/re_key_certificate","definitions":[{"text":"The process of creating a new certificate with a new validity period, serial number, and public key while retaining all other Subscriber information in the original certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Re-key (a certificate) "}]},{"text":"To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. NIST SP 800-32 under Re-key (a certificate)","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Re-key ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" - under Rekey (a certificate)"}]}]}]},{"term":"Relational DataBase Management System","link":"https://csrc.nist.gov/glossary/term/relational_database_management_system","abbrSyn":[{"text":"RDBMS","link":"https://csrc.nist.gov/glossary/term/rdbms"}],"definitions":null},{"term":"Relationship","link":"https://csrc.nist.gov/glossary/term/relationship","definitions":[{"text":"The type of logical comparison that the Reference Document Developer asserts compared to the Focal Document within a set theory relationship mapping. This will be one of the following: subset of, intersects with, equal to, superset of, or not related to.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]},{"text":"The type of logical comparison that the Reference Document Developer asserts compared to the Focal Document. This will be one of the following: subset of, intersects with, equal to, superset of, or not related to.","sources":[{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A"}]}]},{"term":"Relationship Explanation","link":"https://csrc.nist.gov/glossary/term/relationship_explanation","definitions":[{"text":"A text description of the nature of the relationship between a Reference Document Element and a Focal Document Element within a supportive relationship mapping.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]}]},{"term":"Relationship Identifier","link":"https://csrc.nist.gov/glossary/term/relationship_identifier","definitions":[{"text":"Identifying information where the value is a relationship to another asset.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Relationship Property","link":"https://csrc.nist.gov/glossary/term/relationship_property","definitions":[{"text":"Indicates whether the supporting concept is necessary for achieving the supported concept within a supportive relationship mapping.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]}]},{"term":"relationship style","link":"https://csrc.nist.gov/glossary/term/relationship_style","abbrSyn":[{"text":"concept relationship style","link":"https://csrc.nist.gov/glossary/term/concept_relationship_style"}],"definitions":[{"text":"An explicitly defined convention for characterizing relationships for a use case.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477","underTerm":" under concept relationship style "}]}]},{"term":"Relationship Type","link":"https://csrc.nist.gov/glossary/term/relationship_type","definitions":[{"text":"The type of supportive relationship being specified between a Reference Document Element and a Focal Document Element within a supportive relationship mapping. This will be one of the following: supports, is supported by, identical, equivalent, contrary, or no relationship.","sources":[{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1"}]}]},{"term":"Relatively prime","link":"https://csrc.nist.gov/glossary/term/relatively_prime","definitions":[{"text":"Two positive integers are relatively prime if their greatest common divisor is 1.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Relay Node","link":"https://csrc.nist.gov/glossary/term/relay_node","abbrSyn":[{"text":"RN","link":"https://csrc.nist.gov/glossary/term/rn"}],"definitions":null},{"term":"Release","link":"https://csrc.nist.gov/glossary/term/release","definitions":[{"text":"A collection of new and/or changed configuration items which are tested and introduced into a production environment together.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","refSources":[{"text":"ISO/IEC 19770-2"}]}]}]},{"term":"release prefix","link":"https://csrc.nist.gov/glossary/term/release_prefix","definitions":[{"text":"Prefix appended to the short title of U.S.-produced keying material to indicate its foreign releasability. \"A\" designates material that is releasable to specific allied nations and \"U.S.\" designates material intended exclusively for U.S. use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Releasing Unverified Plaintext","link":"https://csrc.nist.gov/glossary/term/releasing_unverified_plaintext","abbrSyn":[{"text":"RUP","link":"https://csrc.nist.gov/glossary/term/rup"}],"definitions":null},{"term":"relevant event","link":"https://csrc.nist.gov/glossary/term/relevant_event","definitions":[{"text":"An occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"reliability","link":"https://csrc.nist.gov/glossary/term/reliability","definitions":[{"text":"The probability of performing a specified function without failure under given conditions for a specified period of time.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"USG FRP (2019)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]},{"text":"The ability of a system or component to function under stated conditions for a specified period of time.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"IEEE Standard Computer Dictionary"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"IEEE Standard Computer Dictionary"}]}]},{"text":"The probability of performing a specified function without failure under given conditions for a specified period of time.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Reliability ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"Reliability, Maintainability, Availability","link":"https://csrc.nist.gov/glossary/term/reliability_maintainability_availability","abbrSyn":[{"text":"RMA","link":"https://csrc.nist.gov/glossary/term/rma"}],"definitions":null},{"term":"Reliable Datagram Sockets","link":"https://csrc.nist.gov/glossary/term/reliable_datagram_sockets","abbrSyn":[{"text":"RDS","link":"https://csrc.nist.gov/glossary/term/rds"}],"definitions":null},{"term":"relying party","link":"https://csrc.nist.gov/glossary/term/relying_party","abbrSyn":[{"text":"RP","link":"https://csrc.nist.gov/glossary/term/rp"}],"definitions":[{"text":"An entity that relies on the validity of the binding of the Subscriber’s name to a public key to verify or establish the identity and status of an individual, role, or system or device; the integrity of a digitally signed message; the identity of the creator of a message; or confidential communications with the Subscriber.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An entity that relies upon the subscriber’s authenticator(s) and credentials or a verifier’s assertion of a claimant’s identity, typically to process a transaction or grant access to information or a system.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Relying Party "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Relying Party "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Relying Party (RP) "},{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Relying Party (RP) ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"text":"A party that depends on the validity of the digital signature process.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Relying party "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Relying party "}]},{"text":"In this Recommendation, a party that relies on the security and authenticity of a key or key pair for applying cryptographic protection and removing or verifying the protection that has been applied. This includes parties relying on the public key in a public key certificate and parties that share a symmetric key.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Relying party "}]},{"text":"A person or Agency who has received information that includes a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Relying Party "}]},{"text":"An entity that relies on received information for authentication purposes.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Relying party "}]},{"text":"An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4","underTerm":" under Relying Party "}]},{"text":"An entity that relies on the certificate and the CA that issued the certificate to verify the identity of the certificate's subject and/or owner; the validity of the public key, associated algorithms and any relevant parameters; and the subject’s possession of the corresponding private key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Relying party "}]},{"text":"An entity that relies on the certificate and the CA that issued the certificate to verify the identity of the certificate owner and the validity of the public key, associated algorithms, and any relevant parameters in the certificate, as well as the owner’s possession of the corresponding private key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Relying party "}]},{"text":"A party that relies on the security and authenticity of a key or key pair for applying cryptographic protection and/or removing or verifying the protection that has been applied. This includes parties relying on the public key in a public key certificate and parties that share a symmetric key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Relying party "}]},{"text":"An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Relying Party (RP) "}]}]},{"term":"remanence","link":"https://csrc.nist.gov/glossary/term/remanence","definitions":[{"text":"Residual information remaining on storage media after clearing. See magnetic remanence and clearing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Residual information remaining on storage media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Remanence "}]}],"seeAlso":[{"text":"clearing","link":"clearing"},{"text":"magnetic remanence","link":"magnetic_remanence"}]},{"term":"remediation","link":"https://csrc.nist.gov/glossary/term/remediation","definitions":[{"text":"The neutralization or elimination of a vulnerability or the likelihood of its exploitation.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]},{"text":"The act of mitigating a vulnerability or a threat.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-40 Version 2.0","link":"https://doi.org/10.6028/NIST.SP.800-40ver2","note":" - Adapted"}]}]}]},{"term":"Remote","link":"https://csrc.nist.gov/glossary/term/remote","definitions":[{"text":"(In the context of remote authentication or remote transaction) An information exchange between network-connected devices where the information cannot be reliably protected end-to-end by a single organization’s security controls.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"(As in remote authentication or remote transaction) An information exchange between network-connected devices where the information cannot be reliably protected end-to-end by a single organization’s security controls. \nNote: Any information exchange across the Internet is considered remote.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Remote Access Server","link":"https://csrc.nist.gov/glossary/term/remote_access_server","definitions":[{"text":"Devices, such as virtual private network gateways and modem servers, that facilitate connections between networks.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Remote Application Programming Interface","link":"https://csrc.nist.gov/glossary/term/remote_application_programming_interface","abbrSyn":[{"text":"RAPI","link":"https://csrc.nist.gov/glossary/term/rapi"}],"definitions":null},{"term":"Remote Copy Protocol","link":"https://csrc.nist.gov/glossary/term/remote_copy_protocol","abbrSyn":[{"text":"RCP","link":"https://csrc.nist.gov/glossary/term/rcp"}],"definitions":null},{"term":"Remote Desktop Protocol","link":"https://csrc.nist.gov/glossary/term/remote_desktop_protocol","abbrSyn":[{"text":"RDP","link":"https://csrc.nist.gov/glossary/term/rdp"}],"definitions":null},{"term":"remote diagnostics/ maintenance","link":"https://csrc.nist.gov/glossary/term/remote_diagnostics__maintenance","definitions":[{"text":"Maintenance activities conducted by authorized individuals communicating through an external network (e.g., the Internet).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Remote Direct Memory Access","link":"https://csrc.nist.gov/glossary/term/remote_direct_memory_access","abbrSyn":[{"text":"RDMA","link":"https://csrc.nist.gov/glossary/term/rdma"}],"definitions":null},{"term":"Remote Method Invocation","link":"https://csrc.nist.gov/glossary/term/remote_method_invocation","abbrSyn":[{"text":"RMI","link":"https://csrc.nist.gov/glossary/term/rmi"}],"definitions":null},{"term":"Remote Monitoring","link":"https://csrc.nist.gov/glossary/term/remote_monitoring","abbrSyn":[{"text":"RMON","link":"https://csrc.nist.gov/glossary/term/rmon"}],"definitions":null},{"term":"Remote Patient Monitoring","link":"https://csrc.nist.gov/glossary/term/remote_patient_monitoring","abbrSyn":[{"text":"RPM","link":"https://csrc.nist.gov/glossary/term/rpm"}],"definitions":null},{"term":"Remote Procedure Call","link":"https://csrc.nist.gov/glossary/term/remote_procedure_call","abbrSyn":[{"text":"RPC","link":"https://csrc.nist.gov/glossary/term/rpc"}],"definitions":null},{"term":"remote rekeying","link":"https://csrc.nist.gov/glossary/term/remote_rekeying","definitions":[{"text":"Procedure by which a distant crypto-equipment is rekeyed electrically. See automatic remote rekeying and manual remote rekeying.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"automatic remote rekeying","link":"automatic_remote_rekeying"},{"text":"manual remote rekeying","link":"manual_remote_rekeying"}]},{"term":"Remote Shell","link":"https://csrc.nist.gov/glossary/term/remote_shell","abbrSyn":[{"text":"RSH","link":"https://csrc.nist.gov/glossary/term/rsh"}],"definitions":null},{"term":"Remote Switched Port Analyzer","link":"https://csrc.nist.gov/glossary/term/remote_switched_port_analyzer","abbrSyn":[{"text":"RSPAN","link":"https://csrc.nist.gov/glossary/term/rspan"}],"definitions":null},{"term":"Remote Synchronization","link":"https://csrc.nist.gov/glossary/term/remote_synchronization","abbrSyn":[{"text":"rsync","link":"https://csrc.nist.gov/glossary/term/rsync"}],"definitions":null},{"term":"Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/remotely_triggered_black_holing","abbrSyn":[{"text":"RTBH","link":"https://csrc.nist.gov/glossary/term/rtbh"}],"definitions":null},{"term":"removable media","link":"https://csrc.nist.gov/glossary/term/removable_media","definitions":[{"text":"Portable data storage medium that can be added to or removed from a computing device or network. \nNote: Examples include, but are not limited to: optical discs (CD, DVD, Blu-ray); external / removable hard drives; external / removable Solid State Disk (SSD) drives; magnetic / optical tapes; flash memory devices (USB, eSATA, Flash Drive, Thumb Drive); flash memory cards (Secure Digital, CompactFlash, Memory Stick, MMC, xD); and other external / removable disks (floppy, Zip, Jaz, Bernoulli, UMD). \nSee also portable storage device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"portable storage device","link":"portable_storage_device"}]},{"term":"removable media device","link":"https://csrc.nist.gov/glossary/term/removable_media_device","abbrSyn":[{"text":"portable storage device","link":"https://csrc.nist.gov/glossary/term/portable_storage_device"}],"definitions":[{"text":"A system component that can be inserted into and removed from a system and that is used to store information or data (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., compact/digital video disks, flash/thumb drives, external solid-state drives, external hard disk drives, flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under portable storage device "}]},{"text":"Portable device that can be connected to an information system (IS), computer, or network to provide data storage. These devices interface with the IS through processing chips and may load driver software, presenting a greater security risk to the IS than non-device media, such as optical discs or flash memory cards. \nNote: Examples include, but are not limited to: USB flash drives, external hard drives, and external solid state disk (SSD) drives. Portable Storage Devices also include memory cards that have additional functions aside from standard data storage and encrypted data storage, such as built-in Wi-Fi connectivity and global positioning system (GPS) reception. \nSee also removable media.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under portable storage device "}]},{"text":"See portable storage device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A system component that can be inserted into and removed from a system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under portable storage device "}]},{"text":"A system component that can communicate with and be added to or removed from a system or network and that is limited to data storage—including text, video, audio or image data—as its primary function (e.g., optical discs, external or removable hard drives, external or removable solid-state disk drives, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under portable storage device "}]},{"text":"A system component that can be inserted into and removed from a system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain nonvolatile memory).","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under portable storage device "}]}]},{"term":"Removable User Identity Module (R-UIM)","link":"https://csrc.nist.gov/glossary/term/removable_user_identity_module","definitions":[{"text":"A card developed for cdmaOne/CDMA2000 handsets that extends the GSM SIM card to CDMA phones and networks.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"REN-ISAC","link":"https://csrc.nist.gov/glossary/term/ren_isac","abbrSyn":[{"text":"Research and Education Networking Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/research_and_education_networking_information_sharing_and_analysis_center"}],"definitions":null},{"term":"Repeatability","link":"https://csrc.nist.gov/glossary/term/repeatability","definitions":[{"text":"The ability to repeat an assessment in the future, in a manner that is consistent with, and hence comparable to, prior assessments.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"term":"Replace","link":"https://csrc.nist.gov/glossary/term/replace","definitions":[{"text":"The process of installing a new certificate and removing an existing one so that the new certificate is used in place of the existing certificate on all systems where the existing certificate is being used.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"replay attack","link":"https://csrc.nist.gov/glossary/term/replay_attack","definitions":[{"text":"An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under replay attacks "}]},{"text":"An attack in which the Attacker is able to replay previously captured messages (between a legitimate Claimant and a Verifier) to masquerade as that Claimant to the Verifier or vice versa.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Replay Attack "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Replay Attack "}]}]},{"term":"replay resistance","link":"https://csrc.nist.gov/glossary/term/replay_resistance","definitions":[{"text":"Protection against the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Replay Resistance ","refSources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The property of an authentication process to resist replay attacks, typically by use of an authenticator output that is valid only for a specific authentication.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Replay Resistance "}]}]},{"term":"reporter","link":"https://csrc.nist.gov/glossary/term/reporter","definitions":[{"text":"Any entity that reports a vulnerability to the Government and that may be an entity outside of the Government, within the Government, or within the specific system that has the vulnerability.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Reporting","link":"https://csrc.nist.gov/glossary/term/reporting","definitions":[{"text":"The final phase of the computer and network forensic process, which involves reporting the results of the analysis; this may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, guidelines, procedures, tools, and other aspects of the forensic process. The formality of the reporting step varies greatly depending on the situation.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Representational State Transfer (REST)","link":"https://csrc.nist.gov/glossary/term/representational_state_transfer","abbrSyn":[{"text":"REST","link":"https://csrc.nist.gov/glossary/term/rest"}],"definitions":[{"text":"A software architectural style that defines a common method for defining APIs for Web services.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Representational State Transfer "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Representational State Transfer "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Representative (of a key owner)","link":"https://csrc.nist.gov/glossary/term/key_owner_representative","definitions":[{"text":"See Sponsor (of a key).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Reproducibility","link":"https://csrc.nist.gov/glossary/term/reproducibility","definitions":[{"text":"The ability of different experts to produce the same results from the same data.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"term":"Request for Comments","link":"https://csrc.nist.gov/glossary/term/request_for_comments","abbrSyn":[{"text":"RFC","link":"https://csrc.nist.gov/glossary/term/rfc"}],"definitions":[{"text":"A Request For Comments is a formal standards-track document developed in working groups within the Internet Engineering Task Force (IETF).","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}],"seeAlso":[{"text":"Public Key Certificate"}]},{"term":"Request for Comments (IETF standards document)","link":"https://csrc.nist.gov/glossary/term/request_for_comments_ietf_standards_document","abbrSyn":[{"text":"RFC","link":"https://csrc.nist.gov/glossary/term/rfc"}],"definitions":null},{"term":"Request for Information","link":"https://csrc.nist.gov/glossary/term/request_for_information","abbrSyn":[{"text":"RFI","link":"https://csrc.nist.gov/glossary/term/rfi"}],"definitions":null},{"term":"Request for Proposal","link":"https://csrc.nist.gov/glossary/term/request_for_proposal","abbrSyn":[{"text":"RFP","link":"https://csrc.nist.gov/glossary/term/rfp"}],"definitions":null},{"term":"Requester","link":"https://csrc.nist.gov/glossary/term/requester","abbrSyn":[{"text":"subject","link":"https://csrc.nist.gov/glossary/term/subject"}],"definitions":[{"text":"The entity requesting to perform an operation upon the object.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162","underTerm":" under subject "}]},{"text":"The entity (person or organization) that wishes to make use of a provider’s Web service. It will use a requester agent to exchange messages with the provider’s provider agent. “Requester” is also used as a shorthand to refer to the requester agent acting on the requester’s behalf.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Architecture - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-arch/"}]}]},{"text":"An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or changes the system state.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under subject "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under subject "}]},{"text":"Generally an individual, process, or device causing information to flow among objects or change to the system state. See object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under subject ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An individual, process, or device that causes information to flow among objects or change to the system state. Also see object.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under subject "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under subject "}]}]},{"term":"requirements engineering","link":"https://csrc.nist.gov/glossary/term/requirements_engineering","definitions":[{"text":"An interdisciplinary function that mediates between the domains of the acquirer and supplier to establish and maintain the requirements to be met by the system, software, or service of interest.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 29148:2018","link":"https://www.iso.org/standard/72089.html"}]}]},{"text":"A series of successive decomposition and derivation actions beginning with stakeholder requirements and moving through high-level design requirements to low-level design requirements to the implementation of the design. During requirements engineering, several requirements baselines are defined. These baselines include: a functional baseline that provides the basis for contracting and controlling the system design; an allocated baseline that provides performance requirements for each configuration item of the system; and a product baseline that provides a detailed design specification for system elements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Requirements Verification Traceability Matrix","link":"https://csrc.nist.gov/glossary/term/requirements_verification_traceability_matrix","abbrSyn":[{"text":"RVTM","link":"https://csrc.nist.gov/glossary/term/rvtm"}],"definitions":null},{"term":"RES","link":"https://csrc.nist.gov/glossary/term/res","abbrSyn":[{"text":"Response","link":"https://csrc.nist.gov/glossary/term/response"}],"definitions":null},{"term":"Research and Development","link":"https://csrc.nist.gov/glossary/term/research_and_development","abbrSyn":[{"text":"R&D","link":"https://csrc.nist.gov/glossary/term/randd"}],"definitions":null},{"term":"Research and Education Networking Information Sharing and Analysis Center","link":"https://csrc.nist.gov/glossary/term/research_and_education_networking_information_sharing_and_analysis_center","abbrSyn":[{"text":"REN-ISAC","link":"https://csrc.nist.gov/glossary/term/ren_isac"}],"definitions":null},{"term":"Réseaux IP Européens","link":"https://csrc.nist.gov/glossary/term/reseaux_ip_europeens","abbrSyn":[{"text":"RIPE","link":"https://csrc.nist.gov/glossary/term/ripe"}],"definitions":null},{"term":"Réseaux IP Européens Network Coordination Centre","link":"https://csrc.nist.gov/glossary/term/reseaux_ip_europeens_network_coordination_centre","abbrSyn":[{"text":"RIPE NCC","link":"https://csrc.nist.gov/glossary/term/ripe_ncc"}],"definitions":[{"text":"Regional Internet Registry for Europe, the Middle East, and parts of Central Asia that allocates and registers blocks of Internet number resources to Internet service providers (ISPs) and other organizations.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"reserve keying material","link":"https://csrc.nist.gov/glossary/term/reserve_keying_material","definitions":[{"text":"Key held to satisfy unplanned needs. See contingency key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"contingency key","link":"contingency_key"}]},{"term":"Reserved for Future Use","link":"https://csrc.nist.gov/glossary/term/reserved_for_future_use","abbrSyn":[{"text":"RFU","link":"https://csrc.nist.gov/glossary/term/rfu"}],"definitions":null},{"term":"resident alien","link":"https://csrc.nist.gov/glossary/term/resident_alien","definitions":[{"text":"A citizen of a foreign nation, legally residing in the United States on a permanent basis, who is not yet a naturalized citizen of the United States.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"residual information protection","link":"https://csrc.nist.gov/glossary/term/residual_information_protection","definitions":[{"text":"Ensur(ing) that any data contained in a resource is not available when the resource is de-allocated from one object and reallocated to a different object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 15408-2","note":" - Adapted"}]}]}]},{"term":"residual risk","link":"https://csrc.nist.gov/glossary/term/residual_risk","definitions":[{"text":"Portion of risk remaining after controls/countermeasures have been applied.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","note":" - adapted"}]}]},{"text":"Portion of risk remaining after security measures have been applied.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" - Adapted"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Residual Risk ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"the potential for the occurrence of an adverse event after adjusting for theimpact of all in-place safeguards. (See Total Risk, Acceptable Risk, and Minimum Level of Protection.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Residual Risk "}]},{"text":"The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"Risk that remains after risk responses have been documented and performed.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Residual Risk "}]},{"text":"Risk remaining after risk treatment.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}],"seeAlso":[{"text":"Acceptable Risk","link":"acceptable_risk"},{"text":"Minimum Level of Protection","link":"minimum_level_of_protection"},{"text":"Total Risk","link":"total_risk"}]},{"term":"residue","link":"https://csrc.nist.gov/glossary/term/residue","definitions":[{"text":"Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Resilience Management Model","link":"https://csrc.nist.gov/glossary/term/resilience_management_model","abbrSyn":[{"text":"RMM","link":"https://csrc.nist.gov/glossary/term/rmm"}],"definitions":null},{"term":"Resilience Requirements","link":"https://csrc.nist.gov/glossary/term/resilience_requirements","definitions":[{"text":"The business-driven availability and reliability characteristics for the manufacturing system that specify recovery tolerances from disruptions and major incidents.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"Resilient Interdomain Traffic Exchange","link":"https://csrc.nist.gov/glossary/term/resilient_interdomain_traffic_exchange","abbrSyn":[{"text":"RITE","link":"https://csrc.nist.gov/glossary/term/rite"}],"definitions":null},{"term":"resilient otherwise","link":"https://csrc.nist.gov/glossary/term/resilient_otherwise","definitions":[{"text":"Security considerations applied to enable system operation despite disruption while not maintaining a secure mode, state, or transition; or only being able to provide for partial security within a given system mode, state, or transition.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"See securely resilient.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"Resilient Systems Working Group","link":"https://csrc.nist.gov/glossary/term/resilient_systems_working_group","abbrSyn":[{"text":"RSWG","link":"https://csrc.nist.gov/glossary/term/rswg"}],"definitions":null},{"term":"Resolvable Private Address","link":"https://csrc.nist.gov/glossary/term/resolvable_private_address","abbrSyn":[{"text":"RP","link":"https://csrc.nist.gov/glossary/term/rp"}],"definitions":null},{"term":"Resolver","link":"https://csrc.nist.gov/glossary/term/resolver","definitions":[{"text":"Software that retrieves data associated with some identifier.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"resource","link":"https://csrc.nist.gov/glossary/term/resource","abbrSyn":[{"text":"object","link":"https://csrc.nist.gov/glossary/term/object"}],"definitions":[{"text":"An entity to be protected from unauthorized use.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162","underTerm":" under object "}]},{"text":"Asset used or consumed during the execution of a process.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A passive entity that contains or receives information. Note that access to an object potentially implies access to the information it contains.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under object "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under object "}]},{"text":"Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under object ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Passive system-related entity, including devices, files, records, tables, processes, programs, and domains that contain or receive information. Access to an object (by a subject) implies access to the information it contains. See subject.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under object "}]},{"text":"An operating system abstraction that is visible at the application program interface, has a unique name, and capable of being shared.  In this document, the following are resources: files, programs, directories, databases, mini-disks, and special files.  In this document, the following are not resources: records, blocks, pages, segments, bits, bytes, words, fields, and processors.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Resource "}]}]},{"term":"Resource Access Point","link":"https://csrc.nist.gov/glossary/term/resource_access_point","abbrSyn":[{"text":"RAP","link":"https://csrc.nist.gov/glossary/term/rap"}],"definitions":null},{"term":"Resource allocation","link":"https://csrc.nist.gov/glossary/term/resource_allocation","definitions":[{"text":"A mechanism for limiting how much of a host’s resources a given container can consume.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190"}]}]},{"term":"resource consumer","link":"https://csrc.nist.gov/glossary/term/resource_consumer","abbrSyn":[{"text":"RC","link":"https://csrc.nist.gov/glossary/term/rc"}],"definitions":null},{"term":"resource manager","link":"https://csrc.nist.gov/glossary/term/resource_manager","abbrSyn":[{"text":"RM","link":"https://csrc.nist.gov/glossary/term/rm"}],"definitions":null},{"term":"Resource pooling","link":"https://csrc.nist.gov/glossary/term/resource_pooling","abbrSyn":[{"text":"RP","link":"https://csrc.nist.gov/glossary/term/rp"}],"definitions":[{"text":"The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"resource provider","link":"https://csrc.nist.gov/glossary/term/resource_provider","abbrSyn":[{"text":"RP","link":"https://csrc.nist.gov/glossary/term/rp"}],"definitions":null},{"term":"Resource Public Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/resource_public_key_infrastructure","abbrSyn":[{"text":"RPKI","link":"https://csrc.nist.gov/glossary/term/rpki"}],"definitions":[{"text":"The Resource Public Key Infrastructure is a framework aimed to secure the Internet’s routing infrastructure, in particular the routing information such as the IP address prefix and Originator mapping embedded in the BGP protocol. It provides certificates that are used to verify if the originating AS is permitted to publish the embedded IP address prefix(es).","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"Resource Record","link":"https://csrc.nist.gov/glossary/term/resource_record","abbrSyn":[{"text":"RR","link":"https://csrc.nist.gov/glossary/term/rr"}],"definitions":null},{"term":"Resource Record Signature","link":"https://csrc.nist.gov/glossary/term/resource_record_signature","abbrSyn":[{"text":"RRSIG","link":"https://csrc.nist.gov/glossary/term/rrsig"}],"definitions":null},{"term":"Resource Server","link":"https://csrc.nist.gov/glossary/term/resource_server","abbrSyn":[{"text":"RS","link":"https://csrc.nist.gov/glossary/term/rs"}],"definitions":null},{"term":"Resource-Oriented Lightweight Information Exchange","link":"https://csrc.nist.gov/glossary/term/resource_oriented_lightweight_information_exchange","abbrSyn":[{"text":"ROLIE","link":"https://csrc.nist.gov/glossary/term/rolie"}],"definitions":null},{"term":"Respond","link":"https://csrc.nist.gov/glossary/term/respond","abbrSyn":[{"text":"RS","link":"https://csrc.nist.gov/glossary/term/rs"}],"definitions":null},{"term":"respond (CSF function)","link":"https://csrc.nist.gov/glossary/term/respond_csf","abbrSyn":[{"text":"RS","link":"https://csrc.nist.gov/glossary/term/rs"}],"definitions":[{"text":"Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Respond (function) "}]}]},{"term":"Respond, Communications","link":"https://csrc.nist.gov/glossary/term/respond_communications","abbrSyn":[{"text":"RS.CO","link":"https://csrc.nist.gov/glossary/term/rs_co"}],"definitions":null},{"term":"Response","link":"https://csrc.nist.gov/glossary/term/response","abbrSyn":[{"text":"RES","link":"https://csrc.nist.gov/glossary/term/res"}],"definitions":null},{"term":"Response Rate Limiting","link":"https://csrc.nist.gov/glossary/term/response_rate_limiting","abbrSyn":[{"text":"RRL","link":"https://csrc.nist.gov/glossary/term/rrl"}],"definitions":null},{"term":"responsibility to provide","link":"https://csrc.nist.gov/glossary/term/responsibility_to_provide","definitions":[{"text":"An information distribution approach whereby relevant essential information is made readily available and discoverable to the broadest possible pool of potential users.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Responsible Person","link":"https://csrc.nist.gov/glossary/term/responsible_person","abbrSyn":[{"text":"RP","link":"https://csrc.nist.gov/glossary/term/rp"}],"definitions":null},{"term":"REST","link":"https://csrc.nist.gov/glossary/term/rest","abbrSyn":[{"text":"Representational State Transfer"},{"text":"Representational State Transfer (API)"}],"definitions":[{"text":"A software architectural style that defines a common method for defining APIs for Web services.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Representational State Transfer "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Representational State Transfer "}]}]},{"term":"restoration","link":"https://csrc.nist.gov/glossary/term/restoration","definitions":[{"text":"The process of changing the status of a suspended (i.e., temporarily invalid) certificate to valid.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"restricted data","link":"https://csrc.nist.gov/glossary/term/restricted_data","abbrSyn":[{"text":"RD","link":"https://csrc.nist.gov/glossary/term/rd"}],"definitions":[{"text":"All data concerning (i) design, manufacture, or utilization of atomic weapons; (ii) the production of special nuclear material; or (iii) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 [of the Atomic Energy Act of 1954].","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Restricted Data ","refSources":[{"text":"PL 83-703","link":"https://www.govinfo.gov/content/pkg/STATUTE-68/pdf/STATUTE-68-Pg919.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"PL 83-703","link":"https://www.govinfo.gov/content/pkg/STATUTE-68/pdf/STATUTE-68-Pg919.pdf"}]}]}]},{"term":"Result content","link":"https://csrc.nist.gov/glossary/term/result_content","definitions":[{"text":"Part or all of one or more SCAP result data streams.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"results","link":"https://csrc.nist.gov/glossary/term/results","definitions":[{"text":"All data acquired from using a questionnaire, such as the answers to individual questions and the final result for the entire questionnaire.","sources":[{"text":"NISTIR 7692","link":"https://doi.org/10.6028/NIST.IR.7692"}]}]},{"term":"Retention period","link":"https://csrc.nist.gov/glossary/term/retention_period","definitions":[{"text":"The minimum amount of time that a key or other cryptographically related information should be retained in an archive.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The minimum amount of time that a key or other cryptographically related information should be retained.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"The minimum amount of time that a key or other cryptographically related information should be retained in the archive.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"retirement","link":"https://csrc.nist.gov/glossary/term/retirement","definitions":[{"text":"Withdrawal of active support by the operation and maintenance organization, partial or total replacement by a new system, or installation of an upgraded system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 12207"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Return on Investment","link":"https://csrc.nist.gov/glossary/term/return_on_investment","abbrSyn":[{"text":"ROI","link":"https://csrc.nist.gov/glossary/term/roi"}],"definitions":null},{"term":"Return Oriented Programming","link":"https://csrc.nist.gov/glossary/term/return_oriented_programming","abbrSyn":[{"text":"ROP","link":"https://csrc.nist.gov/glossary/term/rop"}],"definitions":null},{"term":"Reverse Address Resolution Protocol","link":"https://csrc.nist.gov/glossary/term/reverse_address_resolution_protocol","abbrSyn":[{"text":"RARP","link":"https://csrc.nist.gov/glossary/term/rarp"}],"definitions":null},{"term":"Reverse Channel","link":"https://csrc.nist.gov/glossary/term/reverse_channel","abbrSyn":[{"text":"back channel","link":"https://csrc.nist.gov/glossary/term/back_channel"}],"definitions":[{"text":"See back channel","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Reverse SOAP","link":"https://csrc.nist.gov/glossary/term/reverse_soap","abbrSyn":[{"text":"PAOS","link":"https://csrc.nist.gov/glossary/term/paos"}],"definitions":null},{"term":"Review Status","link":"https://csrc.nist.gov/glossary/term/review_status","definitions":[{"text":"The status of the checklist within the internal NCP review process. Possible status options are: Candidate, Final, Archived, or Under Review. A status of \"Final\" signifies that NCP has reviewed the checklist and has accepted it for publication within the program.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"The status of the checklist within the internal NCP review process, a status of \"Final\" signifies that NCP has reviewed the checklist and has accepted it for publication within the program. Possible status options are: Candidate, Final, Archived, or Under Review.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Review Techniques","link":"https://csrc.nist.gov/glossary/term/review_techniques","definitions":[{"text":"Passive information security testing techniques, generally conducted manually, that are used to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities. They include documentation, log, ruleset, and system configuration review; network sniffing; and file integrity checking.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"revocation","link":"https://csrc.nist.gov/glossary/term/revocation","definitions":[{"text":"The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A process whereby a notice is made available to affected entities that keys should be removed from operational use prior to the end of the established cryptoperiod of those keys.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Revocation "}]}]},{"term":"Revoked Key Notification","link":"https://csrc.nist.gov/glossary/term/revoked_key_notification","abbrSyn":[{"text":"RKN","link":"https://csrc.nist.gov/glossary/term/rkn"}],"definitions":null},{"term":"Revoked key notification (RKN)","link":"https://csrc.nist.gov/glossary/term/revoked_key_notification_rkn","definitions":[{"text":"A report (e.g., a list) of one or more keys that have been revoked and the date(s) of revocation, possibly along with the reason for their revocation. Certificate Revocation Lists (CRLs) and Compromised Key Lists (CKLs) are examples of RKNs, along with Online Certificate Status Protocol (OCSP) responses (see RFC 6960).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Reward system","link":"https://csrc.nist.gov/glossary/term/reward_system","abbrSyn":[{"text":"Incentive mechanism"},{"text":"Incentive Mechanism","link":"https://csrc.nist.gov/glossary/term/incentive_mechanism"}],"definitions":[{"text":"See Incentive Mechanism","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"text":"See Reward system","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","underTerm":" under Incentive mechanism "}]},{"text":"A means of providing blockchain network users an award for activities within the blockchain network (typically used as a system to reward successful publishing of blocks). Also known as incentive systems.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"RF","link":"https://csrc.nist.gov/glossary/term/rf","abbrSyn":[{"text":"radio frequency","link":"https://csrc.nist.gov/glossary/term/radio_frequency"},{"text":"Radio Frequency"},{"text":"Random Forests","link":"https://csrc.nist.gov/glossary/term/random_forests"}],"definitions":null},{"term":"RF Subsystem","link":"https://csrc.nist.gov/glossary/term/rf_subsystem","definitions":[{"text":"The portion of the RFID system that uses radio frequencies to perform identification and related transactions. The RF subsystem consists of two components: a reader and a tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"RFC","link":"https://csrc.nist.gov/glossary/term/rfc","abbrSyn":[{"text":"random forest classification","link":"https://csrc.nist.gov/glossary/term/random_forest_classification"},{"text":"Request for Comment"},{"text":"Request For Comment"},{"text":"request for comments"},{"text":"Request for Comments","link":"https://csrc.nist.gov/glossary/term/request_for_comments"},{"text":"Request For Comments"},{"text":"Request for Comments (IETF standards document)","link":"https://csrc.nist.gov/glossary/term/request_for_comments_ietf_standards_document"}],"definitions":[{"text":"A Request For Comments is a formal standards-track document developed in working groups within the Internet Engineering Task Force (IETF).","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Request for Comments "}]}]},{"term":"RFD","link":"https://csrc.nist.gov/glossary/term/rfd","abbrSyn":[{"text":"Route Flap Damping","link":"https://csrc.nist.gov/glossary/term/route_flap_damping"}],"definitions":null},{"term":"RFI","link":"https://csrc.nist.gov/glossary/term/rfi","abbrSyn":[{"text":"radio frequency interference","link":"https://csrc.nist.gov/glossary/term/radio_frequency_interference"},{"text":"Radio Frequency Interference"},{"text":"Request for Information","link":"https://csrc.nist.gov/glossary/term/request_for_information"},{"text":"Request(s) for Information"}],"definitions":null},{"term":"RFID","link":"https://csrc.nist.gov/glossary/term/rfid","abbrSyn":[{"text":"Radio Frequency Identification"},{"text":"Radio-Frequency Identification","link":"https://csrc.nist.gov/glossary/term/radio_frequency_identification"}],"definitions":null},{"term":"RFP","link":"https://csrc.nist.gov/glossary/term/rfp","abbrSyn":[{"text":"Request for Proposal","link":"https://csrc.nist.gov/glossary/term/request_for_proposal"},{"text":"Request For Proposal"}],"definitions":null},{"term":"RFU","link":"https://csrc.nist.gov/glossary/term/rfu","abbrSyn":[{"text":"Reserved for Future Use","link":"https://csrc.nist.gov/glossary/term/reserved_for_future_use"}],"definitions":null},{"term":"RHEL","link":"https://csrc.nist.gov/glossary/term/rhel","abbrSyn":[{"text":"Red Hat Enterprise Linux","link":"https://csrc.nist.gov/glossary/term/red_hat_enterprise_linux"}],"definitions":null},{"term":"RIB","link":"https://csrc.nist.gov/glossary/term/rib","abbrSyn":[{"text":"Routing Information Base","link":"https://csrc.nist.gov/glossary/term/routing_information_base"}],"definitions":null},{"term":"Ribonucleic Acid","link":"https://csrc.nist.gov/glossary/term/ribonucleic_acid","abbrSyn":[{"text":"RNA","link":"https://csrc.nist.gov/glossary/term/rna"}],"definitions":null},{"term":"Rich Communication Services","link":"https://csrc.nist.gov/glossary/term/rich_communication_services","abbrSyn":[{"text":"RCS","link":"https://csrc.nist.gov/glossary/term/rcs"}],"definitions":null},{"term":"Rich Execution Environment","link":"https://csrc.nist.gov/glossary/term/rich_execution_environment","abbrSyn":[{"text":"REE","link":"https://csrc.nist.gov/glossary/term/ree"}],"definitions":null},{"term":"Rich Site Summary or Really Simple Syndication","link":"https://csrc.nist.gov/glossary/term/rich_site_summary_or_really_simple_syndication","abbrSyn":[{"text":"RSS","link":"https://csrc.nist.gov/glossary/term/rss"}],"definitions":null},{"term":"RID","link":"https://csrc.nist.gov/glossary/term/rid","abbrSyn":[{"text":"Real-time Inter-network Defense"},{"text":"Real-Time Inter-Network Defense","link":"https://csrc.nist.gov/glossary/term/real_time_inter_network_defense"},{"text":"Registered application provider IDentifier","link":"https://csrc.nist.gov/glossary/term/registered_application_provider_identifier"}],"definitions":null},{"term":"RIDR","link":"https://csrc.nist.gov/glossary/term/ridr","abbrSyn":[{"text":"Robust Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/robust_inter_domain_routing"}],"definitions":null},{"term":"Rijndael","link":"https://csrc.nist.gov/glossary/term/rijndael","definitions":[{"text":"The block cipher that NIST selected as the winner of the AES competition.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"RIM","link":"https://csrc.nist.gov/glossary/term/rim","abbrSyn":[{"text":"Reference Integrity Manifest","link":"https://csrc.nist.gov/glossary/term/reference_integrity_manifest"}],"definitions":null},{"term":"Ring Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/ring_learning_with_rounding","abbrSyn":[{"text":"RLWR","link":"https://csrc.nist.gov/glossary/term/rlwr"}],"definitions":null},{"term":"RIP","link":"https://csrc.nist.gov/glossary/term/rip","abbrSyn":[{"text":"Routing Information Protocol","link":"https://csrc.nist.gov/glossary/term/routing_information_protocol"}],"definitions":null},{"term":"RIPE","link":"https://csrc.nist.gov/glossary/term/ripe","abbrSyn":[{"text":"Réseaux IP Européens","link":"https://csrc.nist.gov/glossary/term/reseaux_ip_europeens"}],"definitions":null},{"term":"RIPE NCC","link":"https://csrc.nist.gov/glossary/term/ripe_ncc","abbrSyn":[{"text":"Réseaux IP Européens Network Coordination Centre","link":"https://csrc.nist.gov/glossary/term/reseaux_ip_europeens_network_coordination_centre"}],"definitions":[{"text":"Regional Internet Registry for Europe, the Middle East, and parts of Central Asia that allocates and registers blocks of Internet number resources to Internet service providers (ISPs) and other organizations.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Réseaux IP Européens Network Coordination Centre "}]}]},{"term":"RIPEMD","link":"https://csrc.nist.gov/glossary/term/ripemd","abbrSyn":[{"text":"RACE Integrity Primitives Evaluation Message Digest","link":"https://csrc.nist.gov/glossary/term/race_integrity_primitives_evaluation_message_digest"}],"definitions":null},{"term":"Ripple","link":"https://csrc.nist.gov/glossary/term/ripple","abbrSyn":[{"text":"XRP","link":"https://csrc.nist.gov/glossary/term/xrp"}],"definitions":null},{"term":"RIR","link":"https://csrc.nist.gov/glossary/term/rir","abbrSyn":[{"text":"Regional Internet Registry","link":"https://csrc.nist.gov/glossary/term/regional_internet_registry"}],"definitions":null},{"term":"RIS","link":"https://csrc.nist.gov/glossary/term/ris","abbrSyn":[{"text":"Radiology Information System","link":"https://csrc.nist.gov/glossary/term/radiology_information_system"},{"text":"Remote Installation Service","link":"https://csrc.nist.gov/glossary/term/remote_installation_service"}],"definitions":null},{"term":"RISC","link":"https://csrc.nist.gov/glossary/term/risc","abbrSyn":[{"text":"Reduced Instruction Set Computer","link":"https://csrc.nist.gov/glossary/term/reduced_instruction_set_computer"},{"text":"Reduced Instruction Set Computing","link":"https://csrc.nist.gov/glossary/term/reduced_instruction_set_computing"}],"definitions":null},{"term":"Risk Adaptive (Adaptable) Access Control","link":"https://csrc.nist.gov/glossary/term/risk_adaptive_adaptable_access_control","abbrSyn":[{"text":"RAdAC","link":"https://csrc.nist.gov/glossary/term/radac"}],"definitions":[{"text":"In RAdAC, access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Risk-Adaptive Access Control (RAdAC) ","refSources":[{"text":"TAT-06284"}]}]},{"text":"A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under risk adaptable access control (RAdAC) "}]},{"text":"Access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under risk-adaptive access control ","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under risk-adaptive access control ","refSources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]}]}]},{"term":"risk aggregation","link":"https://csrc.nist.gov/glossary/term/risk_aggregation","definitions":[{"text":"The combination of several risks into one risk to develop a more complete understanding of the overall risk.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"risk analysis","link":"https://csrc.nist.gov/glossary/term/risk_analysis","abbrSyn":[{"text":"risk assessment","link":"https://csrc.nist.gov/glossary/term/risk_assessment"}],"definitions":[{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. A part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - adapted"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - adapted"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, images, and reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under risk assessment "}]},{"text":"Process to comprehend the nature of risk and to determine the level of risk.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"Overall process of risk identification, risk analysis, and risk evaluation.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under risk assessment ","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under risk assessment "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. \r\nPart of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Analysis "}]},{"text":"See risk analysis","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under risk assessment "}]},{"text":"The process of identifying risks to organizational operations\n(including mission, functions, image, reputation), organizational\nassets, individuals, other organizations, and the Nation, resulting\nfrom the operation of an information system. Part of risk\nmanagement, incorporates threat and vulnerability analyses,\nand considers mitigations provided by security controls planned\nor in place.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - Adapted"}]}]},{"text":"Risk management includes threat and vulnerability analyses as well as analyses of adverse effects on individuals arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under risk assessment ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under risk assessment ","refSources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","note":" - Adapted"}]}]},{"text":"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses and analyses of privacy problems arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.","sources":[{"text":"NIST SP 1800-11B","link":"https://doi.org/10.6028/NIST.SP.1800-11","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 1800-30B","link":"https://doi.org/10.6028/NIST.SP.1800-30","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 1800-34B","link":"https://doi.org/10.6028/NIST.SP.1800-34","underTerm":" under risk assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is part of risk management.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Risk Analysis "}]},{"text":"The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"See risk analysis.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under risk assessment "}]}]},{"term":"Risk Assessment Methodology","link":"https://csrc.nist.gov/glossary/term/risk_assessment_methodology","definitions":[{"text":"A risk assessment process, together with a risk model, assessment approach, and analysis approach.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"term":"risk assessment report (RAR)","link":"https://csrc.nist.gov/glossary/term/risk_assessment_report","abbrSyn":[{"text":"RAR","link":"https://csrc.nist.gov/glossary/term/rar"}],"definitions":[{"text":"The report which contains the results of performing a risk assessment or the formal output from the process of assessing risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessment Report "}]}]},{"term":"risk assessor","link":"https://csrc.nist.gov/glossary/term/risk_assessor","abbrSyn":[{"text":"assessor","link":"https://csrc.nist.gov/glossary/term/assessor"},{"text":"Assessor"}],"definitions":[{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a risk assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Assessor ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"See Security Control Assessor.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under assessor "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under assessor "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under assessor "}]},{"text":"See Security Control Assessor or Privacy Control Assessor.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessor "}]},{"text":"The individual responsible for conducting assessment activities under the guidance and direction of a Designated Authorizing Official. The Assessor is a 3rd party.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under assessor "}]},{"text":"See security control assessor or risk assessor.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under assessor ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under assessor "}]}],"seeAlso":[{"text":"control assessor","link":"control_assessor"}]},{"term":"risk criteria","link":"https://csrc.nist.gov/glossary/term/risk_criteria","definitions":[{"text":"Terms of reference against which the significance of a risk is evaluated, such as organizational objectives, internal/external context, and mandatory requirements (e.g., standards, laws, policies).","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"Terms of reference against which the significance of a risk is evaluated.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"Risk Detail Record","link":"https://csrc.nist.gov/glossary/term/risk_detail_record","abbrSyn":[{"text":"RDR","link":"https://csrc.nist.gov/glossary/term/rdr"}],"definitions":null},{"term":"Risk Detail Report","link":"https://csrc.nist.gov/glossary/term/risk_detail_report","definitions":[{"text":"A report listing detailed risk scenario information supporting the contents of a risk register entry including, but not limited to, risk history information, risk analysis data, and information about individual and organizational accountability.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"risk elevation","link":"https://csrc.nist.gov/glossary/term/risk_elevation","definitions":[{"text":"The process of transferring the decisions on risk response to a more senior stakeholder when the factors involved (e.g., a regulatory compliance risk) are particularly sensitive or critical. For example, enterprise risk strategy might direct that any risk with more than $1 million exposure or risks related to a particularly important business application must be managed at a more senior level.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"risk escalation","link":"https://csrc.nist.gov/glossary/term/risk_escalation","definitions":[{"text":"Occurs when a particular threshold is reached, either based on a time frame or some other risk condition, thus requiring a higher level of attention. For example, a risk that has remained through more than two fiscal periods without adequate treatment might be flagged for additional scrutiny. Another condition for escalation might occur if, during risk monitoring, conditions indicate that the risk exposure rating will significantly exceed the initial estimates.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"risk evaluation","link":"https://csrc.nist.gov/glossary/term/risk_evaluation","definitions":[{"text":"Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is/are acceptable or tolerable.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"risk executive (function)","link":"https://csrc.nist.gov/glossary/term/risk_executive","abbrSyn":[{"text":"RE(f)","link":"https://csrc.nist.gov/glossary/term/re_f"}],"definitions":[{"text":"An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing information system-related security risks is consistent across the organization, reflects organizational risk tolerance, and is considered along with organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An individual or group within an organization, led by the senior accountable official for risk management, that helps to ensure that security risk considerations for individual systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and managing risk from individual systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"An individual or group within an organization that helps to ensure that (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" - Adapted"}]}]},{"text":"An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing information system-related security risks is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Risk Executive (Function) "}]},{"text":"An individual or group within an organization that helps to ensure that: (i) security and privacy risk-related considerations for individual information systems, to include the authorization decisions, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing information system-related security and privacy risks is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]},{"text":"An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, including the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"An individual or group within an organization that helps to ensure that security risk-related considerations for individual systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its mission and business functions; and managing risk from individual systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission or business success.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"An individual or group within an organization that helps to ensure that provides a comprehensive, organization-wide approach to risk management. The risk executive (function) serves as the common risk management resource for senior leaders, executives, and managers, mission/business owners, chief information officers, senior agency information security officers, senior agency officials for privacy, system owners, common control providers, enterprise architects, security architects, systems security or privacy engineers, system security or privacy officers, and any other stakeholders having a vested interest in the mission/business success of organizations. The risk executive (function) is an inherent U.S. Government function and is assigned to government personnel only. (SP800-37 Revision 2)","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Risk Executive (Function) ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]}]},{"term":"Risk Executive Function","link":"https://csrc.nist.gov/glossary/term/risk_executive_function","abbrSyn":[{"text":"RE(f)","link":"https://csrc.nist.gov/glossary/term/re_f"}],"definitions":null},{"term":"risk factor","link":"https://csrc.nist.gov/glossary/term/risk_factor","definitions":[{"text":"A characteristic used in a risk model as an input for determining the level of risk in a risk assessment.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A characteristic used in a risk model as an input to determining the level of risk in a risk assessment.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Factor "}]}]},{"term":"risk framing","link":"https://csrc.nist.gov/glossary/term/risk_framing","definitions":[{"text":"Risk framing is the set of assumptions, constraints, risk tolerances, and priorities/trade-offs that shape an organization’s approach for managing risk.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"The set of assumptions, constraints, risk tolerances, and priorities/trade-offs that shape an organization’s approach for managing risk","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Risk Framing ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Risk Framing ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"A characteristic used in a risk model as an input to determining the level of risk in a risk assessment.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"risk governance","link":"https://csrc.nist.gov/glossary/term/risk_governance","definitions":[{"text":"The process by which risk management evaluation, decisions, and actions are connected to enterprise strategy and objectives. Risk governance provides the transparency, responsibility, and accountability that enables managers to acceptably manage risk.","sources":[{"text":"NIST SP 800-221","link":"https://doi.org/10.6028/NIST.SP.800-221"}]}]},{"term":"risk identification","link":"https://csrc.nist.gov/glossary/term/risk_identification","definitions":[{"text":"Process of finding, recognizing, and describing risks.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"Risk Management Council or Committee","link":"https://csrc.nist.gov/glossary/term/risk_management_council_or_committee","abbrSyn":[{"text":"RMC","link":"https://csrc.nist.gov/glossary/term/rmc"}],"definitions":null},{"term":"risk management framework (RMF)","link":"https://csrc.nist.gov/glossary/term/risk_management_framework","abbrSyn":[{"text":"RMF","link":"https://csrc.nist.gov/glossary/term/rmf"}],"definitions":[{"text":"A disciplined and structured process that integrates information security and risk management activities into the system development life cycle.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"A structured approach used to oversee and manage risk for an enterprise.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Risk Management Framework (RMF) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The Risk Management Framework (RMF), presented in NIST SP 800-37, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"The Risk Management Framework (RMF) provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of systems into the mission and business processes of the organization.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Management Framework ","refSources":[{"text":"RMF Quick Start Guides","link":"/projects/risk-management/about-rmf"}]}]}]},{"term":"Risk Management Framework (RMF) step","link":"https://csrc.nist.gov/glossary/term/risk_management_framework_step","definitions":[{"text":"A reference to one of the 6 steps in the Risk Management Framework process defined in SP 800-37.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"risk management level","link":"https://csrc.nist.gov/glossary/term/risk_management_level","definitions":[{"text":"One of three organizational levels defined in NIST SP 800-39: Level 1 (organizational level), Level 2 (mission/business process level), or Level 3(system level).","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A"}]}]},{"term":"Risk Management Process","link":"https://csrc.nist.gov/glossary/term/risk_management_process","abbrSyn":[{"text":"RMP","link":"https://csrc.nist.gov/glossary/term/rmp"}],"definitions":null},{"term":"risk management strategy","link":"https://csrc.nist.gov/glossary/term/risk_management_strategy","definitions":[{"text":"Strategy that addresses how organizations intend to assess risk, respond to risk, and monitor risk—making explicit and transparent the risk perceptions that organizations routinely use in making both investment and operational decisions.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]}]},{"term":"risk mitigation","link":"https://csrc.nist.gov/glossary/term/risk_mitigation","definitions":[{"text":"Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Risk Mitigation ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Mitigation ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Mitigation ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Risk Mitigation ","refSources":[{"text":"CNSSI 4009-2010"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process. A subset of Risk Response.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Mitigation ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"risk model","link":"https://csrc.nist.gov/glossary/term/risk_model","definitions":[{"text":"A key component of a risk assessment methodology (in addition to assessment approach and analysis approach) that defines key terms and assessable risk factors.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Model "},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]}]},{"term":"risk optimization","link":"https://csrc.nist.gov/glossary/term/risk_optimization","definitions":[{"text":"A risk-related process to minimize negative and maximize positive consequences and their respective probabilities; risk optimization depends on risk criteria, including costs and legal requirements.","sources":[{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"}]}]},{"term":"Risk Profile","link":"https://csrc.nist.gov/glossary/term/risk_profile","definitions":[{"text":"A prioritized inventory of the most significant risks identified and assessed through the risk assessment process versus a complete inventory of risks.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"OMB M-16-17","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf"}]}]}]},{"term":"Risk Reserve","link":"https://csrc.nist.gov/glossary/term/risk_reserve","definitions":[{"text":"A types of management reserve where funding or labor hours are set aside and employed if a risk is triggered to ensure the opportunity is realized or threat is avoided.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"risk response","link":"https://csrc.nist.gov/glossary/term/risk_response","definitions":[{"text":"Intentional and informed decision and actions to accept, avoid, mitigate, share, or transfer an identified risk.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Risk Response ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation. See Course of Action.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Risk Response ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Risk Response "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Risk Response "},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"Accepting, avoiding, mitigating, sharing, or transferring risk to agency operations, agency assets, individuals, other organizations, or the Nation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A way to keep risk within tolerable levels. Negative risks can be accepted, transferred, mitigated, or avoided. Positive risks can be realized, shared, enhanced, or accepted.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Risk Response "}]}],"seeAlso":[{"text":"Course of Action","link":"course_of_action"},{"text":"course of action (risk response)"}]},{"term":"Risk Response Measure","link":"https://csrc.nist.gov/glossary/term/risk_response_measure","definitions":[{"text":"A specific action taken to respond to an identified risk.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"term":"risk response plan","link":"https://csrc.nist.gov/glossary/term/risk_response_plan","definitions":[{"text":"A summary of potential consequence(s) of the successful exploitation of a specific vulnerability or vulnerabilities by a threat agent, as well as mitigating strategies and C-SCRM controls.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"risk treatment","link":"https://csrc.nist.gov/glossary/term/risk_treatment","definitions":[{"text":"Process to modify risk.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]}]},{"term":"RITE","link":"https://csrc.nist.gov/glossary/term/rite","abbrSyn":[{"text":"Resilient Interdomain Traffic Exchange","link":"https://csrc.nist.gov/glossary/term/resilient_interdomain_traffic_exchange"}],"definitions":null},{"term":"Rivest Cipher 4","link":"https://csrc.nist.gov/glossary/term/rivest_cipher_4","abbrSyn":[{"text":"RC4","link":"https://csrc.nist.gov/glossary/term/rc4"}],"definitions":null},{"term":"Rivest-Shamir-Adleman","link":"https://csrc.nist.gov/glossary/term/rivest_shamir_adleman","abbrSyn":[{"text":"RSA","link":"https://csrc.nist.gov/glossary/term/rsa"}],"definitions":[{"text":"For the purposes of this specification, RSA is a public-key signature algorithm specified by PKCS #1. As a reversible public-key algorithm, it may also be used for encryption.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under RSA "}]},{"text":"Rivest, Shamir, Adelman; an algorithm approved in [FIPS 186] for digital signatures and in [SP 800-56B] for key establishment.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under RSA "}]},{"text":"Algorithm developed by Rivest, Shamir and Adelman (allowed in FIPS 186-3 and specified in ANS X9.31 and PKCS #1).","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under RSA "}]},{"text":"A public-key algorithm that is used for key establishment and the generation and verification of digital signatures.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under RSA "}]},{"text":"An algorithm approved in FIPS 186 for digital signatures and in SP 800-56B for key establishment.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]}]}]},{"term":"RK","link":"https://csrc.nist.gov/glossary/term/rk","abbrSyn":[{"text":"Root Key","link":"https://csrc.nist.gov/glossary/term/root_key"}],"definitions":null},{"term":"RKN","link":"https://csrc.nist.gov/glossary/term/rkn","abbrSyn":[{"text":"Revoked Key Notification","link":"https://csrc.nist.gov/glossary/term/revoked_key_notification"}],"definitions":null},{"term":"RLP","link":"https://csrc.nist.gov/glossary/term/rlp","abbrSyn":[{"text":"Route Leak Protection","link":"https://csrc.nist.gov/glossary/term/route_leak_protection"}],"definitions":null},{"term":"RLS","link":"https://csrc.nist.gov/glossary/term/rls","abbrSyn":[{"text":"Row Level Security","link":"https://csrc.nist.gov/glossary/term/row_level_security"}],"definitions":null},{"term":"RLWR","link":"https://csrc.nist.gov/glossary/term/rlwr","abbrSyn":[{"text":"Ring Learning With Rounding","link":"https://csrc.nist.gov/glossary/term/ring_learning_with_rounding"}],"definitions":null},{"term":"RM","link":"https://csrc.nist.gov/glossary/term/rm","abbrSyn":[{"text":"resource manager","link":"https://csrc.nist.gov/glossary/term/resource_manager"}],"definitions":null},{"term":"RMA","link":"https://csrc.nist.gov/glossary/term/rma","abbrSyn":[{"text":"Reliability, Maintainability, and Availability","link":"https://csrc.nist.gov/glossary/term/reliability_maintainability_and_availability"},{"text":"Reliability, Maintainability, Availability","link":"https://csrc.nist.gov/glossary/term/reliability_maintainability_availability"}],"definitions":null},{"term":"RMC","link":"https://csrc.nist.gov/glossary/term/rmc","abbrSyn":[{"text":"Risk Management Council or Committee","link":"https://csrc.nist.gov/glossary/term/risk_management_council_or_committee"}],"definitions":null},{"term":"RME","link":"https://csrc.nist.gov/glossary/term/rme","abbrSyn":[{"text":"Realm Management Extension","link":"https://csrc.nist.gov/glossary/term/realm_management_extension"}],"definitions":null},{"term":"RMF","link":"https://csrc.nist.gov/glossary/term/rmf","abbrSyn":[{"text":"NIST Risk Management Framework","link":"https://csrc.nist.gov/glossary/term/nist_risk_management_framework"},{"text":"Risk Management Framework"}],"definitions":[{"text":"A disciplined and structured process that integrates information security and risk management activities into the system development life cycle.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"The Risk Management Framework (RMF), presented in NIST SP 800-37, provides a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Risk Management Framework "},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under Risk Management Framework ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"The Risk Management Framework (RMF) provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of systems into the mission and business processes of the organization.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Risk Management Framework ","refSources":[{"text":"RMF Quick Start Guides","link":"/projects/risk-management/about-rmf"}]}]}]},{"term":"RMI","link":"https://csrc.nist.gov/glossary/term/rmi","abbrSyn":[{"text":"Remote Method Invocation","link":"https://csrc.nist.gov/glossary/term/remote_method_invocation"}],"definitions":null},{"term":"RMM","link":"https://csrc.nist.gov/glossary/term/rmm","abbrSyn":[{"text":"Resilience Management Model","link":"https://csrc.nist.gov/glossary/term/resilience_management_model"}],"definitions":null},{"term":"RMON","link":"https://csrc.nist.gov/glossary/term/rmon","abbrSyn":[{"text":"Remote Monitoring","link":"https://csrc.nist.gov/glossary/term/remote_monitoring"}],"definitions":null},{"term":"RMP","link":"https://csrc.nist.gov/glossary/term/rmp","abbrSyn":[{"text":"record-matching probability","link":"https://csrc.nist.gov/glossary/term/record_matching_probability"},{"text":"Risk Management Process","link":"https://csrc.nist.gov/glossary/term/risk_management_process"}],"definitions":null},{"term":"RN","link":"https://csrc.nist.gov/glossary/term/rn","abbrSyn":[{"text":"Relay Node","link":"https://csrc.nist.gov/glossary/term/relay_node"}],"definitions":null},{"term":"RNA","link":"https://csrc.nist.gov/glossary/term/rna","abbrSyn":[{"text":"Ribonucleic Acid","link":"https://csrc.nist.gov/glossary/term/ribonucleic_acid"}],"definitions":null},{"term":"RNG","link":"https://csrc.nist.gov/glossary/term/rng","abbrSyn":[{"text":"random number generation","link":"https://csrc.nist.gov/glossary/term/random_number_generation"},{"text":"Random Number Generation"},{"text":"Random Number Generator"}],"definitions":null},{"term":"RNG seed","link":"https://csrc.nist.gov/glossary/term/rng_seed","definitions":[{"text":"A seed that is used to initialize a deterministic random bit generator. Also called an RBG seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}],"seeAlso":[{"text":"RBG seed","link":"rbg_seed"},{"text":"Seed","link":"seed"}]},{"term":"ROA","link":"https://csrc.nist.gov/glossary/term/roa","abbrSyn":[{"text":"Route Origin Attestation","link":"https://csrc.nist.gov/glossary/term/route_origin_attestation"},{"text":"Route Origin Authorization","link":"https://csrc.nist.gov/glossary/term/route_origin_authorization"}],"definitions":[{"text":"A Route Origin Attestation is a cryptographically verifiable attestation that a given Internet prefix can be announced by an AS listed within the attestation.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Route Origin Attestation "}]}]},{"term":"Robot Operating System","link":"https://csrc.nist.gov/glossary/term/robot_operating_system","abbrSyn":[{"text":"ROS","link":"https://csrc.nist.gov/glossary/term/ros"}],"definitions":null},{"term":"Robust Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/robust_inter_domain_routing","abbrSyn":[{"text":"RIDR","link":"https://csrc.nist.gov/glossary/term/ridr"}],"definitions":null},{"term":"Robust Security Network Information Element","link":"https://csrc.nist.gov/glossary/term/robust_security_network_information_element","abbrSyn":[{"text":"RSNIE","link":"https://csrc.nist.gov/glossary/term/rsnie"}],"definitions":null},{"term":"robustness","link":"https://csrc.nist.gov/glossary/term/robustness","definitions":[{"text":"The ability of an information assurance (IA) entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"When applied to ISCM, a property that an ISCM capability is sufficiently accurate, complete, timely, and reliable for providing security status information to organization decision-makers to enable them to make risk-based decisions. The ability of an information assurance (IA) entity to operate correctly and reliably across a wide range of operational conditions and to fail gracefully outside of that operational range.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"ROE","link":"https://csrc.nist.gov/glossary/term/roe","abbrSyn":[{"text":"Rules of Engagement"}],"definitions":null},{"term":"Rogue Device","link":"https://csrc.nist.gov/glossary/term/rogue_device","definitions":[{"text":"An unauthorized node on a network.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"ROI","link":"https://csrc.nist.gov/glossary/term/roi","abbrSyn":[{"text":"Return on Investment","link":"https://csrc.nist.gov/glossary/term/return_on_investment"},{"text":"Return On Investment"}],"definitions":null},{"term":"role","link":"https://csrc.nist.gov/glossary/term/role","definitions":[{"text":"A job function or employment position to which people or other system entities may be assigned in a system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Role ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"the set of named duties or job functions within an organization.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under Role "}]},{"text":"A collection of permissions in role-based access control, usually associated with a role or position within an organization.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Role "}]}]},{"term":"role-based access control (RBAC)","link":"https://csrc.nist.gov/glossary/term/role_based_access_control","abbrSyn":[{"text":"RBAC","link":"https://csrc.nist.gov/glossary/term/rbac"}],"definitions":[{"text":"Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Role-Based Access Control "}]},{"text":"A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Role Based Access Control (RBAC) ","refSources":[{"text":"OASIS XACML Profile for Role Based Access Control (RBAC)","link":"https://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf"}]}]},{"text":"mapped to job function, assumes that a person will take on different roles, overtime, within an organization and different responsibilities in relation to IT systems.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Role-Based "}]},{"text":"Access control based on user roles (i.e., a collection of access authorizations that a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under role-based access control "}]}]},{"term":"Role-based authentication","link":"https://csrc.nist.gov/glossary/term/role_based_authentication","definitions":[{"text":"A process that provides assurance of an entity’s role by means of an authentication mechanism that verifies the role of the entity. Contrast with identity-based authentication","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Roles and Responsibilities","link":"https://csrc.nist.gov/glossary/term/roles_and_responsibilities","definitions":[{"text":"functions performed by someone in a specific situation andobligations to tasks or duties for which that person is accountable.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"ROLIE","link":"https://csrc.nist.gov/glossary/term/rolie","abbrSyn":[{"text":"Resource-Oriented Lightweight Information Exchange","link":"https://csrc.nist.gov/glossary/term/resource_oriented_lightweight_information_exchange"}],"definitions":null},{"term":"Rollup","link":"https://csrc.nist.gov/glossary/term/rollup","definitions":[{"text":"A scheme that enables the off-chain processing of transactions by one or more operators with on-chain state update commitments that contain “compressed” per-transaction data.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"ROM","link":"https://csrc.nist.gov/glossary/term/rom","abbrSyn":[{"text":"random oracle model","link":"https://csrc.nist.gov/glossary/term/random_oracle_model"},{"text":"Random oracle model"},{"text":"Random Oracle Model"},{"text":"Read Only Memory"},{"text":"Read-only Memory"},{"text":"Read-Only Memory","link":"https://csrc.nist.gov/glossary/term/read_only_memory"},{"text":"Rough Order of Magnitude","link":"https://csrc.nist.gov/glossary/term/rough_order_of_magnitude"}],"definitions":[{"text":"ROM is a pre-recorded storage medium that can only be read from and not written to.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Read-Only Memory "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Read-Only Memory ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"See Read-Only Memory.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Root Cause Analysis","link":"https://csrc.nist.gov/glossary/term/root_cause_analysis","definitions":[{"text":"A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"term":"Root Certificate","link":"https://csrc.nist.gov/glossary/term/root_certificate","definitions":[{"text":"A self-signed certificate, as defined by IETF RFC 5280, issued by a root CA. A root certificate is typically securely installed on systems so they can verify end-entity certificates they receive.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Root certificate "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Root certificate "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Root Certificate Authority (CA)","link":"https://csrc.nist.gov/glossary/term/root_certificate_authority","definitions":[{"text":"In a hierarchical public key infrastructure (PKI), the certification authority (CA) whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under root certificate authority ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 1800-21C","link":"https://doi.org/10.6028/NIST.SP.1800-21"}]},{"text":"In a hierarchical public key infrastructure (PKI), the CA whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Root certificate authority ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Root certificate authority ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Root Certificate Authority ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]}]},{"term":"Root Key","link":"https://csrc.nist.gov/glossary/term/root_key","abbrSyn":[{"text":"RK","link":"https://csrc.nist.gov/glossary/term/rk"}],"definitions":null},{"term":"Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_measurement","abbrSyn":[{"text":"RTM","link":"https://csrc.nist.gov/glossary/term/rtm"}],"definitions":null},{"term":"Root of Trust for Reporting","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_reporting","abbrSyn":[{"text":"RTR","link":"https://csrc.nist.gov/glossary/term/rtr"}],"definitions":null},{"term":"Root of Trust for Storage","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_storage","abbrSyn":[{"text":"RTS","link":"https://csrc.nist.gov/glossary/term/rts"}],"definitions":null},{"term":"Root of Trust for Update","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_update","abbrSyn":[{"text":"RTU","link":"https://csrc.nist.gov/glossary/term/rtu"}],"definitions":null},{"term":"Root of Trust for Update verification component","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_update_verification_component","abbrSyn":[{"text":"RTU-V","link":"https://csrc.nist.gov/glossary/term/rtu_v"}],"definitions":null},{"term":"root user","link":"https://csrc.nist.gov/glossary/term/root_user","abbrSyn":[{"text":"privileged user","link":"https://csrc.nist.gov/glossary/term/privileged_user"}],"definitions":[{"text":"A user who is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under privileged user "}]},{"text":"A user who is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under privileged user "}]},{"text":"A user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under privileged user "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under privileged user ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under privileged user "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under privileged user "}]},{"text":"A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under privileged user "}]},{"text":"See privileged user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"rootkit","link":"https://csrc.nist.gov/glossary/term/rootkit","definitions":[{"text":"A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Rootkit ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"A collection of files that is installed on a host to alter the standard functionality of the host in a malicious and stealthy way.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","underTerm":" under Rootkit "}]}]},{"term":"roots of trust","link":"https://csrc.nist.gov/glossary/term/roots_of_trust","abbrSyn":[{"text":"RoT","link":"https://csrc.nist.gov/glossary/term/rot"},{"text":"ROTs","link":"https://csrc.nist.gov/glossary/term/rots"}],"definitions":[{"text":"A starting point that is implicitly trusted.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320","underTerm":" under Root of Trust "}]},{"text":"Highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. Roots of trust provide a firm foundation from which to build security and trust.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST Roots of Trust Project","link":"/projects/hardware-roots-of-trust"}]}]}]},{"term":"ROP","link":"https://csrc.nist.gov/glossary/term/rop","abbrSyn":[{"text":"Return Oriented Programming","link":"https://csrc.nist.gov/glossary/term/return_oriented_programming"}],"definitions":null},{"term":"ROS","link":"https://csrc.nist.gov/glossary/term/ros","abbrSyn":[{"text":"Robot Operating System","link":"https://csrc.nist.gov/glossary/term/robot_operating_system"}],"definitions":null},{"term":"RoT","link":"https://csrc.nist.gov/glossary/term/rot","abbrSyn":[{"text":"Root of Trust"}],"definitions":[{"text":"A starting point that is implicitly trusted.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320","underTerm":" under Root of Trust "}]}]},{"term":"Rotate","link":"https://csrc.nist.gov/glossary/term/rotate","definitions":[{"text":"The process of renewing a certificate in conjunction with a rekey, followed by the process of replacing the existing certificate with the new certificate.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"ROTs","link":"https://csrc.nist.gov/glossary/term/rots","abbrSyn":[{"text":"Roots of Trust"}],"definitions":null},{"term":"Rough Order of Magnitude","link":"https://csrc.nist.gov/glossary/term/rough_order_of_magnitude","abbrSyn":[{"text":"ROM","link":"https://csrc.nist.gov/glossary/term/rom"}],"definitions":[{"text":"See Read-Only Memory.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under ROM "}]}]},{"term":"Round","link":"https://csrc.nist.gov/glossary/term/round","definitions":[{"text":"A sequence of transformations of the state that is iterated \\(Nr\\) times in the specifications of CIPHER(), INVCIPHER(), and EQINVCIPHER(). The sequence consists of four transformations, except for one iteration, in which one of the transformations is omitted.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"Round key","link":"https://csrc.nist.gov/glossary/term/round_key","definitions":[{"text":"One of the \\(Nr+1\\) arrays of four words that are derived from the block cipher key using the key expansion routine; each round key is an input to an instance of ADDROUNDKEY() in the AES block cipher.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"Round robin consensus model","link":"https://csrc.nist.gov/glossary/term/round_robin_consensus_model","definitions":[{"text":"A consensus model for permissioned blockchain networks where nodes are pseudo-randomly selected to create blocks, but a node must wait several block-creation cycles before being chosen again to add another new block. This model ensures that no one participant creates the majority of the blocks, and it benefits from a straightforward approach, lacking cryptographic puzzles, and having low power requirements.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Route Flap Damping","link":"https://csrc.nist.gov/glossary/term/route_flap_damping","abbrSyn":[{"text":"RFD","link":"https://csrc.nist.gov/glossary/term/rfd"}],"definitions":null},{"term":"Route Leak Protection","link":"https://csrc.nist.gov/glossary/term/route_leak_protection","abbrSyn":[{"text":"RLP","link":"https://csrc.nist.gov/glossary/term/rlp"}],"definitions":null},{"term":"Route Origin Attestation","link":"https://csrc.nist.gov/glossary/term/route_origin_attestation","abbrSyn":[{"text":"ROA","link":"https://csrc.nist.gov/glossary/term/roa"}],"definitions":[{"text":"A Route Origin Attestation is a cryptographically verifiable attestation that a given Internet prefix can be announced by an AS listed within the attestation.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"Route Origin Authorization","link":"https://csrc.nist.gov/glossary/term/route_origin_authorization","abbrSyn":[{"text":"ROA","link":"https://csrc.nist.gov/glossary/term/roa"}],"definitions":null},{"term":"Route Origin Validation","link":"https://csrc.nist.gov/glossary/term/route_origin_validation","abbrSyn":[{"text":"ROV","link":"https://csrc.nist.gov/glossary/term/rov"}],"definitions":null},{"term":"Router Under Test","link":"https://csrc.nist.gov/glossary/term/router_under_test","abbrSyn":[{"text":"RUT","link":"https://csrc.nist.gov/glossary/term/rut"}],"definitions":null},{"term":"Routing Information Base","link":"https://csrc.nist.gov/glossary/term/routing_information_base","abbrSyn":[{"text":"RIB","link":"https://csrc.nist.gov/glossary/term/rib"}],"definitions":null},{"term":"Routing Information Protocol","link":"https://csrc.nist.gov/glossary/term/routing_information_protocol","abbrSyn":[{"text":"RIP","link":"https://csrc.nist.gov/glossary/term/rip"}],"definitions":null},{"term":"ROV","link":"https://csrc.nist.gov/glossary/term/rov","abbrSyn":[{"text":"Route Origin Validation","link":"https://csrc.nist.gov/glossary/term/route_origin_validation"}],"definitions":null},{"term":"Row Level Security","link":"https://csrc.nist.gov/glossary/term/row_level_security","abbrSyn":[{"text":"RLS","link":"https://csrc.nist.gov/glossary/term/rls"}],"definitions":null},{"term":"RP","link":"https://csrc.nist.gov/glossary/term/rp","abbrSyn":[{"text":"Relying Party"},{"text":"Resolvable Private Address","link":"https://csrc.nist.gov/glossary/term/resolvable_private_address"},{"text":"Resource Pooling"},{"text":"resource provider","link":"https://csrc.nist.gov/glossary/term/resource_provider"},{"text":"Responsible Person","link":"https://csrc.nist.gov/glossary/term/responsible_person"}],"definitions":[{"text":"An entity that relies upon the subscriber’s authenticator(s) and credentials or a verifier’s assertion of a claimant’s identity, typically to process a transaction or grant access to information or a system.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Relying Party "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Relying Party "}]},{"text":"A person or Agency who has received information that includes a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Relying Party "}]},{"text":"An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4","underTerm":" under Relying Party "}]}]},{"term":"RPC","link":"https://csrc.nist.gov/glossary/term/rpc","abbrSyn":[{"text":"Remote Procedure Call","link":"https://csrc.nist.gov/glossary/term/remote_procedure_call"}],"definitions":null},{"term":"RPKI","link":"https://csrc.nist.gov/glossary/term/rpki","abbrSyn":[{"text":"Resource Public Key Infrastructure","link":"https://csrc.nist.gov/glossary/term/resource_public_key_infrastructure"}],"definitions":[{"text":"The Resource Public Key Infrastructure is a framework aimed to secure the Internet’s routing infrastructure, in particular the routing information such as the IP address prefix and Originator mapping embedded in the BGP protocol. It provides certificates that are used to verify if the originating AS is permitted to publish the embedded IP address prefix(es).","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Resource Public Key Infrastructure "}]}]},{"term":"RPKI cache to router protocol","link":"https://csrc.nist.gov/glossary/term/rpki_cache_to_router_protocol","abbrSyn":[{"text":"RPKI-to-router protocol","link":"https://csrc.nist.gov/glossary/term/rpki_to_router_protocol"}],"definitions":null},{"term":"RPKI Repository Delta Protocol","link":"https://csrc.nist.gov/glossary/term/rpki_repository_delta_protocol","abbrSyn":[{"text":"RRDP","link":"https://csrc.nist.gov/glossary/term/rrdp"}],"definitions":null},{"term":"RPKI Validation Cache","link":"https://csrc.nist.gov/glossary/term/rpki_validation_cache","abbrSyn":[{"text":"RVC","link":"https://csrc.nist.gov/glossary/term/rvc"}],"definitions":[{"text":"RPKI Validation Cache provides Validated ROA Payload (VRP) and public router keys.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"RPKI-to-router protocol","link":"https://csrc.nist.gov/glossary/term/rpki_to_router_protocol","abbrSyn":[{"text":"RPKI cache to router protocol","link":"https://csrc.nist.gov/glossary/term/rpki_cache_to_router_protocol"}],"definitions":null},{"term":"RPM","link":"https://csrc.nist.gov/glossary/term/rpm","abbrSyn":[{"text":"Red Hat Package Manager","link":"https://csrc.nist.gov/glossary/term/red_hat_package_manager"},{"text":"Remote Patient Monitoring","link":"https://csrc.nist.gov/glossary/term/remote_patient_monitoring"}],"definitions":null},{"term":"RPO","link":"https://csrc.nist.gov/glossary/term/rpo","abbrSyn":[{"text":"Recovery Point Objective","link":"https://csrc.nist.gov/glossary/term/recovery_point_objective"}],"definitions":[{"text":"The point in time to which data must be recovered after an outage.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Recovery Point Objective "}]}]},{"term":"RR","link":"https://csrc.nist.gov/glossary/term/rr","abbrSyn":[{"text":"Resource Record","link":"https://csrc.nist.gov/glossary/term/resource_record"}],"definitions":null},{"term":"RRC","link":"https://csrc.nist.gov/glossary/term/rrc","abbrSyn":[{"text":"Radio Resource Control","link":"https://csrc.nist.gov/glossary/term/radio_resource_control"}],"definitions":null},{"term":"RRDP","link":"https://csrc.nist.gov/glossary/term/rrdp","abbrSyn":[{"text":"RPKI Repository Delta Protocol","link":"https://csrc.nist.gov/glossary/term/rpki_repository_delta_protocol"}],"definitions":null},{"term":"RRL","link":"https://csrc.nist.gov/glossary/term/rrl","abbrSyn":[{"text":"Response Rate Limiting","link":"https://csrc.nist.gov/glossary/term/response_rate_limiting"}],"definitions":null},{"term":"RRSIG","link":"https://csrc.nist.gov/glossary/term/rrsig","abbrSyn":[{"text":"Resource Record Signature","link":"https://csrc.nist.gov/glossary/term/resource_record_signature"}],"definitions":null},{"term":"RS","link":"https://csrc.nist.gov/glossary/term/rs","abbrSyn":[{"text":"relay station","link":"https://csrc.nist.gov/glossary/term/relay_station"},{"text":"Resource Server","link":"https://csrc.nist.gov/glossary/term/resource_server"},{"text":"Respond","link":"https://csrc.nist.gov/glossary/term/respond"},{"text":"respond (CSF function)","link":"https://csrc.nist.gov/glossary/term/respond_csf"}],"definitions":[{"text":"Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under respond (CSF function) ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]}]},{"term":"RS.CO","link":"https://csrc.nist.gov/glossary/term/rs_co","abbrSyn":[{"text":"Respond, Communications","link":"https://csrc.nist.gov/glossary/term/respond_communications"}],"definitions":null},{"term":"RS2","link":"https://csrc.nist.gov/glossary/term/rs2","abbrSyn":[{"text":"RS2 Technologies","link":"https://csrc.nist.gov/glossary/term/rs2_technologies"}],"definitions":null},{"term":"RS2 Technologies","link":"https://csrc.nist.gov/glossary/term/rs2_technologies","abbrSyn":[{"text":"RS2","link":"https://csrc.nist.gov/glossary/term/rs2"}],"definitions":null},{"term":"RSA","link":"https://csrc.nist.gov/glossary/term/rsa","abbrSyn":[{"text":"Rivest Shamir Adelman"},{"text":"Rivest Shamir Adelman (algorithm)"},{"text":"Rivest Shamir Adleman"},{"text":"Rivest, Shamir, & Adleman"},{"text":"Rivest, Shamir, Adelman"},{"text":"Rivest, Shamir, Adelman (an algorithm)"},{"text":"Rivest, Shamir, Adleman"},{"text":"Rivest, Shamir, Adleman cryptographic algorithm"},{"text":"Rivest, Shamir, and Adleman"},{"text":"Rivest-Shamir-Adelman"},{"text":"Rivest-Shamir-Adleman","link":"https://csrc.nist.gov/glossary/term/rivest_shamir_adleman"},{"text":"Rivest-Shamir-Adleman algorithm"}],"definitions":[{"text":"For the purposes of this specification, RSA is a public-key signature algorithm specified by PKCS #1. As a reversible public-key algorithm, it may also be used for encryption.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"Rivest, Shamir, Adelman; an algorithm approved in [FIPS 186] for digital signatures and in [SP 800-56B] for key establishment.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"Algorithm developed by Rivest, Shamir and Adelman (allowed in FIPS 186-3 and specified in ANS X9.31 and PKCS #1).","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"A public-key algorithm that is used for key establishment and the generation and verification of digital signatures.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"An algorithm approved in FIPS 186 for digital signatures and in SP 800-56B for key establishment.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Rivest, Shamir, & Adleman ","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4"}]}]}]},{"term":"RSA Secret Value Encapsulation","link":"https://csrc.nist.gov/glossary/term/rsa_secret_value_encapsulation","abbrSyn":[{"text":"RSASVE","link":"https://csrc.nist.gov/glossary/term/rsasve"}],"definitions":null},{"term":"RSA Signature Scheme with Appendix - Probabilistic Signature Scheme","link":"https://csrc.nist.gov/glossary/term/rsa_signature_scheme_with_appendix_probabilistic_signature_scheme","abbrSyn":[{"text":"RSA Signature Scheme with Appendix – Probabilistic Signature Scheme"},{"text":"RSASSA-PSS"}],"definitions":null},{"term":"RSA with Optimal Asymmetric Encryption Padding","link":"https://csrc.nist.gov/glossary/term/rsa_with_optimal_asymmetric_encryption_padding","abbrSyn":[{"text":"RSA-OAEP","link":"https://csrc.nist.gov/glossary/term/rsa_oaep"}],"definitions":null},{"term":"RSA-OAEP","link":"https://csrc.nist.gov/glossary/term/rsa_oaep","abbrSyn":[{"text":"RSA with Optimal Asymmetric Encryption Padding","link":"https://csrc.nist.gov/glossary/term/rsa_with_optimal_asymmetric_encryption_padding"}],"definitions":null},{"term":"RSASVE","link":"https://csrc.nist.gov/glossary/term/rsasve","abbrSyn":[{"text":"RSA Secret Value Encapsulation","link":"https://csrc.nist.gov/glossary/term/rsa_secret_value_encapsulation"}],"definitions":null},{"term":"RSD","link":"https://csrc.nist.gov/glossary/term/rsd","abbrSyn":[{"text":"rank syndrome decoding","link":"https://csrc.nist.gov/glossary/term/rank_syndrome_decoding"}],"definitions":null},{"term":"RSH","link":"https://csrc.nist.gov/glossary/term/rsh","abbrSyn":[{"text":"Remote Shell","link":"https://csrc.nist.gov/glossary/term/remote_shell"}],"definitions":null},{"term":"RSN","link":"https://csrc.nist.gov/glossary/term/rsn","abbrSyn":[{"text":"Robust Security Network"}],"definitions":null},{"term":"RSNA","link":"https://csrc.nist.gov/glossary/term/rsna","abbrSyn":[{"text":"Robust Security Network Association"}],"definitions":null},{"term":"RSNIE","link":"https://csrc.nist.gov/glossary/term/rsnie","abbrSyn":[{"text":"Robust Security Network Information Element","link":"https://csrc.nist.gov/glossary/term/robust_security_network_information_element"}],"definitions":null},{"term":"RSPAN","link":"https://csrc.nist.gov/glossary/term/rspan","abbrSyn":[{"text":"Remote Switched Port Analyzer","link":"https://csrc.nist.gov/glossary/term/remote_switched_port_analyzer"}],"definitions":null},{"term":"RSS","link":"https://csrc.nist.gov/glossary/term/rss","abbrSyn":[{"text":"Really Simple Syndication","link":"https://csrc.nist.gov/glossary/term/really_simple_syndication"},{"text":"Rich Site Summary or Really Simple Syndication","link":"https://csrc.nist.gov/glossary/term/rich_site_summary_or_really_simple_syndication"}],"definitions":null},{"term":"RSSI","link":"https://csrc.nist.gov/glossary/term/rssi","abbrSyn":[{"text":"Received Signal Strength Indication","link":"https://csrc.nist.gov/glossary/term/received_signal_strength_indication"}],"definitions":null},{"term":"RSWG","link":"https://csrc.nist.gov/glossary/term/rswg","abbrSyn":[{"text":"Resilient Systems Working Group","link":"https://csrc.nist.gov/glossary/term/resilient_systems_working_group"}],"definitions":null},{"term":"rsync","link":"https://csrc.nist.gov/glossary/term/rsync","abbrSyn":[{"text":"Remote Synchronization","link":"https://csrc.nist.gov/glossary/term/remote_synchronization"}],"definitions":null},{"term":"RT","link":"https://csrc.nist.gov/glossary/term/rt","abbrSyn":[{"text":"Runtime"}],"definitions":null},{"term":"RTA","link":"https://csrc.nist.gov/glossary/term/rta","abbrSyn":[{"text":"Radionuclide Transportation Agency","link":"https://csrc.nist.gov/glossary/term/radionuclide_transportation_agency"}],"definitions":null},{"term":"RTBH","link":"https://csrc.nist.gov/glossary/term/rtbh","abbrSyn":[{"text":"Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/remotely_triggered_black_holing"}],"definitions":null},{"term":"RTC","link":"https://csrc.nist.gov/glossary/term/rtc","abbrSyn":[{"text":"Real Time Clock","link":"https://csrc.nist.gov/glossary/term/real_time_clock"}],"definitions":null},{"term":"RTCA","link":"https://csrc.nist.gov/glossary/term/rtca","abbrSyn":[{"text":"Radio Technical Commission for Aeronautics","link":"https://csrc.nist.gov/glossary/term/radio_technical_commission_for_aeronautics"}],"definitions":null},{"term":"RTF","link":"https://csrc.nist.gov/glossary/term/rtf","abbrSyn":[{"text":"Reader Talks First","link":"https://csrc.nist.gov/glossary/term/reader_talks_first"}],"definitions":[{"text":"An RF transaction in which the reader transmits a signal that is received by tags in its vicinity. The tags may be commanded to respond to the reader and continue with further transactions.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Reader Talks First "}]}]},{"term":"RTLS","link":"https://csrc.nist.gov/glossary/term/rtls","abbrSyn":[{"text":"Real-Time Locating Systems","link":"https://csrc.nist.gov/glossary/term/real_time_locating_systems"},{"text":"Real-Time Location System","link":"https://csrc.nist.gov/glossary/term/real_time_location_system"}],"definitions":null},{"term":"RTM","link":"https://csrc.nist.gov/glossary/term/rtm","abbrSyn":[{"text":"Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_measurement"}],"definitions":null},{"term":"RTO","link":"https://csrc.nist.gov/glossary/term/rto","abbrSyn":[{"text":"Recovery Time Objective","link":"https://csrc.nist.gov/glossary/term/recovery_time_objective"},{"text":"recovery time objectives"}],"definitions":[{"text":"The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business processes.","sources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Recovery Time Objective "}]}]},{"term":"RTOS","link":"https://csrc.nist.gov/glossary/term/rtos","abbrSyn":[{"text":"Real-Time Operating System","link":"https://csrc.nist.gov/glossary/term/real_time_operating_system"}],"definitions":null},{"term":"RTR","link":"https://csrc.nist.gov/glossary/term/rtr","abbrSyn":[{"text":"Root of Trust for Reporting","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_reporting"},{"text":"router","link":"https://csrc.nist.gov/glossary/term/router"}],"definitions":[{"text":"A computer that is a gateway between two networks at OSI layer 3 and that relays and directs data packets through that inter-network. The most common form of router operates on IP packets.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under router ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under router ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"On a network, a device that determines the best path for forwarding a data packet toward its destination. The router is connected to at least two networks, and is located at the gateway where one network meets another.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under router "}]},{"text":"A computer that is a gateway between two networks at open system interconnection layer 3 and that relays and directs data packets through that internetwork. The most common form of router operates on IP packets.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"A computer that is a gateway between two networks at open systems interconnection layer 3 and that relays and directs data packets through that internetwork. The most common form of router operates on IP packets.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under router ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]}]},{"term":"RTS","link":"https://csrc.nist.gov/glossary/term/rts","abbrSyn":[{"text":"Root of Trust for Storage","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_storage"}],"definitions":null},{"term":"RTU","link":"https://csrc.nist.gov/glossary/term/rtu","abbrSyn":[{"text":"remote terminal unit","link":"https://csrc.nist.gov/glossary/term/remote_terminal_unit"},{"text":"Root of Trust for Update","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_update"}],"definitions":[{"text":"A computer with radio interfacing used in remote situations where communications via wire is unavailable. Usually used to communicate with remote field equipment. PLCs with radio communication capabilities are also used in place of RTUs.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under remote terminal unit "},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under remote terminal unit ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]}]},{"text":"Special purpose data acquisition and control unit designed to support DCS and SCADA remote stations. RTUs are field devices often equipped with network capabilities, which can include wired and wireless radio interfaces to communicate to the supervisory controller. Sometimes PLCs are implemented as field devices to serve as RTUs; in this case, the PLC is often referred to as an RTU.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under remote terminal unit "}]}]},{"term":"RTU-V","link":"https://csrc.nist.gov/glossary/term/rtu_v","abbrSyn":[{"text":"Root of Trust for Update verification component","link":"https://csrc.nist.gov/glossary/term/root_of_trust_for_update_verification_component"}],"definitions":null},{"term":"Rule","link":"https://csrc.nist.gov/glossary/term/rule","definitions":[{"text":"An element that holds check references and may also hold remediation information.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Rule-Based Event Correlation","link":"https://csrc.nist.gov/glossary/term/rule_based_event_correlation","definitions":[{"text":"Correlating events by matching multiple log entries from a single source or multiple sources based on logged values, such as timestamps, IP addresses, and event types.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"rule-based security policy","link":"https://csrc.nist.gov/glossary/term/rule_based_security_policy","definitions":[{"text":"A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. \nAlso known as discretionary access control (DAC).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33"}]}]}]},{"term":"Rules of Engagement (ROE)","link":"https://csrc.nist.gov/glossary/term/rules_of_engagement","abbrSyn":[{"text":"ROE","link":"https://csrc.nist.gov/glossary/term/roe"}],"definitions":[{"text":"Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"ruleset","link":"https://csrc.nist.gov/glossary/term/ruleset","definitions":[{"text":"A table of instructions used by a controlled interface to determine what data is allowable and how the data is handled between interconnected systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take—such as forwarding or rejecting a packet, creating an alert, or allowing a system event.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115","underTerm":" under Ruleset "}]},{"text":"A set of directives that govern the access control functionality of a firewall. The firewall uses these directives to determine how packets should be routed between its interfaces.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1","underTerm":" under Ruleset "}]}]},{"term":"Run","link":"https://csrc.nist.gov/glossary/term/run","definitions":[{"text":"An uninterrupted sequence of like bits (i.e., either all zeroes or all ones).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Runs Test","link":"https://csrc.nist.gov/glossary/term/runs_test","definitions":[{"text":"The purpose of the runs test is to determine whether the number of runs of ones and zeros of various lengths is as expected for a random sequence. In particular, this test determines whether the oscillation between such substrings is too fast or too slow.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"runtime","link":"https://csrc.nist.gov/glossary/term/runtime","abbrSyn":[{"text":"RT","link":"https://csrc.nist.gov/glossary/term/rt"}],"definitions":[{"text":"The period during which a computer program is executing.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"RUP","link":"https://csrc.nist.gov/glossary/term/rup","abbrSyn":[{"text":"Releasing Unverified Plaintext","link":"https://csrc.nist.gov/glossary/term/releasing_unverified_plaintext"}],"definitions":null},{"term":"RUT","link":"https://csrc.nist.gov/glossary/term/rut","abbrSyn":[{"text":"Router Under Test","link":"https://csrc.nist.gov/glossary/term/router_under_test"}],"definitions":null},{"term":"RVC","link":"https://csrc.nist.gov/glossary/term/rvc","abbrSyn":[{"text":"RPKI Validation Cache","link":"https://csrc.nist.gov/glossary/term/rpki_validation_cache"}],"definitions":[{"text":"RPKI Validation Cache provides Validated ROA Payload (VRP) and public router keys.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under RPKI Validation Cache "}]}]},{"term":"RVTM","link":"https://csrc.nist.gov/glossary/term/rvtm","abbrSyn":[{"text":"Requirements Verification Traceability Matrix","link":"https://csrc.nist.gov/glossary/term/requirements_verification_traceability_matrix"}],"definitions":null},{"term":"RW","link":"https://csrc.nist.gov/glossary/term/rw","abbrSyn":[{"text":"Read/Write","link":"https://csrc.nist.gov/glossary/term/read_write"}],"definitions":null},{"term":"RWX","link":"https://csrc.nist.gov/glossary/term/rwx","abbrSyn":[{"text":"Read/Write/Execute","link":"https://csrc.nist.gov/glossary/term/read_write_execute"}],"definitions":null},{"term":"S&RM","link":"https://csrc.nist.gov/glossary/term/s_rm","abbrSyn":[{"text":"Security and Risk Management","link":"https://csrc.nist.gov/glossary/term/security_and_risk_management"}],"definitions":null},{"term":"S/MIME","link":"https://csrc.nist.gov/glossary/term/s_mime","abbrSyn":[{"text":"Secure Multipurpose Internet Mail Extensions"},{"text":"Secure MultiPurpose Internet Mail Extensions"},{"text":"Secure/Multipurpose Internal Mail Extension"},{"text":"Secure/Multipurpose Internet Mail Exchange (network protocol)","link":"https://csrc.nist.gov/glossary/term/secure_multipurpose_internet_mail_exchange_network_protocol"},{"text":"Secure/Multipurpose Internet Mail Extensions"}],"definitions":null},{"term":"S/MIME Certificate Association (Resource Record)","link":"https://csrc.nist.gov/glossary/term/s_mime_certificate_association","abbrSyn":[{"text":"SMIMEA","link":"https://csrc.nist.gov/glossary/term/smimea"}],"definitions":null},{"term":"S/RTBH","link":"https://csrc.nist.gov/glossary/term/s_rtbh","abbrSyn":[{"text":"Source-based Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/source_based_remotely_triggered_black_holing"}],"definitions":null},{"term":"S4","link":"https://csrc.nist.gov/glossary/term/s4","abbrSyn":[{"text":"SCADA Security Scientific Symposium","link":"https://csrc.nist.gov/glossary/term/scada_security_scientific_symposium"}],"definitions":null},{"term":"SA","link":"https://csrc.nist.gov/glossary/term/sa","abbrSyn":[{"text":"Security Association"},{"text":"Service Agent","link":"https://csrc.nist.gov/glossary/term/service_agent"},{"text":"Situational Awareness"},{"text":"Source Address","link":"https://csrc.nist.gov/glossary/term/source_address"},{"text":"System Administrator"},{"text":"System and Services Acquisition","link":"https://csrc.nist.gov/glossary/term/system_and_services_acquisition"},{"text":"Systems and Services Acquisition","link":"https://csrc.nist.gov/glossary/term/systems_and_services_acquisition"}],"definitions":[{"text":"Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A person who manages a computer system, including its operating system and applications. A system administrator’s responsibilities are similar to that of a network administrator.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under System Administrator "}]},{"text":"A person who manages a computer system, including its operating system and applications. Responsibilities are similar to that of a network administrator.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under System Administrator "}]},{"text":"Set of values that define the features and protections applied to a connection.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Security Association "}]},{"text":"Individual or group responsible for overseeing the day-to-day operability of a computer system or network. This position normally carries special privileges including access to the protection state and software of a system.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under System Administrator "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under System Administrator "}]}]},{"term":"SA&A","link":"https://csrc.nist.gov/glossary/term/sa_and_a","abbrSyn":[{"text":"Security Assessment and Authorization","link":"https://csrc.nist.gov/glossary/term/security_assessment_and_authorization"},{"text":"Security Authorization & Accreditation","link":"https://csrc.nist.gov/glossary/term/security_authorization_and_accreditation"}],"definitions":null},{"term":"SaaS","link":"https://csrc.nist.gov/glossary/term/saas","abbrSyn":[{"text":"Software as a Service"}],"definitions":null},{"term":"SABI","link":"https://csrc.nist.gov/glossary/term/sabi","abbrSyn":[{"text":"Secret and Below Interoperability","link":"https://csrc.nist.gov/glossary/term/secret_and_below_interoperability"}],"definitions":null},{"term":"SAC","link":"https://csrc.nist.gov/glossary/term/sac","abbrSyn":[{"text":"Station Access Controller","link":"https://csrc.nist.gov/glossary/term/station_access_controller"}],"definitions":null},{"term":"SACM","link":"https://csrc.nist.gov/glossary/term/sacm","abbrSyn":[{"text":"Security Automation and Continuous Monitoring","link":"https://csrc.nist.gov/glossary/term/security_automation_and_continuous_monitoring"}],"definitions":null},{"term":"SAD","link":"https://csrc.nist.gov/glossary/term/sad","abbrSyn":[{"text":"Security Association Database"}],"definitions":null},{"term":"SAE","link":"https://csrc.nist.gov/glossary/term/sae","abbrSyn":[{"text":"SAE International","link":"https://csrc.nist.gov/glossary/term/sae_international"},{"text":"Society of Automotive Engineers","link":"https://csrc.nist.gov/glossary/term/society_of_automotive_engineers"}],"definitions":null},{"term":"SAE International","link":"https://csrc.nist.gov/glossary/term/sae_international","abbrSyn":[{"text":"SAE","link":"https://csrc.nist.gov/glossary/term/sae"}],"definitions":null},{"term":"SAFECode","link":"https://csrc.nist.gov/glossary/term/safecode","abbrSyn":[{"text":"Software Assurance Forum for Excellence in Code","link":"https://csrc.nist.gov/glossary/term/software_assurance_forum_for_excellence_in_code"}],"definitions":null},{"term":"safeguards","link":"https://csrc.nist.gov/glossary/term/safeguards","abbrSyn":[{"text":"countermeasures","link":"https://csrc.nist.gov/glossary/term/countermeasures"},{"text":"COUNTERMEASURES"},{"text":"security controls","link":"https://csrc.nist.gov/glossary/term/security_controls"}],"definitions":[{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under COUNTERMEASURES ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SAFEGUARDS ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under countermeasures ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"},{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Safeguards ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Safeguards ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Safeguards ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Safeguards ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Protective measures prescribed to meet the security objectives (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management controls, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Safeguards ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security controls ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under security controls ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under security controls ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under security controls ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under security controls ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"An approved security measure taken to protect computational resources by eliminating or reducing the risk to a system, which may include hardware and software mechanisms, policies, procedures, and physical controls.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Safeguard "}]},{"text":"Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of a system. Synonymous with security controls and safeguards.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under countermeasures ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under countermeasures ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under countermeasures ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for a system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Safeguards ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}]},{"term":"SAFER","link":"https://csrc.nist.gov/glossary/term/safer","abbrSyn":[{"text":"Secure And Fast Encryption Routine","link":"https://csrc.nist.gov/glossary/term/secure_and_fast_encryption_routine"}],"definitions":null},{"term":"safety","link":"https://csrc.nist.gov/glossary/term/safety","definitions":[{"text":"Expectation that a system does not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 12207:2017"}]}]},{"text":"Freedom from conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"MIL-STD-882E","link":"https://www.dau.edu/cop/armyesoh/DAU%20Sponsored%20Documents/MIL-STD-882E.pdf"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"MIL-STD-882E","link":"https://www.dau.edu/cop/armyesoh/DAU%20Sponsored%20Documents/MIL-STD-882E.pdf"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]}]},{"term":"Safety Instrumented Function","link":"https://csrc.nist.gov/glossary/term/safety_instrumented_function","abbrSyn":[{"text":"SIF","link":"https://csrc.nist.gov/glossary/term/sif"}],"definitions":null},{"term":"Safety Requirements","link":"https://csrc.nist.gov/glossary/term/safety_requirements","definitions":[{"text":"AC properties, business requirements, specifications of expected/unexpected system security features, or directly translation of policy values. Safety requirements can also include privilege inheritance.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]}]},{"term":"Safety, Controls, Alarms, and Interlocks","link":"https://csrc.nist.gov/glossary/term/safety_controls_alarms_and_interlocks","abbrSyn":[{"text":"SCAI","link":"https://csrc.nist.gov/glossary/term/scai"}],"definitions":null},{"term":"SAISO","link":"https://csrc.nist.gov/glossary/term/saiso","abbrSyn":[{"text":"Senior Agency Information Security Officer"}],"definitions":[{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \n[Note 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses.\nNote 2: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\nNote: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Modernization Act FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \nNote 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses. \nNote 2: Organizations subordinate to federal agencies may use the term Senior Agency Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]}]},{"term":"SAKA","link":"https://csrc.nist.gov/glossary/term/saka","abbrSyn":[{"text":"StrongAuth KeyAppliance","link":"https://csrc.nist.gov/glossary/term/strongauth_keyappliance"}],"definitions":null},{"term":"salt","link":"https://csrc.nist.gov/glossary/term/salt","definitions":[{"text":"As used in this Recommendation, a byte string (which may be secret or non-secret) that is used as a MAC key by either: 1) a MAC-based auxiliary function H employed in one-step key derivation or 2) a MAC employed in the randomness-extraction step during two-step key derivation.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Salt "}]},{"text":"A bit string generated during digital signature generation using the RSA Signature Scheme with Appendix - Probabilistic Signature Scheme (RSASSA-PSS RSA).","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under Salt ","refSources":[{"text":"PKCS#1 v2.1","link":"https://doi.org/10.17487/RFC3447"}]}]},{"text":"A byte string that is used as an input in the randomness extraction step specified in Section 5.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Salt "}]},{"text":"A non-secret value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Salt "}]},{"text":"A non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Salt "}]},{"text":"As used in this Recommendation, a byte string (which may be secret or non-secret) that is used as a MAC key.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Salt "}]}],"seeAlso":[{"text":"public seed","link":"public_seed"}]},{"term":"SAM","link":"https://csrc.nist.gov/glossary/term/sam","abbrSyn":[{"text":"Security Account Manager"},{"text":"Security Accounts Manager","link":"https://csrc.nist.gov/glossary/term/security_accounts_manager"}],"definitions":null},{"term":"SAMATE","link":"https://csrc.nist.gov/glossary/term/samate","abbrSyn":[{"text":"Software Assurance Metrics and Tool Evaluation"},{"text":"Software Assurance Metrics And Tool Evaluation","link":"https://csrc.nist.gov/glossary/term/software_assurance_metrics_and_tool_evaluation"}],"definitions":null},{"term":"SAML","link":"https://csrc.nist.gov/glossary/term/saml","abbrSyn":[{"text":"Security Assertion Markup Language"}],"definitions":null},{"term":"SAMM","link":"https://csrc.nist.gov/glossary/term/samm","abbrSyn":[{"text":"Software Assurance Maturity Model","link":"https://csrc.nist.gov/glossary/term/software_assurance_maturity_model"}],"definitions":null},{"term":"SAN","link":"https://csrc.nist.gov/glossary/term/san","abbrSyn":[{"text":"Storage Area Network","link":"https://csrc.nist.gov/glossary/term/storage_area_network"},{"text":"Subject Alternative Name","link":"https://csrc.nist.gov/glossary/term/subject_alternative_name"},{"text":"subjectAltName","link":"https://csrc.nist.gov/glossary/term/subjectaltname"}],"definitions":[{"text":"A field in an X.509 certificate that identifies one or more fully qualified domain names, IP addresses, email addresses, URIs, or UPNs to be associated with the public key contained in a certificate.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Subject Alternative Name "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Subject Alternative Name "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Subject Alternative Name "}]}]},{"term":"Sandbox","link":"https://csrc.nist.gov/glossary/term/sandbox","definitions":[{"text":"A system that allows an untrusted application to run in a highly controlled environment where the application’s permissions are restricted to an essential set of computer permissions. In particular, an application in a sandbox is usually restricted from accessing the file system or the network. A widely used example of applications running inside a sandbox is a Java applet.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"NIST ITL Bulletin, Mar. 2000","link":"/csrc/media/publications/shared/documents/itl-bulletin/itlbul2000-03.pdf"}]}]},{"text":"A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under sandboxing "},{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","underTerm":" under Sandboxing ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"Isolating each guest OS from the others and restricting what resources they can access and what privileges they have.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","underTerm":" under Sandboxing "}]},{"text":"A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized (Under Sandboxing).","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"sanitization","link":"https://csrc.nist.gov/glossary/term/sanitization","abbrSyn":[{"text":"sanitize","link":"https://csrc.nist.gov/glossary/term/sanitize"}],"definitions":[{"text":"Actions taken to render data written on media unrecoverable by ordinary and — for some forms of sanitization — extraordinary means.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A process to remove information from media such that data recovery is not possible, including the removal of all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SANITIZATION ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Sanitization ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"2. The removal of extraneous or potentially harmful data (e.g., malware) within a file or other information container (e.g., network protocol packet).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under sanitize ","refSources":[{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"1. A process to render access to target data on the media infeasible for a given level of effort. Clear, purge, damage, and destruct are actions that can be taken to sanitize media. See media sanitization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under sanitize ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"See sanitize.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"A process to render access to Target Data on the media infeasible for a given level of effort. Clear, Purge, and Destroy are actions that can be taken to sanitize media.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"}]},{"text":"Actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means. \nProcess to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sanitization "}]},{"text":"Actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.\nProcess to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sanitization "}]},{"text":"Process to remove information from media such that data recovery is not possible.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]}]},{"term":"sanitize","link":"https://csrc.nist.gov/glossary/term/sanitize","abbrSyn":[{"text":"sanitization","link":"https://csrc.nist.gov/glossary/term/sanitization"}],"definitions":[{"text":"Actions taken to render data written on media unrecoverable by ordinary and — for some forms of sanitization — extraordinary means.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under sanitization "}]},{"text":"A process to remove information from media such that data recovery is not possible, including the removal of all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under sanitization "}]},{"text":"2. The removal of extraneous or potentially harmful data (e.g., malware) within a file or other information container (e.g., network protocol packet).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"1. A process to render access to target data on the media infeasible for a given level of effort. Clear, purge, damage, and destruct are actions that can be taken to sanitize media. See media sanitization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"text":"See sanitize.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under sanitization "}]},{"text":"Actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under sanitization "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under sanitization "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under sanitization "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under sanitization "}]},{"text":"A process to render access to Target Data on the media infeasible for a given level of effort. Clear, Purge, and Destroy are actions that can be taken to sanitize media.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under sanitization ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under sanitization ","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Sanitize "}]},{"text":"Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under sanitization "}]},{"text":"Process to remove information from media such that data recovery is not possible.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under sanitization "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under sanitization "}]}],"seeAlso":[{"text":"media sanitization","link":"media_sanitization"}]},{"term":"SANITIZE Command","link":"https://csrc.nist.gov/glossary/term/sanitize_command","definitions":[{"text":"A command in the ATA and SCSI standards that leverages a firmware-based process to perform a Sanitization action. If a device supports the sanitize command, the device must support at least one of three options: overwrite, block erase (usually for flash memory-based media), or crypto scramble (Cryptographic Erase). These commands typically execute substantially faster than attempting to rewrite through the native read and write interface. The ATA standard clearly identifies that the Sanitization operations must address user data areas, user data areas not currently allocated (including “previously allocated areas and physical sectors that have become inaccessible”), and user data caches. The resulting media contents vary based on the command used. The overwrite command allows the user to specify the data pattern applied to the media, so that pattern (or the inverse of that pattern, if chosen) will be written to the media (although the actual contents of the media may vary due to encoding). The result of the block erase command is vendor unique, but will likely be 0s or 1s. The result of the crypto scramble command is vendor unique, but will likely be cryptographically scrambled data (except for areas that were not encrypted, which are set to the value the vendor defines).","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"SANS","link":"https://csrc.nist.gov/glossary/term/sans","abbrSyn":[{"text":"SysAdmin, Audit, Network, Security","link":"https://csrc.nist.gov/glossary/term/sysadmin_audit_network_security"},{"text":"SysAdmin, Audit, Network, Security Institute","link":"https://csrc.nist.gov/glossary/term/sysadmin_audit_network_security_institute"}],"definitions":null},{"term":"SAO","link":"https://csrc.nist.gov/glossary/term/sao","definitions":[{"text":"Senior Authorizing Official; A senior organization official that has budgetary control, provides oversight, develops policy, and has authority over all functions and services provided by the issuer.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]}]},{"term":"SAOP","link":"https://csrc.nist.gov/glossary/term/saop","abbrSyn":[{"text":"Senior Agency Official for Privacy"}],"definitions":[{"text":"The senior organizational official with overall organization-wide responsibility for information privacy issues.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "}]},{"text":"The senior official, designated by the head of each agency, who has agency-wide responsibility for privacy, including implementation of privacy protections; compliance with Federal laws, regulations, and policies relating to privacy; management of privacy risks at the agency; and a central policy-making role in the agency’s development and evaluation of legislative, regulatory, and other policy proposals.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Senior Agency Official for Privacy "}]}]},{"term":"SAORM","link":"https://csrc.nist.gov/glossary/term/saorm","abbrSyn":[{"text":"Senior Accountable Official for Risk Management"}],"definitions":null},{"term":"SAP","link":"https://csrc.nist.gov/glossary/term/sap","abbrSyn":[{"text":"Special Access Program"}],"definitions":[{"text":"A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Special Access Program ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"SAPF","link":"https://csrc.nist.gov/glossary/term/sapf","abbrSyn":[{"text":"Special Access Program Facility"}],"definitions":null},{"term":"SAR","link":"https://csrc.nist.gov/glossary/term/sar","abbrSyn":[{"text":"Security Assessment Report"}],"definitions":null},{"term":"Sarbanes-Oxley Act","link":"https://csrc.nist.gov/glossary/term/sarbanes_oxley_act","abbrSyn":[{"text":"SOX","link":"https://csrc.nist.gov/glossary/term/sox"}],"definitions":null},{"term":"SARD","link":"https://csrc.nist.gov/glossary/term/sard","abbrSyn":[{"text":"Software Assurance Reference Dataset","link":"https://csrc.nist.gov/glossary/term/software_assurance_reference_dataset"},{"text":"Static Analysis Reference Dataset","link":"https://csrc.nist.gov/glossary/term/static_analysis_reference_dataset"}],"definitions":null},{"term":"SAS","link":"https://csrc.nist.gov/glossary/term/sas","abbrSyn":[{"text":"Serial Attached SCSI","link":"https://csrc.nist.gov/glossary/term/serial_attached_scsi"}],"definitions":null},{"term":"SASE","link":"https://csrc.nist.gov/glossary/term/sase","abbrSyn":[{"text":"secure access service edge","link":"https://csrc.nist.gov/glossary/term/secure_access_service_edge"}],"definitions":null},{"term":"SAST","link":"https://csrc.nist.gov/glossary/term/sast","abbrSyn":[{"text":"static application security tool","link":"https://csrc.nist.gov/glossary/term/static_application_security_tool"}],"definitions":null},{"term":"SATA","link":"https://csrc.nist.gov/glossary/term/sata","abbrSyn":[{"text":"Serial Advanced Technology Attachment","link":"https://csrc.nist.gov/glossary/term/serial_advanced_technology_attachment"}],"definitions":null},{"term":"SATE","link":"https://csrc.nist.gov/glossary/term/sate","abbrSyn":[{"text":"Static Analysis Tool Exposition","link":"https://csrc.nist.gov/glossary/term/static_analysis_tool_exposition"}],"definitions":null},{"term":"satellite","link":"https://csrc.nist.gov/glossary/term/satellite","definitions":[{"text":"Bus and payload combined into one operational asset.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Satisfaction","link":"https://csrc.nist.gov/glossary/term/satisfaction","definitions":[{"text":"Freedom from discomfort, and positive attitudes towards the use of the product.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","refSources":[{"text":"ISO 9241-11:1998"}]}]}]},{"term":"SAV","link":"https://csrc.nist.gov/glossary/term/sav","abbrSyn":[{"text":"Source Address Validation","link":"https://csrc.nist.gov/glossary/term/source_address_validation"}],"definitions":null},{"term":"SB","link":"https://csrc.nist.gov/glossary/term/sb","abbrSyn":[{"text":"UEFI Secure Boot","link":"https://csrc.nist.gov/glossary/term/uefi_secure_boot"}],"definitions":null},{"term":"SBA","link":"https://csrc.nist.gov/glossary/term/sba","abbrSyn":[{"text":"Small Business Administration","link":"https://csrc.nist.gov/glossary/term/small_business_administration"}],"definitions":null},{"term":"SBH","link":"https://csrc.nist.gov/glossary/term/sbh","abbrSyn":[{"text":"Signature Block Header","link":"https://csrc.nist.gov/glossary/term/signature_block_header"}],"definitions":null},{"term":"SBIR","link":"https://csrc.nist.gov/glossary/term/sbir","abbrSyn":[{"text":"Small Business Innovation Research","link":"https://csrc.nist.gov/glossary/term/small_business_innovation_research"}],"definitions":null},{"term":"SBOM","link":"https://csrc.nist.gov/glossary/term/sbom","abbrSyn":[{"text":"Software Bill of Material"},{"text":"Software Bill of Materials","link":"https://csrc.nist.gov/glossary/term/software_bill_of_materials"}],"definitions":[{"text":"A formal record containing the details and supply chain relationships of various components used in building software. Software developers and vendors often create products by assembling existing open source and commercial software components. The SBOM enumerates these components in a product.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Software Bill of Materials ","refSources":[{"text":"E.O. 14028","link":"https://www.federalregister.gov/d/2021-10460","note":" - supra note 1, § 10(j)"}]}]}]},{"term":"S-box","link":"https://csrc.nist.gov/glossary/term/s_box","definitions":[{"text":"A non-linear substitution table used in SUBBYTES() and KEYEXPANSION() to perform a one-to-one substitution of a byte value.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"SBU","link":"https://csrc.nist.gov/glossary/term/sbu","abbrSyn":[{"text":"Sensitive But Unclassified","link":"https://csrc.nist.gov/glossary/term/sensitive_but_unclassified"}],"definitions":null},{"term":"SC","link":"https://csrc.nist.gov/glossary/term/sc","abbrSyn":[{"text":"Security Categorization"},{"text":"Security Category"},{"text":"Subcommittee","link":"https://csrc.nist.gov/glossary/term/subcommittee"},{"text":"System and Communications Protection","link":"https://csrc.nist.gov/glossary/term/system_and_communications_protection"},{"text":"System Component"}],"definitions":[{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Categorization ","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Categorization "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Categorization "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSSI No.1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Categorization "}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"},{"text":"CNSSI 4009"}]}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, or the Nation.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems. See Security Category.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in Committee on National Security Systems (CNSS) Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Security Categorization "}]}]},{"term":"SC 37","link":"https://csrc.nist.gov/glossary/term/sc_37","definitions":[{"text":"The Biometrics standardization subcommittee under ISO/IEC Joint Technical Committee","sources":[{"text":"NIST SP 800-76-2","link":"https://doi.org/10.6028/NIST.SP.800-76-2"}]}]},{"term":"SCA","link":"https://csrc.nist.gov/glossary/term/sca","abbrSyn":[{"text":"Security Control Assessor"},{"text":"Side-Channel Attack","link":"https://csrc.nist.gov/glossary/term/side_channel_attack"},{"text":"software composition analysis","link":"https://csrc.nist.gov/glossary/term/software_composition_analysis"},{"text":"SRxCryptoAPI","link":"https://csrc.nist.gov/glossary/term/srx_crypto_api"},{"text":"Supply Chain Assurance"}],"definitions":[{"text":"The individual, group, or organization responsible for conducting a security control assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessor ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessor "}]},{"text":"An attack enabled by leakage of information from a physical cryptosystem. Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Side-Channel Attack "}]},{"text":"Confidence that the supply chain will produce and deliver elements, processes, and information that function as expected.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Supply Chain Assurance ","refSources":[{"text":"DoD Key Practices and Implementation Guide","note":" - Adapted"}]}]}]},{"term":"SCADA","link":"https://csrc.nist.gov/glossary/term/scada","abbrSyn":[{"text":"supervisory control and data acquisition","link":"https://csrc.nist.gov/glossary/term/supervisory_control_and_data_acquisition"}],"definitions":[{"text":"A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under supervisory control and data acquisition ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"SCADA Security Scientific Symposium","link":"https://csrc.nist.gov/glossary/term/scada_security_scientific_symposium","abbrSyn":[{"text":"S4","link":"https://csrc.nist.gov/glossary/term/s4"}],"definitions":null},{"term":"SCADS","link":"https://csrc.nist.gov/glossary/term/scads","abbrSyn":[{"text":"supervisory control and data acquisition","link":"https://csrc.nist.gov/glossary/term/supervisory_control_and_data_acquisition"}],"definitions":[{"text":"A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under supervisory control and data acquisition ","refSources":[{"text":"The Automation, Systems, and Instrumentation Dictionary"}]}]}]},{"term":"SCAI","link":"https://csrc.nist.gov/glossary/term/scai","abbrSyn":[{"text":"Safety, Controls, Alarms, and Interlocks","link":"https://csrc.nist.gov/glossary/term/safety_controls_alarms_and_interlocks"}],"definitions":null},{"term":"Scalability","link":"https://csrc.nist.gov/glossary/term/scalability","definitions":[{"text":"The ability to support more users, concurrent sessions, and throughput than a single SSL VPN device can typically handle.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"Scalability testing","link":"https://csrc.nist.gov/glossary/term/scalability_testing","definitions":[{"text":"Testing the ability of a system to handle an increasing amount of work correctly.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"scanning","link":"https://csrc.nist.gov/glossary/term/scanning","definitions":[{"text":"Sending packets or requests to another system to gain information to be used in a subsequent attack.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SCAP","link":"https://csrc.nist.gov/glossary/term/scap","abbrSyn":[{"text":"Security Content Automation Program","link":"https://csrc.nist.gov/glossary/term/security_content_automation_program"},{"text":"Security Content Automation Protocol"}],"definitions":null},{"term":"SCAP Capability","link":"https://csrc.nist.gov/glossary/term/scap_capability","definitions":[{"text":"A specific function or functions of a product as defined below:\nAuthenticated Configuration Scanner: the capability to audit and assess a target system to determine its compliance with a defined set of configuration requirements using target system logon privileges.\nCommon Vulnerabilities and Exposures (CVE) Option: the capability to process and present CVEs correctly and completely.\nOpen Checklist Interactive Language (OCIL) Option: the capability to process and present OCIL correctly and completely.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"SCAP component","link":"https://csrc.nist.gov/glossary/term/scap_component","definitions":[{"text":"A logical unit of data expressed using one or more of the SCAP component specifications.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]},{"text":"One of the eleven specifications that comprise SCAP: Asset Identification, ARF, CCE, CCSS, CPE, CVE, CVSS, OCIL, OVAL, TMSAD, and XCCDF.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under SCAP Component "}]}]},{"term":"SCAP conformant","link":"https://csrc.nist.gov/glossary/term/scap_conformant","definitions":[{"text":"A product or SCAP data stream that meets the requirements of this specification.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAP content","link":"https://csrc.nist.gov/glossary/term/scap_content","definitions":[{"text":"Part or all of one or more SCAP data streams.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAP Content Checklist","link":"https://csrc.nist.gov/glossary/term/scap_content_checklist","definitions":[{"text":"An automated checklist that adheres to the SCAP specification in NIST SP 800-126 for documenting security settings in machine-readable standardized SCAP formats.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"SCAP Content Validation Tool","link":"https://csrc.nist.gov/glossary/term/scap_content_validation_tool","abbrSyn":[{"text":"SCAPVal","link":"https://csrc.nist.gov/glossary/term/scapval"}],"definitions":null},{"term":"SCAP data stream","link":"https://csrc.nist.gov/glossary/term/scap_data_stream","definitions":[{"text":"A specific instantiation of SCAP content.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAP data stream collection","link":"https://csrc.nist.gov/glossary/term/scap_data_stream_collection","definitions":[{"text":"A container for SCAP data streams and components.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAP result data stream","link":"https://csrc.nist.gov/glossary/term/scap_result_data_stream","definitions":[{"text":"An SCAP data stream that holds output (result) content.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]},{"text":"A bundle of SCAP components, along with the mappings of references between SCAP components, that holds output (result) content.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under SCAP Result Data Stream "}]}]},{"term":"SCAP Revision","link":"https://csrc.nist.gov/glossary/term/scap_revision","definitions":[{"text":"A version of the SCAP specification designated by a revision number in the format nn.nn.nn, where the first nn is the major revision number, the second nn number is the minor revision number, and the final nn number is the refinement number. A specific SCAP revision will populate all three fields, even if that means using zeros to show no minor revision or refinement number has been used to date. A leading zero will be used to pad single-digit revision or refinement numbers.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"SCAP source data stream","link":"https://csrc.nist.gov/glossary/term/scap_source_data_stream","definitions":[{"text":"An SCAP data stream that holds input (source) content.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]},{"text":"A bundle of SCAP components, along with the mappings of references between SCAP components, that holds input (source) content.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4","underTerm":" under SCAP Source Data Stream "}]}]},{"term":"SCAP source data stream collection","link":"https://csrc.nist.gov/glossary/term/scap_source_data_stream_collection","definitions":[{"text":"A container for SCAP data streams and components.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAP use case","link":"https://csrc.nist.gov/glossary/term/scap_use_case","definitions":[{"text":"A pre-defined way in which a product can use SCAP. See Section 5 for the definitions of the SCAP use cases.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"SCAPVal","link":"https://csrc.nist.gov/glossary/term/scapval","abbrSyn":[{"text":"SCAP Content Validation Tool","link":"https://csrc.nist.gov/glossary/term/scap_content_validation_tool"},{"text":"Security Content Automation Protocol Validation Tool","link":"https://csrc.nist.gov/glossary/term/security_content_automation_protocol_validation_tool"}],"definitions":null},{"term":"SCARL","link":"https://csrc.nist.gov/glossary/term/scarl","abbrSyn":[{"text":"Side Channel Analysis with Reinforcement Learning","link":"https://csrc.nist.gov/glossary/term/side_channel_analysis_with_reinforcement_learning"}],"definitions":null},{"term":"SCAS","link":"https://csrc.nist.gov/glossary/term/scas","abbrSyn":[{"text":"Security Assurance Specifications","link":"https://csrc.nist.gov/glossary/term/security_assurance_specifications"}],"definitions":null},{"term":"Scatternet","link":"https://csrc.nist.gov/glossary/term/scatternet","definitions":[{"text":"A chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"scavenging","link":"https://csrc.nist.gov/glossary/term/scavenging","definitions":[{"text":"Searching through object residue to acquire data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SCBA","link":"https://csrc.nist.gov/glossary/term/scba","abbrSyn":[{"text":"Self-Contained Breathing Apparatus","link":"https://csrc.nist.gov/glossary/term/self_contained_breathing_apparatus"}],"definitions":null},{"term":"SCC","link":"https://csrc.nist.gov/glossary/term/scc","abbrSyn":[{"text":"Sector Coordinating Council","link":"https://csrc.nist.gov/glossary/term/sector_coordinating_council"}],"definitions":null},{"term":"SCCM","link":"https://csrc.nist.gov/glossary/term/sccm","abbrSyn":[{"text":"System Center Configuration Manager","link":"https://csrc.nist.gov/glossary/term/system_center_configuration_manager"},{"text":"Systems Center Configuration Manager"}],"definitions":null},{"term":"Scenario","link":"https://csrc.nist.gov/glossary/term/scenario","definitions":[{"text":"A sequential, narrative account of a hypothetical incident that provides the catalyst for the exercise and is intended to introduce situations that will inspire responses and thus allow demonstration of the exercise objectives.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Scenario Test","link":"https://csrc.nist.gov/glossary/term/scenario_test","definitions":[{"text":"Scenario testing is intended to mimic an operational application and simultaneously institute controls on the procedures. Scenario testing requires members of a human test population to transact with biometric sensors.  Scenario tests are appropriate for capturing and assessing the effects of interactions human users have with biometric sensors and interfaces.","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"SCEP","link":"https://csrc.nist.gov/glossary/term/scep","abbrSyn":[{"text":"Simple Certificate Enrollment Protocol"}],"definitions":[{"text":"A protocol defined in an IETF internet draft specification that is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as referenced in other industry standards.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Certificate Enrollment Protocol "}]}]},{"term":"SCEPACS","link":"https://csrc.nist.gov/glossary/term/scepacs","abbrSyn":[{"text":"Smart Card Enabled Physical Access Control System","link":"https://csrc.nist.gov/glossary/term/smart_card_enabled_physical_access_control_system"}],"definitions":null},{"term":"scheduled data transfer","link":"https://csrc.nist.gov/glossary/term/scheduled_data_transfer","definitions":[{"text":"A connection used to transfer data on a regular, recurring basis.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"Scheme","link":"https://csrc.nist.gov/glossary/term/scheme","definitions":[{"text":"Set of rules and procedures that describes the objects of conformity assessment, identifies the specified requirements and provides the methodology for performing conformity assessment.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]},{"text":"A (cryptographic) scheme consists of a set of unambiguously specified transformations that are capable of providing a (cryptographic) service when properly implemented and maintained. A scheme is a higher-level construct than a primitive and a lower-level construct than a protocol.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A set of unambiguously specified transformations that provide a (cryptographic) service when properly implemented and maintained. A scheme is a higher-level construct than a primitive and a lower-level construct than a protocol.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"A set of unambiguously specified transformations that provide a (cryptographic) service (e.g., key establishment) when properly implemented and maintained. A scheme is a higher-level construct than a primitive and a lower-level construct than a protocol.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"A (cryptographic) scheme consists of a set of unambiguously specified transformations that are capable of providing a (cryptographic) service when properly implemented and maintained. A scheme is a higher-level construct than a primitive, and a lower-level construct than a protocol.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Scheme Owner","link":"https://csrc.nist.gov/glossary/term/scheme_owner","definitions":[{"text":"Person or organization responsible for the development and maintenance of a conformity assessment system or conformity assessment scheme.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]},{"text":"The entity that manages the labeling scheme and determines its structure and management and performs oversight to ensure that the scheme is functioning consistently with overall objectives.","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1"}]}]},{"term":"Schweitzer Engineering Laboratories","link":"https://csrc.nist.gov/glossary/term/schweitzer_engineering_laboratories","abbrSyn":[{"text":"SEL","link":"https://csrc.nist.gov/glossary/term/sel"}],"definitions":null},{"term":"SCI","link":"https://csrc.nist.gov/glossary/term/sci","abbrSyn":[{"text":"Sensitive Compartmented Information"}],"definitions":[{"text":"Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence. ","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sensitive Compartmented Information ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sensitive Compartmented Information ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Science, Technology, Engineering, and Math","link":"https://csrc.nist.gov/glossary/term/science_technology_engineering_and_math","abbrSyn":[{"text":"STEM","link":"https://csrc.nist.gov/glossary/term/stem"}],"definitions":null},{"term":"SCIF","link":"https://csrc.nist.gov/glossary/term/scif","abbrSyn":[{"text":"Sensitive Compartmented Information Facility"}],"definitions":null},{"term":"SCIP","link":"https://csrc.nist.gov/glossary/term/scip","abbrSyn":[{"text":"Secure Communications Interoperability Protocol","link":"https://csrc.nist.gov/glossary/term/secure_communications_interoperability_protocol"}],"definitions":null},{"term":"SCM","link":"https://csrc.nist.gov/glossary/term/scm","abbrSyn":[{"text":"software configuration management","link":"https://csrc.nist.gov/glossary/term/software_configuration_management"}],"definitions":null},{"term":"SCMS","link":"https://csrc.nist.gov/glossary/term/scms","abbrSyn":[{"text":"Security Credential Management System","link":"https://csrc.nist.gov/glossary/term/security_credential_management_system"}],"definitions":null},{"term":"scoping considerations","link":"https://csrc.nist.gov/glossary/term/scoping_considerations","definitions":[{"text":"A part of tailoring guidance providing organizations with specific considerations on the applicability and implementation of security controls in the security control baseline. Areas of consideration include policy/regulatory, technology, physical infrastructure, system component allocation, operational/environmental, public access, scalability, common control, and security objective.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Scoping Considerations "}]},{"text":"A part of tailoring guidance providing organizations with specific considerations on the applicability and implementation of controls in the control baselines. Considerations include policy/regulatory, technology, physical infrastructure, system element allocation, operational/environmental, public access, scalability, common control, and security objective.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A part of tailoring guidance that provides organizations with specific considerations on the applicability and implementation of security and privacy controls in the control baselines. Considerations include policy or regulatory, technology, physical infrastructure, system component allocation, public access, scalability, common control, operational or environmental, and security objective.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A part of tailoring guidance providing organizations with specific considerations on the applicability and implementation of security and privacy controls in the control baselines. Considerations include policy or regulatory, technology, physical infrastructure, system component allocation, public access, scalability, common control, operational or environmental, and security objective.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"term":"Scoping Guidance","link":"https://csrc.nist.gov/glossary/term/scoping_guidance","definitions":[{"text":"Provides organizations with specific technology-related, infrastructure-related, public access-related, scalability-related, common security control-related, and risk-related considerations on the applicability and implementation of individual security controls in the control baseline.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]}]},{"term":"SCOR","link":"https://csrc.nist.gov/glossary/term/scor","abbrSyn":[{"text":"Security Control Overlay Repository","link":"https://csrc.nist.gov/glossary/term/security_control_overlay_repository"}],"definitions":null},{"term":"SCORE","link":"https://csrc.nist.gov/glossary/term/score","abbrSyn":[{"text":"Special Cyber Operations Research and Engineering","link":"https://csrc.nist.gov/glossary/term/special_cyber_operations_research_and_engineering"}],"definitions":null},{"term":"SCP","link":"https://csrc.nist.gov/glossary/term/scp","abbrSyn":[{"text":"Secure Copy","link":"https://csrc.nist.gov/glossary/term/secure_copy"},{"text":"Secure Copy Protocol","link":"https://csrc.nist.gov/glossary/term/secure_copy_protocol"},{"text":"Service Class Provider","link":"https://csrc.nist.gov/glossary/term/service_class_provider"},{"text":"System Contingency Plan","link":"https://csrc.nist.gov/glossary/term/system_contingency_plan"}],"definitions":null},{"term":"Script","link":"https://csrc.nist.gov/glossary/term/script","definitions":[{"text":"A sequence of instructions, ranging from a simple list of operating system commands to full-blown programming language statements, which can be executed automatically by an interpreter.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]}]},{"term":"Scripting Language","link":"https://csrc.nist.gov/glossary/term/scripting_language","definitions":[{"text":"A definition of the syntax and semantics for writing and interpreting scripts.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]}]},{"term":"SCRM","link":"https://csrc.nist.gov/glossary/term/scrm","abbrSyn":[{"text":"Supply Chain Risk Management"}],"definitions":[{"text":"the implementation of processes, tools or techniques to minimize the adverse impact of attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Supply Chain Risk Management "}]}]},{"term":"SCRTM","link":"https://csrc.nist.gov/glossary/term/scrtm","abbrSyn":[{"text":"Static Core Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/static_core_root_of_trust_for_measurement"}],"definitions":null},{"term":"SCSI","link":"https://csrc.nist.gov/glossary/term/scsi","abbrSyn":[{"text":"Small Computer System Interface","link":"https://csrc.nist.gov/glossary/term/small_computer_system_interface"}],"definitions":[{"text":"A magnetic media interface specification. Small Computer System Interface.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"SCTP","link":"https://csrc.nist.gov/glossary/term/sctp","abbrSyn":[{"text":"Stream Control Transmission Protocol","link":"https://csrc.nist.gov/glossary/term/stream_control_transmission_protocol"}],"definitions":null},{"term":"SCV","link":"https://csrc.nist.gov/glossary/term/scv","abbrSyn":[{"text":"Secured Component Verification","link":"https://csrc.nist.gov/glossary/term/secured_component_verification"}],"definitions":null},{"term":"SCW","link":"https://csrc.nist.gov/glossary/term/scw","abbrSyn":[{"text":"Security Configuration Wizard","link":"https://csrc.nist.gov/glossary/term/security_configuration_wizard"}],"definitions":null},{"term":"SD","link":"https://csrc.nist.gov/glossary/term/sd","abbrSyn":[{"text":"Secure Digital","link":"https://csrc.nist.gov/glossary/term/secure_digital"}],"definitions":null},{"term":"SDA","link":"https://csrc.nist.gov/glossary/term/sda","abbrSyn":[{"text":"Secure Device Authentication","link":"https://csrc.nist.gov/glossary/term/secure_device_authentication"}],"definitions":null},{"term":"SDC","link":"https://csrc.nist.gov/glossary/term/sdc","abbrSyn":[{"text":"statistical disclosure control","link":"https://csrc.nist.gov/glossary/term/statistical_disclosure_control"}],"definitions":null},{"term":"SDDC","link":"https://csrc.nist.gov/glossary/term/sddc","abbrSyn":[{"text":"Software-Defined Data Center","link":"https://csrc.nist.gov/glossary/term/software_defined_data_center"}],"definitions":null},{"term":"SDEI","link":"https://csrc.nist.gov/glossary/term/sdei","abbrSyn":[{"text":"Software Delegated Exception Interface","link":"https://csrc.nist.gov/glossary/term/software_delegated_exception_interface"}],"definitions":null},{"term":"SDK","link":"https://csrc.nist.gov/glossary/term/sdk","abbrSyn":[{"text":"Software Developer Kit"},{"text":"Software Development Kit","link":"https://csrc.nist.gov/glossary/term/software_development_kit"}],"definitions":null},{"term":"SDL","link":"https://csrc.nist.gov/glossary/term/sdl","abbrSyn":[{"text":"Security Development Lifecycle","link":"https://csrc.nist.gov/glossary/term/security_development_lifecycle"},{"text":"statistical disclosure limitation","link":"https://csrc.nist.gov/glossary/term/statistical_disclosure_limitation"}],"definitions":[{"text":"The set of methods to reduce the risk of disclosing information on individuals, businesses or other organizations. Such methods are only related to the dissemination step and are usually based on restricting the amount of or modifying the data released.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under statistical disclosure limitation ","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"SDLC","link":"https://csrc.nist.gov/glossary/term/sdlc","abbrSyn":[{"text":"Software Development Life Cycle","link":"https://csrc.nist.gov/glossary/term/software_development_life_cycle"},{"text":"System development life cycle"},{"text":"System Development Life Cycle"},{"text":"System Development Lifecycle","link":"https://csrc.nist.gov/glossary/term/system_development_lifecycle"}],"definitions":[{"text":"A formal or informal methodology for designing, creating, and maintaining software (including code built into hardware).","sources":[{"text":"NIST SP 800-218","link":"https://doi.org/10.6028/NIST.SP.800-218","underTerm":" under Software Development Life Cycle "}]},{"text":"The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System Development Life Cycle ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-34","link":"https://doi.org/10.6028/NIST.SP.800-34"}]}]}]},{"term":"SDMI","link":"https://csrc.nist.gov/glossary/term/sdmi","abbrSyn":[{"text":"Secure Digital Music Initiative","link":"https://csrc.nist.gov/glossary/term/secure_digital_music_initiative"}],"definitions":null},{"term":"SDN","link":"https://csrc.nist.gov/glossary/term/sdn","abbrSyn":[{"text":"Software Defined Network","link":"https://csrc.nist.gov/glossary/term/software_defined_network"},{"text":"Software Defined Networking"},{"text":"Software-Defined Networking","link":"https://csrc.nist.gov/glossary/term/software_defined_networking"}],"definitions":null},{"term":"SDO","link":"https://csrc.nist.gov/glossary/term/sdo","abbrSyn":[{"text":"Standards Developing Organization","link":"https://csrc.nist.gov/glossary/term/standards_developing_organization"},{"text":"Standards Developing Organizations","link":"https://csrc.nist.gov/glossary/term/standards_developing_organizations"}],"definitions":[{"text":"any organization that develops and approves standards using various methods to establish consensus among its participants. Such organizations may be: accredited, such as ANSI -accredited IEEE; international treaty based, such as the ITU- T; private sector based, such as ISO/IEC; an international consortium, such as OASIS or IETF; or a government agency.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Standards Developing Organization "}]}]},{"term":"SDoC","link":"https://csrc.nist.gov/glossary/term/sdoc","abbrSyn":[{"text":"Supplier’s Declaration of Conformity","link":"https://csrc.nist.gov/glossary/term/supplier_declaration_of_conformity"}],"definitions":[{"text":"Declaration where the conformity assessment activity is performed by the person or organization that provides the ‘object’ (such as product, process, management system, person or body) and the supplier provides written confidence of conformity.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2","underTerm":" under Supplier’s Declaration of Conformity "}]}]},{"term":"SDP","link":"https://csrc.nist.gov/glossary/term/sdp","abbrSyn":[{"text":"Service Discovery Protocol","link":"https://csrc.nist.gov/glossary/term/service_discovery_protocol"},{"text":"Session Description Protocol","link":"https://csrc.nist.gov/glossary/term/session_description_protocol"},{"text":"Software Defined Perimeter","link":"https://csrc.nist.gov/glossary/term/software_defined_perimeter"},{"text":"software-defined perimeter"},{"text":"System Development Platform","link":"https://csrc.nist.gov/glossary/term/system_development_platform"}],"definitions":null},{"term":"SDR","link":"https://csrc.nist.gov/glossary/term/sdr","abbrSyn":[{"text":"System Design Review","link":"https://csrc.nist.gov/glossary/term/system_design_review"}],"definitions":null},{"term":"SDS","link":"https://csrc.nist.gov/glossary/term/sds","abbrSyn":[{"text":"Secure DTD2000 System","link":"https://csrc.nist.gov/glossary/term/secure_dtd2000_system"},{"text":"Software-Defined Storage","link":"https://csrc.nist.gov/glossary/term/software_defined_storage"}],"definitions":null},{"term":"SDWAN","link":"https://csrc.nist.gov/glossary/term/sdwan","abbrSyn":[{"text":"Software Defined Wide Area Network","link":"https://csrc.nist.gov/glossary/term/software_defined_wide_area_network"}],"definitions":null},{"term":"SD-WAN","link":"https://csrc.nist.gov/glossary/term/sd_wan","abbrSyn":[{"text":"Software Defined Wide Area Network","link":"https://csrc.nist.gov/glossary/term/software_defined_wide_area_network"}],"definitions":null},{"term":"SE","link":"https://csrc.nist.gov/glossary/term/se","abbrSyn":[{"text":"Secure Element","link":"https://csrc.nist.gov/glossary/term/secure_element"}],"definitions":null},{"term":"seal of approval","link":"https://csrc.nist.gov/glossary/term/seal_of_approval","abbrSyn":[{"text":"binary label","link":"https://csrc.nist.gov/glossary/term/binary_label"}],"definitions":[{"text":"A single label indicating a product has met a baseline standard.","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1","underTerm":" under binary label "}]}]},{"term":"SEBoK","link":"https://csrc.nist.gov/glossary/term/sebok","abbrSyn":[{"text":"Systems Engineering Body of Knowledge","link":"https://csrc.nist.gov/glossary/term/systems_engineering_body_of_knowledge"}],"definitions":null},{"term":"SECAM","link":"https://csrc.nist.gov/glossary/term/secam","abbrSyn":[{"text":"Security Assurance Methodology","link":"https://csrc.nist.gov/glossary/term/security_assurance_methodology"}],"definitions":null},{"term":"SecCM","link":"https://csrc.nist.gov/glossary/term/seccm","abbrSyn":[{"text":"Security-focused Configuration Management","link":"https://csrc.nist.gov/glossary/term/security_focused_configuration_management"},{"text":"Security-Focused Configuration Management"}],"definitions":null},{"term":"seccomp","link":"https://csrc.nist.gov/glossary/term/seccomp","abbrSyn":[{"text":"Secure Computing","link":"https://csrc.nist.gov/glossary/term/secure_computing"}],"definitions":null},{"term":"SecDOP","link":"https://csrc.nist.gov/glossary/term/secdop","abbrSyn":[{"text":"Security Design Order of Precedence"}],"definitions":null},{"term":"Second byte of a two-byte status word","link":"https://csrc.nist.gov/glossary/term/second_byte_of_a_two_byte_status_word","abbrSyn":[{"text":"SW2","link":"https://csrc.nist.gov/glossary/term/sw2"}],"definitions":null},{"term":"Second preimage","link":"https://csrc.nist.gov/glossary/term/second_preimage","definitions":[{"text":"A message Ms’, that is different from a given message Ms , such that its message digest is the same as the known message digest of Ms.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"A message X’, that is different from a given message X , such that its message digest is the same as the known message digest of X.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}],"seeAlso":[{"text":"Second preimage resistance","link":"second_preimage_resistance"}]},{"term":"Second preimage resistance","link":"https://csrc.nist.gov/glossary/term/second_preimage_resistance","definitions":[{"text":"An expected property of a cryptographic hash function whereby it is computationally infeasible to find a second preimage of a known message digest, See “Second preimage”.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106"}]},{"text":"An expected property of a hash function whereby it is computationally infeasible to find a second preimage of a known message digest, See “Second preimage”.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]}],"seeAlso":[{"text":"Hash function"},{"text":"Second preimage","link":"second_preimage"}]},{"term":"Secondary market","link":"https://csrc.nist.gov/glossary/term/secondary_market","definitions":[{"text":"An unofficial, unauthorized, or unintended distribution channel.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"Secret and Below Interoperability","link":"https://csrc.nist.gov/glossary/term/secret_and_below_interoperability","abbrSyn":[{"text":"SABI","link":"https://csrc.nist.gov/glossary/term/sabi"}],"definitions":null},{"term":"secret key","link":"https://csrc.nist.gov/glossary/term/secret_key","abbrSyn":[{"text":"Symmetric key"}],"definitions":[{"text":"A single cryptographic key that is used with a symmetric-key algorithm; also called a secret key. A symmetric-key algorithm is a cryptographic algorithm that uses the same secret key for an operation and its complement (e.g., encryption and decryption).","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that is used with a (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"A cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Secret Key "}]},{"text":"A cryptographic key used by one or more (authorized) entities in a symmetric-key cryptographic algorithm; the key is not made public.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Secret key "}]},{"text":"See Secret key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Symmetric key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key used by a secret-key (symmetric) cryptographic algorithm and that is not made public.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a secret (symmetric) key algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Secret key "}]},{"text":"A cryptographic key that is used with a secret key (also known as a symmetric key) cryptographic algorithm that is uniquely associated with one or more entities and shall not be made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is shared by both originator and recipient (see symmetric key algorithm)","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that is shared between two or more entities and used with a cryptographic application to process information.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used by one or more entities with a symmetric key algorithm.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used with a symmetric (secret key) cryptographic algorithm and is not made public (i.e., the key is kept secret). A secret key is also called a symmetric key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"Compare with a private key, which is used with a public-key (asymmetric-key) algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a symmetric (secret key) algorithm, is uniquely associated with one or more entities, and is not made public (i.e., the key is kept secret); a symmetric key is often called a secret key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used with a symmetric-key cryptographic algorithm, is uniquely associated with one or more entities and is not made public (i.e., the key is kept secret). A secret key is also called a Symmetric key. The use of the term “secret” in this context does not imply a classification level but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a symmetric-key cryptographic algorithm, is uniquely associated with one or more entities, and is not made public (i.e., the key is kept secret). A symmetric key is often called a secret key. See Secret key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Secret Key "}]}]},{"term":"secret key (symmetric) cryptographic algorithm","link":"https://csrc.nist.gov/glossary/term/secret_key_cryptographic_algorithm","definitions":[{"text":"A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2","note":" - Adapted"}]}]},{"text":"See symmetric (secret key) algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret-key (symmetric) cryptographic algorithm "}]},{"text":"A cryptographic algorithm that uses the same secret key for an operation and its complement (e.g., encryption and decryption). The key is kept secret and is called either a secret key or symmetric key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Symmetric-key (secret-key) algorithm "}]},{"text":"See Symmetric-key algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Secret-key algorithm "}]}]},{"term":"Secret key information","link":"https://csrc.nist.gov/glossary/term/secret_key_information","definitions":[{"text":"The key information that needs to be kept secret (i.e., symmetric keys, private keys, key shares and secret metadata).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Secret keying material","link":"https://csrc.nist.gov/glossary/term/secret_keying_material","definitions":[{"text":"The binary data that is used to form secret keys, such as AES encryption or HMAC keys.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"The binary data that is used to form secret keys, such as AES encryption keys or HMAC keys.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1"}]},{"text":"As used in this Recommendation, the secret keying material that is either (1) derived by applying the key-derivation method to the shared secret and other shared information during a key-agreement transaction, or (2) is transported during a key-transport transaction.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Secret keying material (that is shared) "}]}]},{"term":"secret seed","link":"https://csrc.nist.gov/glossary/term/secret_seed","definitions":[{"text":"A secret value used to initialize a pseudorandom number generator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Sector","link":"https://csrc.nist.gov/glossary/term/sector","definitions":[{"text":"The smallest unit that can be accessed on media.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Sector-Specific Agency","link":"https://csrc.nist.gov/glossary/term/sector_specific_agency","abbrSyn":[{"text":"SSA","link":"https://csrc.nist.gov/glossary/term/ssa"}],"definitions":null},{"term":"secure access service edge","link":"https://csrc.nist.gov/glossary/term/secure_access_service_edge","abbrSyn":[{"text":"SASE","link":"https://csrc.nist.gov/glossary/term/sase"}],"definitions":null},{"term":"Secure And Fast Encryption Routine","link":"https://csrc.nist.gov/glossary/term/secure_and_fast_encryption_routine","abbrSyn":[{"text":"SAFER","link":"https://csrc.nist.gov/glossary/term/safer"}],"definitions":null},{"term":"Secure channel","link":"https://csrc.nist.gov/glossary/term/secure_channel","definitions":[{"text":"A path for transferring data between two entities or components that ensures confidentiality, integrity and replay protection, as well as mutual authentication between the entities or components. The secure channel may be provided using cryptographic, physical or procedural methods, or a combination thereof.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A path for transferring data between two entities or components that ensures confidentiality, integrity and replay protection, as well as mutual authentication between the entities or components. The secure channel may be provided using approved cryptographic, physical or procedural methods, or a combination thereof. Sometimes called a trusted channel.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Secure Channel "}]},{"text":"A path for transferring data between two entities or components that ensures confidentiality, integrity, and replay protection as well as mutual authentication between the entities or components. The secure channel may be provided using cryptographic, physical, or procedural methods or a combination thereof.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"secure communication protocol","link":"https://csrc.nist.gov/glossary/term/secure_communication_protocol","definitions":[{"text":"A communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3"}]}]},{"text":"A communication protocol that provides the appropriate confidentiality, source authentication, and data integrity protection.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Secure communication protocol "}]},{"text":"A communication protocol that provides the appropriate confidentiality, source authentication, and integrity protection.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Secure communication protocol "}]},{"text":"A communication protocol that provides the appropriate confidentiality, authentication and content-integrity protection.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Secure communication protocol "}]}]},{"term":"secure communications","link":"https://csrc.nist.gov/glossary/term/secure_communications","definitions":[{"text":"Telecommunications deriving security through use of National Security Agency (NSA)-approved products and/or protected distribution systems (PDSs).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Secure Communications Interoperability Protocol","link":"https://csrc.nist.gov/glossary/term/secure_communications_interoperability_protocol","abbrSyn":[{"text":"SCIP","link":"https://csrc.nist.gov/glossary/term/scip"}],"definitions":null},{"term":"secure communications interoperability protocol (SCIP) product","link":"https://csrc.nist.gov/glossary/term/secure_communications_interoperability_protocol_product","definitions":[{"text":"National Security Agency (NSA) certified secure voice and data encryption devices that provide interoperability with both national and foreign wired and wireless products.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4032","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Secure Computing","link":"https://csrc.nist.gov/glossary/term/secure_computing","abbrSyn":[{"text":"seccomp","link":"https://csrc.nist.gov/glossary/term/seccomp"}],"definitions":null},{"term":"Secure Copy Protocol","link":"https://csrc.nist.gov/glossary/term/secure_copy_protocol","abbrSyn":[{"text":"SCP","link":"https://csrc.nist.gov/glossary/term/scp"}],"definitions":null},{"term":"Secure Device Authentication","link":"https://csrc.nist.gov/glossary/term/secure_device_authentication","abbrSyn":[{"text":"SDA","link":"https://csrc.nist.gov/glossary/term/sda"}],"definitions":null},{"term":"Secure Digital","link":"https://csrc.nist.gov/glossary/term/secure_digital","abbrSyn":[{"text":"SD","link":"https://csrc.nist.gov/glossary/term/sd"}],"definitions":null},{"term":"Secure Digital eXtended Capacity (SDXC)","link":"https://csrc.nist.gov/glossary/term/secure_digital_extended_capacity","definitions":[{"text":"Supports cards up to 2 TB, compared to a limit of 32 GB for SDHC cards in the SD 2.0 specification.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Secure Digital Music Initiative","link":"https://csrc.nist.gov/glossary/term/secure_digital_music_initiative","abbrSyn":[{"text":"SDMI","link":"https://csrc.nist.gov/glossary/term/sdmi"}],"definitions":null},{"term":"Secure DTD2000 System","link":"https://csrc.nist.gov/glossary/term/secure_dtd2000_system","abbrSyn":[{"text":"SDS","link":"https://csrc.nist.gov/glossary/term/sds"}],"definitions":null},{"term":"Secure Element","link":"https://csrc.nist.gov/glossary/term/secure_element","abbrSyn":[{"text":"SE","link":"https://csrc.nist.gov/glossary/term/se"}],"definitions":null},{"term":"Secure Entry Point","link":"https://csrc.nist.gov/glossary/term/secure_entry_point","abbrSyn":[{"text":"SEP","link":"https://csrc.nist.gov/glossary/term/sep"}],"definitions":null},{"term":"Secure Erase Command","link":"https://csrc.nist.gov/glossary/term/secure_erase_command","definitions":[{"text":"An overwrite command in the ATA standard (as ‘Security Erase Unit’) that leverages a firmware-based process to overwrite the media. This command typically executes substantially faster than attempting to rewrite through the native read and write interface. There are up to two options, ‘normal erase’ and ‘enhanced erase’. The normal erase, as defined in the standard, is only required to address data in the contents of LBA 0 through the greater of READ NATIVE MAX or READ NATIVE MAX EXT, and replaces the contents with 0s or 1s. The enhanced erase command specifies that, “…all previously written user data shall be overwritten, including sectors that are no longer in use due to reallocation” and the contents of the media following Sanitization are vendor unique. The actual action performed by an enhanced erase varies by vendor and model, and could include a variety of actions that have varying levels of effectiveness. The secure erase command is not defined in the SCSI standard, so it does not apply to media with a SCSI interface.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Secure Exception Level","link":"https://csrc.nist.gov/glossary/term/secure_exception_level","abbrSyn":[{"text":"SEL","link":"https://csrc.nist.gov/glossary/term/sel"}],"definitions":null},{"term":"Secure File Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/secure_file_transfer_protocol","abbrSyn":[{"text":"SFTP","link":"https://csrc.nist.gov/glossary/term/sftp"}],"definitions":null},{"term":"Secure FTP","link":"https://csrc.nist.gov/glossary/term/secure_ftp","abbrSyn":[{"text":"SFTP","link":"https://csrc.nist.gov/glossary/term/sftp"}],"definitions":null},{"term":"Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm","abbrSyn":[{"text":"SHA","link":"https://csrc.nist.gov/glossary/term/sha"},{"text":"SHA-1","link":"https://csrc.nist.gov/glossary/term/sha_1"},{"text":"SHA-2","link":"https://csrc.nist.gov/glossary/term/sha_2"}],"definitions":[{"text":"A hash algorithm with the property that it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"The Secure Hash Algorithm defined in Federal Information Processing Standard 180-1.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under SHA-1 "}]},{"text":"A hash function specified in FIPS 180-2, the Secure Hash Standard.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under SHA-1 "}]},{"text":"Secure Hash Algorithm.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under SHA "}]},{"text":"The SHA-1 hash for the resource.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]","underTerm":" under SHA-1 "}]}]},{"term":"Secure Hash Algorithm 256","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_256","abbrSyn":[{"text":"SHA256"},{"text":"SHA-256","link":"https://csrc.nist.gov/glossary/term/sha_256"}],"definitions":[{"text":"A hash algorithm that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"The SHA-256 hash for the resource.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]","underTerm":" under SHA-256 "}]}]},{"term":"Secure Hash Algorithm 3","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_3","abbrSyn":[{"text":"SHA-3","link":"https://csrc.nist.gov/glossary/term/sha_3"}],"definitions":[{"text":"Secure Hash Algorithm-3.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185","underTerm":" under SHA-3 "}]}]},{"term":"Secure Hash Algorithm Keccak","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_keccak","abbrSyn":[{"text":"SHAKE","link":"https://csrc.nist.gov/glossary/term/shake"}],"definitions":null},{"term":"secure hash standard","link":"https://csrc.nist.gov/glossary/term/secure_hash_standard","abbrSyn":[{"text":"SHS","link":"https://csrc.nist.gov/glossary/term/shs"}],"definitions":[{"text":"The standard specifying hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]}]},{"term":"Secure Initialization Authenticated Code Module","link":"https://csrc.nist.gov/glossary/term/secure_initialization_authenticated_code_module","abbrSyn":[{"text":"SINIT ACM","link":"https://csrc.nist.gov/glossary/term/sinit_acm"}],"definitions":null},{"term":"Secure Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/secure_inter_domain_routing","abbrSyn":[{"text":"SIDR","link":"https://csrc.nist.gov/glossary/term/sidr"}],"definitions":null},{"term":"Secure Inter-Domain Routing Working Group","link":"https://csrc.nist.gov/glossary/term/secure_inter_domain_routing_working_group","note":"(in the IETF)","abbrSyn":[{"text":"SIDR WG","link":"https://csrc.nist.gov/glossary/term/sidr_wg"}],"definitions":null},{"term":"Secure Kernel","link":"https://csrc.nist.gov/glossary/term/secure_kernel","abbrSyn":[{"text":"SK","link":"https://csrc.nist.gov/glossary/term/sk"}],"definitions":null},{"term":"Secure LDAP","link":"https://csrc.nist.gov/glossary/term/secure_ldap","abbrSyn":[{"text":"LDAPS","link":"https://csrc.nist.gov/glossary/term/ldaps"}],"definitions":null},{"term":"Secure Memory Encryption","link":"https://csrc.nist.gov/glossary/term/secure_memory_encryption","abbrSyn":[{"text":"SME","link":"https://csrc.nist.gov/glossary/term/sme"}],"definitions":null},{"term":"Secure Messaging","link":"https://csrc.nist.gov/glossary/term/secure_messaging","abbrSyn":[{"text":"SM","link":"https://csrc.nist.gov/glossary/term/sm"}],"definitions":null},{"term":"Secure Messaging Key Authentication (SM-AUTH)","link":"https://csrc.nist.gov/glossary/term/secure_messaging_key_authentication_sm_auth","definitions":[{"text":"An authentication mechanism where the secure messaging key and associated certificate are used for authentication.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Secure Monitor Call","link":"https://csrc.nist.gov/glossary/term/secure_monitor_call","abbrSyn":[{"text":"SMC","link":"https://csrc.nist.gov/glossary/term/smc"}],"definitions":null},{"term":"Secure Multi-Party Computation","link":"https://csrc.nist.gov/glossary/term/secure_multi_party_computation","abbrSyn":[{"text":"SMPC","link":"https://csrc.nist.gov/glossary/term/smpc"}],"definitions":null},{"term":"Secure Multipurpose Internet Mail Extensions (S/MIME)","link":"https://csrc.nist.gov/glossary/term/secure_multipurpose_internet_mail_extensions","abbrSyn":[{"text":"S/MIME","link":"https://csrc.nist.gov/glossary/term/s_mime"}],"definitions":[{"text":"A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under secure/ multipurpose internet mail extensions (S/MIME) ","refSources":[{"text":"NIST SP 800-49","link":"https://doi.org/10.6028/NIST.SP.800-49"}]}]},{"text":"A protocol defined in IETF RFCs 3850 through 3852 and 2634 for encrypting messages and creating certificates using public key cryptography. S/MIME is supported by default installations of many popular mail clients. S/MIME uses a classic, hierarchical design based on certificate authorities for its key management, making it suitable for medium to large implementations.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Secure Partition","link":"https://csrc.nist.gov/glossary/term/secure_partition","abbrSyn":[{"text":"SP","link":"https://csrc.nist.gov/glossary/term/sp"}],"definitions":null},{"term":"Secure Partition Manager","link":"https://csrc.nist.gov/glossary/term/secure_partition_manager","abbrSyn":[{"text":"SPM","link":"https://csrc.nist.gov/glossary/term/spm"}],"definitions":null},{"term":"Secure Production Identity Framework for Everyone","link":"https://csrc.nist.gov/glossary/term/secure_production_identity_framework_for_everyone","abbrSyn":[{"text":"SPIFFE","link":"https://csrc.nist.gov/glossary/term/spiffe"}],"definitions":null},{"term":"Secure SCADA Communications Protocol","link":"https://csrc.nist.gov/glossary/term/secure_scada_communications_protocol","abbrSyn":[{"text":"SSCP","link":"https://csrc.nist.gov/glossary/term/sscp"}],"definitions":null},{"term":"Secure Service Container","link":"https://csrc.nist.gov/glossary/term/secure_service_container","note":"(IBM)","abbrSyn":[{"text":"SSC","link":"https://csrc.nist.gov/glossary/term/ssc"}],"definitions":null},{"term":"Secure Shell","link":"https://csrc.nist.gov/glossary/term/secure_shell","abbrSyn":[{"text":"SSH","link":"https://csrc.nist.gov/glossary/term/ssh"}],"definitions":null},{"term":"Secure Shell (network protocol)","link":"https://csrc.nist.gov/glossary/term/secure_shell_network_protocol","abbrSyn":[{"text":"SSH","link":"https://csrc.nist.gov/glossary/term/ssh"}],"definitions":null},{"term":"Secure Simple Pairing","link":"https://csrc.nist.gov/glossary/term/secure_simple_pairing","abbrSyn":[{"text":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp"}],"definitions":null},{"term":"Secure Socket Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/secure_socket_tunneling_protocol","abbrSyn":[{"text":"SSTP","link":"https://csrc.nist.gov/glossary/term/sstp"}],"definitions":null},{"term":"Secure Sockets Layer (SSL)","link":"https://csrc.nist.gov/glossary/term/secure_sockets_layer","abbrSyn":[{"text":"SSL","link":"https://csrc.nist.gov/glossary/term/ssl"},{"text":"Transport Layer Security (TLS)","link":"https://csrc.nist.gov/glossary/term/transport_layer_security"}],"definitions":[{"text":"Provides privacy and data integrity between two communicating applications. It is designed to encapsulate other protocols, such as HTTP. TLS v1.0 was released in 1999, providing slight modifications to SSL 3.0.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Transport Layer Security (TLS) ","refSources":[{"text":"IETF RFC 2246","link":"https://www.ietf.org/rfc/rfc2246.txt"}]}]},{"text":"A security protocol providing privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Transport Layer Security (TLS) ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Provides privacy and reliability between two communicating applications. It is designed to encapsulate other protocols, such as HTTP. SSL v3.0 was released in 1996. It has been succeeded by IETF's TLS.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"SSL 3.0 specification","link":"https://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00"}]}]},{"text":"A protocol used for protecting private information during transmission via the Internet. \nNote: SSL works by using the service public key to encrypt a secret key that is used to encrypt the data that is transferred over the SSL session. Most web browsers support SSL and many web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:”. The default port for SSL is 443.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under secure socket layer (SSL) "}]},{"text":"See Transport Layer Security (TLS).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246. TLS is similar to the older SSL protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations, specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Transport Layer Security (TLS) "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246. TLS is similar to the older SSL protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations [NIST SP 800-52], specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Transport Layer Security (TLS) "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246 and RFC 8446.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Transport Layer Security (TLS) "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Transport Layer Security (TLS) "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Transport Layer Security (TLS) "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. SSL has been superseded by the newer Transport Layer Security (TLS) protocol; TLS 1.0 is effectively SSL version 3.1.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by [RFC 2246], [RFC 3546], and [RFC 5246]. TLS is similar to the older Secure Sockets Layer (SSL) protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Transport Layer Security (TLS) "}]}]},{"term":"Secure Sockets Layer/Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/secure_sockets_layer__transport_layer_security","abbrSyn":[{"text":"SSL/TLS","link":"https://csrc.nist.gov/glossary/term/ssl-tls"}],"definitions":null},{"term":"Secure Software Development Framework","link":"https://csrc.nist.gov/glossary/term/secure_software_development_framework","abbrSyn":[{"text":"SSDF","link":"https://csrc.nist.gov/glossary/term/ssdf"}],"definitions":null},{"term":"secure state","link":"https://csrc.nist.gov/glossary/term/secure_state","definitions":[{"text":"Condition in which no subject can access any object in an unauthorized manner.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Secure Telephone Unit","link":"https://csrc.nist.gov/glossary/term/secure_telephone_unit","abbrSyn":[{"text":"STU","link":"https://csrc.nist.gov/glossary/term/stu"}],"definitions":null},{"term":"Secure Terminal Equipment","link":"https://csrc.nist.gov/glossary/term/secure_terminal_equipment","abbrSyn":[{"text":"STE","link":"https://csrc.nist.gov/glossary/term/ste"}],"definitions":null},{"term":"Secure Transport","link":"https://csrc.nist.gov/glossary/term/secure_transport","definitions":[{"text":"Transfer of information using a transport layer protocol that provides security between applications communicating over an IP network.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Secure Virtual Machine","link":"https://csrc.nist.gov/glossary/term/secure_virtual_machine","abbrSyn":[{"text":"SVM","link":"https://csrc.nist.gov/glossary/term/svm"}],"definitions":null},{"term":"secure web gateway","link":"https://csrc.nist.gov/glossary/term/secure_web_gateway","abbrSyn":[{"text":"SWG","link":"https://csrc.nist.gov/glossary/term/swg"}],"definitions":null},{"term":"Secure World","link":"https://csrc.nist.gov/glossary/term/secure_world","abbrSyn":[{"text":"SW","link":"https://csrc.nist.gov/glossary/term/sw"}],"definitions":null},{"term":"Secure/Multipurpose Internet Mail Exchange (network protocol)","link":"https://csrc.nist.gov/glossary/term/secure_multipurpose_internet_mail_exchange_network_protocol","abbrSyn":[{"text":"S/MIME","link":"https://csrc.nist.gov/glossary/term/s_mime"}],"definitions":null},{"term":"Secured Component Verification","link":"https://csrc.nist.gov/glossary/term/secured_component_verification","abbrSyn":[{"text":"SCV","link":"https://csrc.nist.gov/glossary/term/scv"}],"definitions":null},{"term":"Secured Encrypted Virtualization","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization","abbrSyn":[{"text":"SEV","link":"https://csrc.nist.gov/glossary/term/sev"}],"definitions":null},{"term":"Secured Encrypted Virtualization with Encrypted State","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization_with_encrypted_state","abbrSyn":[{"text":"SEV-ES","link":"https://csrc.nist.gov/glossary/term/sev_es"}],"definitions":null},{"term":"Secured Encrypted Virtualization with Secured Nested Paging","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization_with_secured_nested_paging","abbrSyn":[{"text":"SEV-SNP","link":"https://csrc.nist.gov/glossary/term/sev_snp"}],"definitions":null},{"term":"securely resilient","link":"https://csrc.nist.gov/glossary/term/securely_resilient","definitions":[{"text":"The ability of a system to preserve a secure state despite disruption, to include the system transitions between normal and degraded modes. Securely resilient is a primary objective of systems security engineering.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]}]},{"term":"security","link":"https://csrc.nist.gov/glossary/term/security","abbrSyn":[{"text":"SEC","link":"https://csrc.nist.gov/glossary/term/sec"}],"definitions":[{"text":"A condition that results from the establishment and maintenance of protective measures that enable an organization to perform its mission or critical functions despite risks posed by threats to its use of systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the organization’s risk management approach.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"Protection against intentional subversion or forced failure. A composite of four attributes – confidentiality, integrity, availability, and accountability – plus aspects of a fifth, usability, all of which have the related issue of their assurance.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"ISO/IEC 15288:2008"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"Freedom from those conditions that can cause loss of assets with unacceptable consequences.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Security is a system property. Security is much more that a set of functions and mechanisms. Information technology security is a system characteristic as well as a set of mechanisms which span the system both logically and physically.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"}]},{"text":"Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide—\n(A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity;\n(B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and\n(C) availability, which means ensuring timely and reliable access to and use of information.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under Security ","refSources":[{"text":"44 U.S.C., Sec. 3542","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3542"}]}]},{"text":"A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach. Note: See also information security and cybersecurity.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"The combination of confidentiality, integrity and availability.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under Security ","refSources":[{"text":"DoD 5200.28-STD","link":"https://www.esd.whs.mil/DD/"}]}]},{"text":"the preservation of confidentiality, integrity and availability of information. NOTE In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be relevant.\nA.    Integrity, property of protecting the accuracy and completeness of assets;\nB.    Confidentiality, property that information is not made available or disclosed to unauthorized individuals, entities, or processes;\nC.    Availability, property of being accessible and usable upon demand by an authorized entity.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Security ","refSources":[{"text":"ISO/IEC 27000:2009"}]}]},{"text":"The state in which the integrity, confidentiality, and accessibility of information, service or network entity is assured.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Security "}]},{"text":"refers to information security. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:\nA.    Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;\nB.    Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and\nC.    Availability, which means ensuring timely and reliable access to and use of information.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Security ","refSources":[{"text":"PL 107-347","link":"https://www.govinfo.gov/app/details/PLAW-107publ347/"}]}]},{"text":"A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"Security is a system property. Security is much more than a set of functions and mechanisms. IT security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]}]},{"term":"Security and Privacy Profile","link":"https://csrc.nist.gov/glossary/term/security_and_privacy_profile","abbrSyn":[{"text":"SPP","link":"https://csrc.nist.gov/glossary/term/spp"}],"definitions":null},{"term":"Security and Risk Management","link":"https://csrc.nist.gov/glossary/term/security_and_risk_management","abbrSyn":[{"text":"S&RM","link":"https://csrc.nist.gov/glossary/term/s_rm"}],"definitions":null},{"term":"security architect","link":"https://csrc.nist.gov/glossary/term/security_architect","definitions":[{"text":"Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"security architecture","link":"https://csrc.nist.gov/glossary/term/security_architecture","abbrSyn":[{"text":"architecture","link":"https://csrc.nist.gov/glossary/term/architecture"}],"definitions":[{"text":"Fundamental concepts or properties related to a system in its environment embodied in its elements, relationships, and in the principles of its design and evolution.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under architecture ","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected. Note: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interaction between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans. See information security architecture.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]}]},{"text":"complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments.","sources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under architecture "}]},{"text":"A set of related physical and logical representations (i.e., views) of a system or a solution. The architecture conveys information about system/solution elements, interconnections, relationships, and behavior at different levels of abstractions and with different scopes. \nRefer to security architecture.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under architecture "}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected. \nNote: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interactions between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected.\nNote: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interactions between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}],"seeAlso":[{"text":"architecture","link":"architecture"}]},{"term":"security assertion markup language (SAML)","link":"https://csrc.nist.gov/glossary/term/security_assertion_markup_language","abbrSyn":[{"text":"SAML","link":"https://csrc.nist.gov/glossary/term/saml"}],"definitions":[{"text":"A protocol consisting of XML-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between on-line business partners.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. SAML standardizes the representation of these credentials in an XML format called assertions, enhancing the interoperability between disparate applications.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Security Assertions Markup Language (SAML) ","refSources":[{"text":"Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0","link":"https://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf"}]}]},{"text":"An XML-based security specification developed by the Organization for the Advancement of Structured Information Standards (OASIS) for exchanging authentication (and authorization) information between trusted entities over the Internet. See [SAML].","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Security Assertion Mark-up Language (SAML) "}]}]},{"term":"security assessment","link":"https://csrc.nist.gov/glossary/term/security_assessment","abbrSyn":[{"text":"security control assessment","link":"https://csrc.nist.gov/glossary/term/security_control_assessment"},{"text":"Security Control Assessment"}],"definitions":[{"text":"The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security control assessment ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessment "}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessment "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under security control assessment ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"See Security Control Assessment.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Assessment "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"An evaluation of the security provided by a system, device or process.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Security assessment "}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under security control assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"Security Assessment and Authorization","link":"https://csrc.nist.gov/glossary/term/security_assessment_and_authorization","abbrSyn":[{"text":"CA","link":"https://csrc.nist.gov/glossary/term/ca"},{"text":"SA&A","link":"https://csrc.nist.gov/glossary/term/sa_and_a"}],"definitions":null},{"term":"security assessment report (SAR)","link":"https://csrc.nist.gov/glossary/term/security_assessment_report","abbrSyn":[{"text":"SAR","link":"https://csrc.nist.gov/glossary/term/sar"}],"definitions":[{"text":"Provides a disciplined and structured approach for documenting the findings of the assessor and the recommendations for correcting any identified vulnerabilities in the security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8510.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Security Association (SA)","link":"https://csrc.nist.gov/glossary/term/security_association","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":[{"text":"A relationship established between two or more entities to enable them to protect data they exchange.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security association "}]},{"text":"The logical set of security parameters containing elements required for authentication, key establishment, and data encryption.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Security association (SA) "}]},{"text":"Set of values that define the features and protections applied to a connection.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Security Association "}]},{"text":"A set of values that define the features and protections applied to a connection.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Security Association Database (SAD)","link":"https://csrc.nist.gov/glossary/term/security_association_database","abbrSyn":[{"text":"SAD","link":"https://csrc.nist.gov/glossary/term/sad"}],"definitions":[{"text":"A list or table of all IPsec SAs, including those that are still being negotiated.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Security Assurance Methodology","link":"https://csrc.nist.gov/glossary/term/security_assurance_methodology","abbrSyn":[{"text":"SECAM","link":"https://csrc.nist.gov/glossary/term/secam"}],"definitions":null},{"term":"Security Assurance Specifications","link":"https://csrc.nist.gov/glossary/term/security_assurance_specifications","abbrSyn":[{"text":"SCAS","link":"https://csrc.nist.gov/glossary/term/scas"}],"definitions":null},{"term":"security attribute","link":"https://csrc.nist.gov/glossary/term/security_attribute","definitions":[{"text":"An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system and used to enable the implementation of access control and flow control policies, reflect special dissemination, handling or distribution instructions, or support other aspects of the information security policy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Attribute "}]},{"text":"An abstraction that represents the basic properties or characteristics of an entity with respect to safeguarding information. Typically associated with internal data structures—including records, buffers, and files within the system—and used to enable the implementation of access control and flow control policies; reflect special dissemination, handling or distribution instructions; or support other aspects of the information security policy.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Security Audit Trail","link":"https://csrc.nist.gov/glossary/term/security_audit_trail","definitions":[{"text":"A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","refSources":[{"text":"DoD 5200.28-STD","link":"https://www.esd.whs.mil/DD/"}]}]},{"text":"Data collected and potentially used to facilitate a security audit.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","refSources":[{"text":"ISO DIS 10181-2"}]}]}]},{"term":"security auditor","link":"https://csrc.nist.gov/glossary/term/security_auditor","definitions":[{"text":"A trusted role that is responsible for auditing the security of certification authority systems (CASs) and registration authorities (RAs), including reviewing, maintaining, and archiving audit logs and performing or overseeing internal audits of CASs and RAs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Security Authorization","link":"https://csrc.nist.gov/glossary/term/security_authorization","abbrSyn":[{"text":"Authorization"}],"definitions":[{"text":"The official management decision of the Designated Authorizing Official to permit operation of an issuer after determining that the issuer’s reliability has satisfactorily been established through appropriate assessment processes.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Authorization "}]},{"text":"The right or a permission that is granted to a system entity to access a system resource.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Authorization ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Authorization ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Authorization ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"The official management decision given by a senior official to authorize operation of a system or the common controls inherited by designated organizations systems and to explicitly accept the risk to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Also known as authorization to operate.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Authorization "}]},{"text":"The process that takes place after authentication is complete to determine which resources/services are available to a WiMAX device.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Authorization "}]},{"text":"The process of verifying that a requested action or service is approved for a specific entity.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Authorization "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Authorization "}]},{"text":"Access privileges that are granted to an entity; conveying an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Authorization "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Authorization "}]},{"text":"Access privileges granted to an entity; conveys an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Authorization "}]},{"text":"Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Authorization "}]},{"text":"See authorization.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]},{"text":"Access privileges that are granted to an entity that convey an “official” sanction to perform a security function or activity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Authorization "}]},{"text":"The granting or denying of access rights to a user, program, or process.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Authorization "}]},{"text":"The process of initially establishing access privileges of an individual and subse­quently verifying the acceptability of a request for access.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Authorization "}]}]},{"term":"Security Authorization & Accreditation","link":"https://csrc.nist.gov/glossary/term/security_authorization_and_accreditation","abbrSyn":[{"text":"SA&A","link":"https://csrc.nist.gov/glossary/term/sa_and_a"}],"definitions":null},{"term":"security authorization (to operate)","link":"https://csrc.nist.gov/glossary/term/security_authorization_to_operate","abbrSyn":[{"text":"Authorization (to operate)"},{"text":"authorization to operate","link":"https://csrc.nist.gov/glossary/term/authorization_to_operate"}],"definitions":[{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See authorization to operate (ATO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See Authorization (to operate).","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Authorization (to Operate) "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Authorization(to Operate) "}]},{"text":"The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization to operate ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under authorization to operate ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls and privacy controls.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization (to operate) ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]}]},{"term":"Security Authorization Boundary","link":"https://csrc.nist.gov/glossary/term/security_authorization_boundary","abbrSyn":[{"text":"Authorization Boundary"}],"definitions":[{"text":"All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Authorization Boundary ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authorization Boundary "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Authorization Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"See Authorization Boundary.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"}]}]},{"term":"security authorization package","link":"https://csrc.nist.gov/glossary/term/security_authorization_package","abbrSyn":[{"text":"authorization package","link":"https://csrc.nist.gov/glossary/term/authorization_package"}],"definitions":[{"text":"Documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls. \nContains: (i) the security plan; (ii) the security assessment report (SAR); and (iii) the plan of action and milestones (POA&M). \nNote: Many departments and agencies may choose to include the risk assessment report (RAR) as part of the security authorization package. Also, many organizations use system security plan in place of the security plan.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See security authorization package","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization package "}]},{"text":"The essential information that an authorizing official uses to determine whether to authorize the operation of an information system or the provision of a designated set of common controls. At a minimum, the authorization package includes an executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization package ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"Security Automation and Continuous Monitoring","link":"https://csrc.nist.gov/glossary/term/security_automation_and_continuous_monitoring","abbrSyn":[{"text":"SACM","link":"https://csrc.nist.gov/glossary/term/sacm"}],"definitions":null},{"term":"Security Automation Domain","link":"https://csrc.nist.gov/glossary/term/security_automation_domain","definitions":[{"text":"An information security area that includes a grouping of tools, technologies, and data.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"term":"security banner","link":"https://csrc.nist.gov/glossary/term/security_banner","abbrSyn":[{"text":"consent banner","link":"https://csrc.nist.gov/glossary/term/consent_banner"}],"definitions":[{"text":"See security banner (also known as notice and consent banners)","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under consent banner "}]},{"text":"1. A persistent visible window on a computer monitor that displays the highest level of data accessible during the current session.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. The opening screen that informs users of the implications of accessing a computer resource (e.g. consent to monitor).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Security Capability","link":"https://csrc.nist.gov/glossary/term/security_capability","abbrSyn":[{"text":"Capability, Security","link":"https://csrc.nist.gov/glossary/term/capability_security"}],"definitions":[{"text":"See capability.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A combination of mutually-reinforcing security controls (i.e., safeguards and countermeasures) implemented by technical means (i.e., functionality in hardware, software, and firmware), physical means (i.e., physical devices and protective measures), and procedural means (i.e., procedures performed by individuals).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]},{"text":"See Capability, Security.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"A set of mutually reinforcing security controls implemented by technical, physical, and procedural means. Such controls are typically selected to achieve a common information security-related purpose.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Security "}]}]},{"term":"security categorization","link":"https://csrc.nist.gov/glossary/term/security_categorization","abbrSyn":[{"text":"categorization","link":"https://csrc.nist.gov/glossary/term/categorization"},{"text":"Categorization"},{"text":"SC","link":"https://csrc.nist.gov/glossary/term/sc"}],"definitions":[{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Categorization ","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Categorization "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Categorization "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS PUB 199 for other than national security systems. See security category.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSSI No.1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Categorization "}]},{"text":"See security categorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under categorization ","refSources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Categorization "}]},{"text":"The process of determining the security category for information or a system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems. See security category.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS Publication 199 for other than national security systems. See Security Category.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Categorization "}]},{"text":"The process of determining the security category for information or an information system. Security categorization methodologies are described in Committee on National Security Systems (CNSS) Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Security Categorization "}]}],"seeAlso":[{"text":"security category","link":"security_category"},{"text":"Security Category"}]},{"term":"security category","link":"https://csrc.nist.gov/glossary/term/security_category","abbrSyn":[{"text":"SC","link":"https://csrc.nist.gov/glossary/term/sc"}],"definitions":[{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SECURITY CATEGORY ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"},{"text":"CNSSI 4009"}]}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, or the Nation.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Security Category ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]}]},{"text":"The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on agency operations, agency assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"security categorization","link":"security_categorization"},{"text":"Security Categorization"}]},{"term":"security concept of operations (Security CONOP)","link":"https://csrc.nist.gov/glossary/term/security_concept_of_operations","abbrSyn":[{"text":"concept of operations","link":"https://csrc.nist.gov/glossary/term/concept_of_operations"}],"definitions":[{"text":"Verbal and graphic statement, in broad outline, of an organization’s assumptions or intent in regard to an operation or series of operations of new, modified, or existing organizational systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under concept of operations ","refSources":[{"text":"ANSI/AIAA G-043B-2018","link":"https://webstore.ansi.org/standards/aiaa/ansiaiaa043b2018"}]}]},{"text":"See security concept of operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under concept of operations "}]},{"text":"A security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A security-focused description of a system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission. \nNote 1: The security concept of operations may address security for other life cycle concepts associated with the deployed system. These include, for example, concepts for sustainment, logistics, maintenance, and training. \nNote 2: Security concept of operations is not the same as concept for secure function. Concept for secure function addresses the design philosophy for the system and is intended to achieve a system that is able to be used in a trustworthy secure manner. The security concept of operations must be consistent with the concept for secure function.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security concept of operations ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"A security-focused description of a system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.\nNote 1: The security concept of operations may address security for other life cycle concepts associated with the deployed system. These include, for example, concepts for sustainment, logistics, maintenance, and training.\nNote 2: Security concept of operations is not the same as concept for secure function. Concept for secure function addresses the design philosophy for the system and is intended to achieve a system that is able to be used in a trustworthy secure manner. The security concept of operations must be consistent with the concept for secure function.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security concept of operations ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"security configuration management (SecCM)","link":"https://csrc.nist.gov/glossary/term/security_configuration_management_seccm","definitions":[{"text":"The management and control of configurations for an information system to enable security and facilitate the management of risk.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Security Configuration Management (SecCM)","link":"https://csrc.nist.gov/glossary/term/security_configuration_management","definitions":[{"text":"The management and control of configurations for an information system to enable security and facilitate the management of risk.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Security Configuration Wizard","link":"https://csrc.nist.gov/glossary/term/security_configuration_wizard","abbrSyn":[{"text":"SCW","link":"https://csrc.nist.gov/glossary/term/scw"}],"definitions":null},{"term":"Security Content Automation Program","link":"https://csrc.nist.gov/glossary/term/security_content_automation_program","abbrSyn":[{"text":"SCAP","link":"https://csrc.nist.gov/glossary/term/scap"}],"definitions":null},{"term":"security content automation protocol (SCAP)","link":"https://csrc.nist.gov/glossary/term/security_content_automation_protocol","abbrSyn":[{"text":"SCAP","link":"https://csrc.nist.gov/glossary/term/scap"}],"definitions":[{"text":"A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. \nNote: There are six individual specifications incorporated into SCAP: CVE (common vulnerabilities and exposures); CCE (common configuration enumeration); CPE (common platform enumeration); CVSS (common vulnerability scoring system); OVAL (open vulnerability assessment language); and XCCDF (eXtensible configuration checklist description format).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"text":"A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3","underTerm":" under Security Content Automation Protocol (SCAP) "},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2","underTerm":" under Security Content Automation Protocol (SCAP) "}]},{"text":"A protocol currently consisting of a suite of seven specifications that standardize the format and nomenclature by which security software communicates information about software flaws and security configurations.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Security Content Automation Protocol (SCAP) "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"Security Content Automation Protocol Validation Tool","link":"https://csrc.nist.gov/glossary/term/security_content_automation_protocol_validation_tool","abbrSyn":[{"text":"SCAPVAL"}],"definitions":null},{"term":"security control","link":"https://csrc.nist.gov/glossary/term/security_control","definitions":[{"text":"A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Security Control ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control ","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161"}]},{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A mechanism designed to address needs as specified by a set of security requirements.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"A protective measure against threats.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Security Control "}]},{"text":"A protection measure for a system.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-123","link":"https://doi.org/10.6028/NIST.SP.800-123"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-123","link":"https://doi.org/10.6028/NIST.SP.800-123"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-123","link":"https://doi.org/10.6028/NIST.SP.800-123"}]}]},{"text":"A safeguard or countermeasure prescribed for an information system or an organization, which is designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for a system to protect the confidentiality, integrity, and availability of the system, its components, processes, and data.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-82","link":"https://doi.org/10.6028/NIST.SP.800-82"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Security Control ","refSources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2"},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3"}]}]},{"text":"Safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity, and availability of the system and its information.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","underTerm":" under Security Control "}]},{"text":"A safeguard or countermeasure prescribed for a system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199","note":" - Adapted"}]}]}]},{"term":"security control and privacy control","link":"https://csrc.nist.gov/glossary/term/security_control_and_privacy_control","abbrSyn":[{"text":"control","link":"https://csrc.nist.gov/glossary/term/control"}],"definitions":[{"text":"The means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative, technical, management, or legal nature.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under control ","refSources":[{"text":"ISACA Glossary of Terms","link":"https://www.isaca.org/resources/glossary"}]}]},{"text":"Purposeful action on or within a process to meet specified objectives.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under control "}]},{"text":"The mechanism that achieves the action.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under control "}]},{"text":"Measure that is modifying risk.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under control ","refSources":[{"text":"ISO/IEC 27000:2014"}]}]},{"text":"See security control and privacy control.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under control "}]},{"text":"The means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative, technical, management, or legal nature. An attribute assigned to an asset t hat reflects its relative importance or necessity in acheiving or contributing to the achievement of stated goals.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under control ","refSources":[{"text":"ISACA Glossary of Terms","link":"https://www.isaca.org/resources/glossary"}]}]},{"text":"See security control or privacy control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under control "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under control "}]},{"text":"measure that is modifying risk. (Note: controls include any process, policy, device, practice, or other actions which modify risk.)","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053","underTerm":" under control ","refSources":[{"text":"ISO/IEC 27000:2014"}]}]}]},{"term":"security control assessment","link":"https://csrc.nist.gov/glossary/term/security_control_assessment","abbrSyn":[{"text":"assessment","link":"https://csrc.nist.gov/glossary/term/assessment"},{"text":"Assessment"},{"text":"security assessment","link":"https://csrc.nist.gov/glossary/term/security_assessment"},{"text":"Security Assessment"}],"definitions":[{"text":"An evidence-based evaluation and judgement on the nature, characteristics, quality, effectiveness, intent, impact, or capabilities of an item, organization, group, policy, activity, or person."},{"text":"The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessment "}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessment "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"See Security Control Assessment.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessment "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessment "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessment "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under assessment "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under assessment "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under security assessment "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under security assessment "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Assessment "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under assessment "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under security assessment "}]},{"text":"See Security Control Assessment or Privacy Control Assessment.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessment "}]},{"text":"See control assessment or risk assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under assessment "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under assessment "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under assessment "}]},{"text":"See security control assessment or risk assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under assessment ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessment "}]},{"text":"The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessment ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under assessment "}]},{"text":"The vehicle or template or worksheet that is used for each evaluation.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under assessment "}]},{"text":"The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"security control assessor (SCA)","link":"https://csrc.nist.gov/glossary/term/security_control_assessor","abbrSyn":[{"text":"assessor","link":"https://csrc.nist.gov/glossary/term/assessor"},{"text":"Assessor"},{"text":"SCA","link":"https://csrc.nist.gov/glossary/term/sca"}],"definitions":[{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security control assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Assessor ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Assessor "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Assessor "}]},{"text":"See Security Control Assessor.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Assessor "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Assessor "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Assessor "},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under assessor "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under assessor "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under assessor "}]},{"text":"See Security Control Assessor or Privacy Control Assessor.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Assessor "}]},{"text":"The individual responsible for conducting assessment activities under the guidance and direction of a Designated Authorizing Official. The Assessor is a 3rd party.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy assessment.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under assessor "}]},{"text":"See security control assessor or risk assessor.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under assessor ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Assessor "}]},{"text":"The individual, group, or organization responsible for conducting a security or privacy control assessment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under assessor "}]}]},{"term":"security control baseline","link":"https://csrc.nist.gov/glossary/term/security_control_baseline","definitions":[{"text":"The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SECURITY CONTROL BASELINE "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Control Baseline "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Baseline ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. \nA set of information security controls that has been established through information security strategic planning activities to address one or more specified security categorizations; this set of security controls is intended to be the initial security control set selected for a specific system once that system’s security categorization is determined.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Baseline ","refSources":[{"text":"CNSSI 4009"},{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Baseline ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Baseline ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system that provides a starting point for the tailoring process.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Baseline ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"The set of minimum security controls defined for a low-impact, moderate- impact, or high-impact information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. See also control baseline.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"control baseline","link":"control_baseline"}]},{"term":"Security Control Effectiveness","link":"https://csrc.nist.gov/glossary/term/security_control_effectiveness","definitions":[{"text":"The measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]}]},{"term":"security control enhancements","link":"https://csrc.nist.gov/glossary/term/security_control_enhancements","definitions":[{"text":"Statement of security capability to: (i) build in additional, but related, functionality to a basic security control; and/or (ii) increase the strength of a basic control.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Enhancement ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","note":" - Adapted"}]}]},{"text":"Statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]}]},{"text":"Statements of security capability to: (i) build in additional, but related, functionality to a basic control; and/or (ii) increase the strength of a basic control.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Control Enhancements "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Enhancements "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Enhancements "}]},{"text":"Augmentation of a security control to: (i) build in additional, but related, functionality to the control; (ii) increase the strength of the control; or (iii) add assurance to the control.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Enhancement "}]}]},{"term":"security control inheritance","link":"https://csrc.nist.gov/glossary/term/security_control_inheritance","abbrSyn":[{"text":"inheritance","link":"https://csrc.nist.gov/glossary/term/inheritance"}],"definitions":[{"text":"A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Control Inheritance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Control Inheritance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Control Inheritance "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Control Inheritance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Control Inheritance ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Control Inheritance "},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Security Control Inheritance ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, and assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"}]}]},{"text":"See security control inheritance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under inheritance "}]}],"seeAlso":[{"text":"common control","link":"common_control"},{"text":"Common Control"}]},{"term":"Security Control Item","link":"https://csrc.nist.gov/glossary/term/security_control_item","abbrSyn":[{"text":"Control Item","link":"https://csrc.nist.gov/glossary/term/control_item"}],"definitions":[{"text":"See Security Control Item.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Control Item "}]},{"text":"All or part of a SP 800-53 security control requirement, expressed as a statement for implementation and assessment. Both controls and control enhancements are treated as control items. Controls and control enhancements are further subdivided if multiple security requirements within the control or control enhancement in SP 800-53 are in listed format: a, b, c, etc.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Security Control Overlay Repository","link":"https://csrc.nist.gov/glossary/term/security_control_overlay_repository","abbrSyn":[{"text":"SCOR","link":"https://csrc.nist.gov/glossary/term/scor"}],"definitions":null},{"term":"security control provider","link":"https://csrc.nist.gov/glossary/term/security_control_provider","definitions":[{"text":"An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inherited by information systems). \nSee common control provider.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" - Adapted"}]}]}],"seeAlso":[{"text":"common control provider","link":"common_control_provider"}]},{"term":"Security Credential Management System","link":"https://csrc.nist.gov/glossary/term/security_credential_management_system","abbrSyn":[{"text":"SCMS","link":"https://csrc.nist.gov/glossary/term/scms"}],"definitions":null},{"term":"security criteria","link":"https://csrc.nist.gov/glossary/term/security_criteria","definitions":[{"text":"Criteria related to a supplier’s ability to conform to security-relevant laws, directives, regulations, policies, or business processes; a supplier’s ability to deliver the requested product or service in satisfaction of the stated security requirements and in conformance with secure business practices; the ability of a mechanism, system element, or system to meet its security requirements; whether movement from one life cycle stage or process to another (e.g., to accept a baseline into configuration management, to accept delivery of a product or service) is acceptable in terms of security policy; how a delivered product or service is handled, distributed, and accepted; how to perform security verification and validation; or how to store system elements securely in disposal.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"security design order of precedence","link":"https://csrc.nist.gov/glossary/term/security_design_order_of_precedence","abbrSyn":[{"text":"SecDOP","link":"https://csrc.nist.gov/glossary/term/secdop"}],"definitions":[{"text":"A design approach for minimizing the design basis for loss potential and using architectural features to provide structure for implementing engineered security features and devices.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"Security Development Lifecycle","link":"https://csrc.nist.gov/glossary/term/security_development_lifecycle","abbrSyn":[{"text":"SDL","link":"https://csrc.nist.gov/glossary/term/sdl"}],"definitions":null},{"term":"security domain","link":"https://csrc.nist.gov/glossary/term/security_domain","abbrSyn":[{"text":"domain","link":"https://csrc.nist.gov/glossary/term/domain"}],"definitions":[{"text":"A set of elements, data, resources, and functions that share a commonality in combinations of (1) roles supported, (2) rules governing their use, and (3) protection needs.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under domain ","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"Set of assets and resources subject to a common security policy.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 19989-3:2020","link":"https://www.iso.org/standard/73721.html"}]}]},{"text":"A domain that implements a security policy and is administered by a single authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 24","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"},{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Domain ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under domain "}]},{"text":"See security domain.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under domain "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under domain "}]},{"text":"A set of subjects, their information objects, and a common security policy.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A system or subsystem that is under the authority of a single trusted authority. Security domains may be organized (e.g., hierarchically) to form larger domains.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Security domain "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Security domain "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Security domain "}]},{"text":"An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under domain ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"A domain within which behaviors, interactions, and outcomes occur and that is defined by a governing security policy. \nNote: A security domain is defined by rules for users, processes, systems, and services that apply to activity within the domain and activity with similar entities in other domains.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A domain within which behaviors, interactions, and outcomes occur and that is defined by a governing security policy.  \nNote: A security domain is defined by rules for users, processes, systems, and services that apply to activity within the domain and activity with similar entities in other domains.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}],"seeAlso":[{"text":"Domain"}]},{"term":"security engineering","link":"https://csrc.nist.gov/glossary/term/security_engineering","definitions":[{"text":"An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development lifecycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Engineering ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Security Event Management","link":"https://csrc.nist.gov/glossary/term/security_event_management","abbrSyn":[{"text":"SEM","link":"https://csrc.nist.gov/glossary/term/sem"}],"definitions":null},{"term":"Security Event Management Software","link":"https://csrc.nist.gov/glossary/term/security_event_management_software","definitions":[{"text":"Software that imports security event information from multiple data sources, normalizes the data, and correlates events among the data sources.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Security Executive Agent","link":"https://csrc.nist.gov/glossary/term/security_executive_agent","definitions":[{"text":"Individual responsible for the development, implementation, and oversight of effective, efficient, and uniform policies and procedures that govern the conduct of investigations and adjudications for eligibility to access classified information and eligibility to hold a sensitive position in the Federal Government. In accordance with Executive Order 13467 (as amended), this individual is the Director of National Intelligence (DNI)","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Security Experts Group","link":"https://csrc.nist.gov/glossary/term/security_experts_group","abbrSyn":[{"text":"SEG","link":"https://csrc.nist.gov/glossary/term/seg"}],"definitions":null},{"term":"security fault analysis (SFA)","link":"https://csrc.nist.gov/glossary/term/security_fault_analysis","abbrSyn":[{"text":"SFA","link":"https://csrc.nist.gov/glossary/term/sfa"}],"definitions":[{"text":"An assessment usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Security Fault Injection Test","link":"https://csrc.nist.gov/glossary/term/security_fault_injection_test","definitions":[{"text":"Involves data perturbation (i.e., alteration of the type of data the execution environment components pass to the application, or that the application’s components pass to one another). Fault injection can reveal the effects of security defects on the behavior of the components themselves and on the application as a whole.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]}]}]},{"term":"Security Features Users Guide","link":"https://csrc.nist.gov/glossary/term/security_features_users_guide","abbrSyn":[{"text":"SFUG","link":"https://csrc.nist.gov/glossary/term/sfug"}],"definitions":[{"text":"Guide or manual explaining how the security mechanisms in a specific system work.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security features users guide (SFUG) "}]}]},{"term":"security filter","link":"https://csrc.nist.gov/glossary/term/security_filter","definitions":[{"text":"A secure subsystem of an information system that enforces security policy on the data passing through it.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security function","link":"https://csrc.nist.gov/glossary/term/security_function","definitions":[{"text":"The capability provided by the system or a system element. The capability may be expressed generally as a concept or specified precisely in requirements.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Cryptographic algorithms, together with modes of operation (if appropriate); for example, block cipher algorithms, digital signature algorithms, asymmetric key-establishment algorithms, message authentication codes, hash functions, or random bit generators. See FIPS 140.6","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Security function "}]},{"text":"Cryptographic algorithms, together with modes of operation (if appropriate); for example, block ciphers, digital signature algorithms, asymmetric key-establishment algorithms, message authentication codes, hash functions, or random bit generators. See FIPS 140.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Security function "}]},{"text":"Cryptographic algorithms, together with modes of operation (if appropriate); for example, block ciphers, digital signature algorithms, asymmetric key-establishment algorithms, message authentication codes, hash functions, or random bit generators; see FIPS 140.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Security function "}]}]},{"term":"security functionality","link":"https://csrc.nist.gov/glossary/term/security_functionality","definitions":[{"text":"The security-related features, functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or the environments in which those systems operate.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Functionality "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The security-related features, functions, mechanisms, services, procedures, and architectures implemented within organizational systems or the environments in which those systems operate.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}]},{"term":"security functions","link":"https://csrc.nist.gov/glossary/term/security_functions","definitions":[{"text":"The hardware, software, or firmware of the system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"The hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Functions "}]}]},{"term":"Security Gateway","link":"https://csrc.nist.gov/glossary/term/security_gateway","abbrSyn":[{"text":"SEG","link":"https://csrc.nist.gov/glossary/term/seg"}],"definitions":null},{"term":"Security Group Tag","link":"https://csrc.nist.gov/glossary/term/security_group_tag","abbrSyn":[{"text":"SGT","link":"https://csrc.nist.gov/glossary/term/sgt"}],"definitions":null},{"term":"security impact analysis","link":"https://csrc.nist.gov/glossary/term/security_impact_analysis","abbrSyn":[{"text":"SIA","link":"https://csrc.nist.gov/glossary/term/sia"}],"definitions":[{"text":"The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Impact Analysis "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Impact Analysis ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"The analysis conducted by an organizational official to determine the extent to which a change to the information system have affected the security state of the system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"The analysis conducted by an organizational official to determine the extent to which a change to the information system has or may have affected the security posture of the system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Security Impact Analysis ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The analysis conducted by an agency official, often during the continuous monitoring phase of the security certification and accreditation process, to determine the extent to which changes to the information system have affected the security posture of the system.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"The analysis conducted by qualified staff within an organization to determine the extent to which changes to the system affect the security posture of the system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]}]},{"term":"security incident","link":"https://csrc.nist.gov/glossary/term/security_incident","abbrSyn":[{"text":"incident","link":"https://csrc.nist.gov/glossary/term/incident"},{"text":"Incident"}],"definitions":[{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"},{"text":"NIST Cybersecurity Framework Version 1.0","link":"https://doi.org/10.6028/NIST.CSWP.02122014"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","underTerm":" under Incident ","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. See cyber incident. See also event, security-relevant, and intrusion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.","sources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Incident "}]},{"text":"See incident.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Incident "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Incident "}]},{"text":"An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under incident ","refSources":[{"text":"PL 113-283 (FISMA)","link":"https://www.govinfo.gov/app/details/PLAW-113publ283"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under incident ","refSources":[{"text":"44 U.S.C., Sec. 3552","link":"https://www.govinfo.gov/app/details/USCODE-2014-title44/USCODE-2014-title44-chap35-subchapII-sec3552"}]}]},{"text":"An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of a system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under incident ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of a project, product, service, or system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under incident ","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Security Incident and Event Management","link":"https://csrc.nist.gov/glossary/term/security_incident_and_event_management","abbrSyn":[{"text":"SIEM","link":"https://csrc.nist.gov/glossary/term/siem"}],"definitions":null},{"term":"Security Incident Event Monitoring","link":"https://csrc.nist.gov/glossary/term/security_incident_event_monitoring","abbrSyn":[{"text":"SIEM","link":"https://csrc.nist.gov/glossary/term/siem"}],"definitions":null},{"term":"Security Industry Association","link":"https://csrc.nist.gov/glossary/term/security_industry_association","abbrSyn":[{"text":"SIA","link":"https://csrc.nist.gov/glossary/term/sia"}],"definitions":null},{"term":"security information","link":"https://csrc.nist.gov/glossary/term/security_information","definitions":[{"text":"Information within the system that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Security Information and Event Management","link":"https://csrc.nist.gov/glossary/term/security_information_and_event_management","abbrSyn":[{"text":"SIEM","link":"https://csrc.nist.gov/glossary/term/siem"}],"definitions":[{"text":"A program that provides centralized logging capabilities for a variety of log types.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92","underTerm":" under Security Information and Event Management Software "}]}]},{"term":"Security Information and Event Management (SIEM) Tool","link":"https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool","definitions":[{"text":"Application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under security information and event management (SIEM) tool "}]}]},{"term":"Security Information Management","link":"https://csrc.nist.gov/glossary/term/security_information_management","abbrSyn":[{"text":"SIM","link":"https://csrc.nist.gov/glossary/term/sim"}],"definitions":null},{"term":"security inspection","link":"https://csrc.nist.gov/glossary/term/security_inspection","definitions":[{"text":"Examination of an information system to determine compliance with security policy, procedures, and practices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security kernel","link":"https://csrc.nist.gov/glossary/term/security_kernel","definitions":[{"text":"Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Kernel ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"security label","link":"https://csrc.nist.gov/glossary/term/security_label","abbrSyn":[{"text":"label","link":"https://csrc.nist.gov/glossary/term/label"},{"text":"Label"}],"definitions":[{"text":"The means used to associate a set of security attributes with a specific information object as part of the data structure for that object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Security Label ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Label "}]},{"text":"Explicit or implicit marking of a data structure or output media associated with an information system representing the FIPS 199 security category, or distribution limitations or handling caveats of the information contained therein.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Label "}]},{"text":"Information that either identifies an associated parameter or provides information regarding the parameter’s proper protection and use.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Label "}]},{"text":"See security label.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under label "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under label "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Label "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Label "}]}]},{"term":"Security life of data","link":"https://csrc.nist.gov/glossary/term/security_life_of_data","definitions":[{"text":"The time period during which the security of the data needs to be protected (e.g., its confidentiality, integrity or availability).","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Security Management Dashboard","link":"https://csrc.nist.gov/glossary/term/security_management_dashboard","definitions":[{"text":"A tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]}]},{"term":"security marking","link":"https://csrc.nist.gov/glossary/term/security_marking","abbrSyn":[{"text":"marking","link":"https://csrc.nist.gov/glossary/term/marking"},{"text":"Marking"}],"definitions":[{"text":"The means used to associate a set of security attributes with objects in a human-readable form, to enable organizational process-based enforcement of information security policies.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Marking "}]},{"text":"See security marking.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under marking "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under marking "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Marking "}]},{"text":"The means used to associate a set of security attributes with objects in a human-readable form in order to enable organizational, process-based enforcement of information security policies.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Security Measure","link":"https://csrc.nist.gov/glossary/term/security_measure","abbrSyn":[{"text":"SM","link":"https://csrc.nist.gov/glossary/term/sm"}],"definitions":null},{"term":"security mechanism","link":"https://csrc.nist.gov/glossary/term/security_mechanism","abbrSyn":[{"text":"mechanism","link":"https://csrc.nist.gov/glossary/term/mechanism"}],"definitions":[{"text":"A process or system that is used to produce a particular result.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under mechanism "}]},{"text":"The fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under mechanism "}]},{"text":"A natural or established process by which something takes place or is brought about.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under mechanism "}]},{"text":"A device or method for achieving a security-relevant purpose.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A device or function designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A process or system that is used to produce a particular result. \nThe fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon. \nA natural or established process by which something takes place or is brought about. \nRefer to security mechanism. \nNote: A mechanism can be technology- or nontechnology-based (e.g., apparatus, device, instrument, procedure, process, system, operation, method, technique, means, or medium).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under mechanism "}]},{"text":"A method, tool, or procedure that is the realization of security requirements. \nNote 1: A security mechanism exists in machine, technology, human, and physical forms. \nNote 2: A security mechanism reflects security and trust principles. \nNote 3: A security mechanism may enforce security policy and therefore must have capabilities consistent with the intent of the security policy.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A process or system that is used to produce a particular result.\nThe fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon.\nA natural or established process by which something takes place or is brought about.\nRefer to security mechanism.\nNote: A mechanism can be technology- or nontechnology-based (e.g., apparatus, device, instrument, procedure, process, system, operation, method, technique, means, or medium).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under mechanism "}]}]},{"term":"Security Mode Command","link":"https://csrc.nist.gov/glossary/term/security_mode_command","abbrSyn":[{"text":"SMC","link":"https://csrc.nist.gov/glossary/term/smc"}],"definitions":null},{"term":"Security Object","link":"https://csrc.nist.gov/glossary/term/security_object","abbrSyn":[{"text":"SO","link":"https://csrc.nist.gov/glossary/term/so"}],"definitions":null},{"term":"security objective","link":"https://csrc.nist.gov/glossary/term/security_objective","definitions":[{"text":"Confidentiality, integrity, or availability.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]}]},{"term":"Security Operations Center","link":"https://csrc.nist.gov/glossary/term/security_operations_center","abbrSyn":[{"text":"SOC","link":"https://csrc.nist.gov/glossary/term/soc"}],"definitions":null},{"term":"Security Orchestration Automated Response","link":"https://csrc.nist.gov/glossary/term/security_orchestration_automated_response","abbrSyn":[{"text":"SOAR","link":"https://csrc.nist.gov/glossary/term/soar"}],"definitions":null},{"term":"security orchestration, automation, and response","link":"https://csrc.nist.gov/glossary/term/security_orchestration_automation_and_response","abbrSyn":[{"text":"SOAR","link":"https://csrc.nist.gov/glossary/term/soar"}],"definitions":null},{"term":"Security Parameters Index (SPI)","link":"https://csrc.nist.gov/glossary/term/security_parameters_index","abbrSyn":[{"text":"SPI","link":"https://csrc.nist.gov/glossary/term/spi"}],"definitions":[{"text":"Arbitrarily chosen value that acts as a unique identifier for an IPsec connection.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Security Parameters Index "}]},{"text":"An arbitrarily chosen value that acts as a unique identifier for an IPsec connection.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"security perimeter","link":"https://csrc.nist.gov/glossary/term/security_perimeter","abbrSyn":[{"text":"accreditation boundary","link":"https://csrc.nist.gov/glossary/term/accreditation_boundary"},{"text":"Accreditation Boundary"}],"definitions":[{"text":"Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under accreditation boundary "}]},{"text":"For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under accreditation boundary "}]},{"text":"All components of an information system to be accredited by an authorizing official and excludes separately accredited systems, to which the information system is connected. Synonymous with the term security perimeter defined in CNSS Instruction 4009 and DCID 6/3.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"All components of an information system to be accredited by an authorizing official and excludes separately accredited systems to which the information system is connected. Synonymous with the term security perimeter defined in CNSS Instruction 4009 and DCID 6/3.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Accreditation Boundary ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A physical or logical boundary that is defined for a system, domain, or enclave; within which a particular security policy or security architecture is applied.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See Accreditation Boundary.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Perimeter "}]}]},{"term":"Security Policy Database (SPD)","link":"https://csrc.nist.gov/glossary/term/security_policy_database","abbrSyn":[{"text":"SPD","link":"https://csrc.nist.gov/glossary/term/spd"}],"definitions":[{"text":"A prioritized list of all IPsec policies.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"security policy filter","link":"https://csrc.nist.gov/glossary/term/security_policy_filter","definitions":[{"text":"A hardware and/or software component that performs one or more of the following functions: (i) content verification to ensure the data type of the submitted content; (ii) content inspection, analyzing the submitted content to verify it complies with a defined policy (e.g., allowed vs. disallowed file constructs and content portions); (iii) malicious content checker that evaluates the content for malicious code; (iv) suspicious activity checker that evaluates or executes the content in a safe manner, such as in a sandbox/detonation chamber and monitors for suspicious activity; or (v) content sanitization, cleansing, and transformation, which modifies the submitted content to comply with a defined policy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Policy Filter "}]},{"text":"A hardware and/or software component that performs one or more of the following functions: content verification to ensure the data type of the submitted content; content inspection to analyze the submitted content and verify that complies with a defined policy; malicious content checker that evaluates the content for malicious code; suspicious activity checker that evaluates or executes the content in a safe manner, such as in a sandbox or detonation chamber and monitors for suspicious activity; or content sanitization, cleansing, and transformation, which modifies the submitted content to comply with a defined policy.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Security Policy Templates","link":"https://csrc.nist.gov/glossary/term/security_policy_templates","abbrSyn":[{"text":"SPT","link":"https://csrc.nist.gov/glossary/term/spt"}],"definitions":null},{"term":"security posture","link":"https://csrc.nist.gov/glossary/term/security_posture","abbrSyn":[{"text":"Security Status","link":"https://csrc.nist.gov/glossary/term/security_status"}],"definitions":[{"text":"The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The security status of an organization’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the organization and to react as the situation changes.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Synonymous with security status.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"The security status of an enterprise’s networks, information, and systems based on information assurance (IA) resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"See Security Posture.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Status "}]},{"text":"The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Synonymous with security status.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"security program plan","link":"https://csrc.nist.gov/glossary/term/security_program_plan","definitions":[{"text":"Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Security properties","link":"https://csrc.nist.gov/glossary/term/security_properties","definitions":[{"text":"The security features (e.g., replay protection, or key confirmation) that a cryptographic scheme may, or may not, provide.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The security features (e.g., entity authentication, replay protection, or key confirmation) that a cryptographic scheme may, or may not, provide.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"security protocol","link":"https://csrc.nist.gov/glossary/term/security_protocol","definitions":[{"text":"An abstract or concrete protocol that performs security-related functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 15","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Security Protocol and Data Model","link":"https://csrc.nist.gov/glossary/term/security_protocol_and_data_model","abbrSyn":[{"text":"SPDM","link":"https://csrc.nist.gov/glossary/term/spdm"}],"definitions":null},{"term":"security range","link":"https://csrc.nist.gov/glossary/term/security_range","definitions":[{"text":"Highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network. \nSee system high and system low.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"system high","link":"system_high"},{"text":"system low","link":"system_low"}]},{"term":"Security Reference Architecture","link":"https://csrc.nist.gov/glossary/term/security_reference_architecture","abbrSyn":[{"text":"SRA","link":"https://csrc.nist.gov/glossary/term/sra"}],"definitions":null},{"term":"security relevance","link":"https://csrc.nist.gov/glossary/term/security_relevance","definitions":[{"text":"The functions or constraints that are relied upon to directly or indirectly meet protection needs.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The term used to describe those functions or mechanisms that are relied upon, directly or indirectly, to enforce a security policy that governs confidentiality, integrity, and availability protections.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Functions or mechanisms that are relied upon, directly or indirectly, to enforce a security policy that governs confidentiality, integrity, and availability protections.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}]},{"term":"security requirement","link":"https://csrc.nist.gov/glossary/term/security_requirement","definitions":[{"text":"A requirement levied on an information system or an organization that is derived from applicable laws, executive orders, directives, regulations, policies, standards, procedures, or mission/business needs to ensure the confidentiality, integrity, and availability of information that is being processed, stored, or transmitted.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"A requirement that has security relevance.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A requirement levied on a system or an organization that is derived from applicable laws, Executive Orders, directives, regulations, policies, standards, procedures, or mission/business needs to ensure the confidentiality, integrity, and availability of information that is being processed, stored, or transmitted.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SECURITY REQUIREMENTS "},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under security requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Requirements ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"A requirement levied on an information system or an organization that is derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, procedures, and/or mission/business needs to ensure the confidentiality, integrity, and availability of information that is being processed, stored, or transmitted.\nNote: Security requirements can be used in a variety of contexts from high-level policy-related activities to low-level implementation-related activities in system development and engineering disciplines.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Requirement ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"A requirement that specifies the functional, assurance, and strength characteristics for a mechanism, system, or system element.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"A requirement levied on an information system or an organization that is derived from applicable laws, executive orders, directives, policies, standards, instructions, regulations, procedures, and/or mission/business needs to ensure the confidentiality, integrity, and availability of information that is being processed, stored, or transmitted. Note: Security requirements can be used in a variety of contects from high-level policy activies to low-level implementation activities in system development and engineering disciplines.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - adapted"}]}]},{"text":"A requirement levied on an information system or an organization that is derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, procedures, and/or mission/business needs to ensure the confidentiality, integrity, and availability of information that is being processed, stored, or transmitted. \nNote: Security requirements can be used in a variety of contexts from high-level policy-related activities to low-level implementation-related activities in system development and engineering disciplines.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Requirement ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","note":" - Adapted"}]}]},{"text":"Requirements levied on an information system that are derived from laws, executive orders, directives, policies, instructions, regulations, or organizational (mission) needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Requirements "}]}]},{"term":"security requirements baseline","link":"https://csrc.nist.gov/glossary/term/security_requirements_baseline","definitions":[{"text":"Description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security requirements guide (SRG)","link":"https://csrc.nist.gov/glossary/term/security_requirements_guide","abbrSyn":[{"text":"SRG","link":"https://csrc.nist.gov/glossary/term/srg"}],"definitions":[{"text":"Compilation of control correlation identifiers (CCIs) grouped in more applicable, specific technology areas at various levels of technology and product specificity. Contains all requirements that have been flagged as applicable from the parent level regardless if they are selected on a Department of Defense (DoD) baseline or not.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"security requirements traceability matrix (SRTM)","link":"https://csrc.nist.gov/glossary/term/security_requirements_traceability_matrix","abbrSyn":[{"text":"SRTM","link":"https://csrc.nist.gov/glossary/term/srtm"}],"definitions":[{"text":"Matrix documenting the system’s agreed upon security requirements derived from all sources, the security features’ implementation details and schedule, and the resources required for assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security risk","link":"https://csrc.nist.gov/glossary/term/security_risk","definitions":[{"text":"The effect of uncertainty on objectives pertaining to asset loss and the associated consequences.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO Guide 73","link":"https://www.iso.org/standard/44651.html"}]}]},{"text":"the level of impact on agency operations (including mission functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.","sources":[{"text":"NIST SP 800-65","link":"https://doi.org/10.6028/NIST.SP.800-65","note":" [Withdrawn]","underTerm":" under Security risk "}]}]},{"term":"Security Risk Assessment","link":"https://csrc.nist.gov/glossary/term/security_risk_assessment","abbrSyn":[{"text":"SRA","link":"https://csrc.nist.gov/glossary/term/sra"}],"definitions":null},{"term":"security safeguards","link":"https://csrc.nist.gov/glossary/term/security_safeguards","definitions":[{"text":"Protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security service","link":"https://csrc.nist.gov/glossary/term/security_service","definitions":[{"text":"A security capability or function provided by an entity.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Service ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A processing or communication service that is provided by a system to give a specific kind of protection to resources, where said resources may reside with said system or reside with other systems, for example, an authentication service or a PKI-based document attribution and authentication service. A security service is a superset of AAA services. Security services typically implement portions of security policies and are implemented via security mechanisms.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Security Service ","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]},{"text":"Mechanisms used to provide confidentiality, data integrity, authentication or non-repudiation of information.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Security services "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Security services "}]},{"text":"Mechanisms used to provide confidentiality, integrity authentication, source authentication and/or support non-repudiation of information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Security services "}]},{"text":"Mechanisms used to provide confidentiality, identity authentication, integrity authentication, source authentication, and/or support the non-repudiation of information.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Security services "}]},{"text":"A security capability or function provided by an entity that supports one or more security objectives.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"A security capability of function provided by an entity.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"security solution","link":"https://csrc.nist.gov/glossary/term/security_solution","definitions":[{"text":"The key design, architectural, and implementation choices made by organizations to satisfy specified security requirements for systems or system components.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"The key design, architectural, and implementation choices made by organizations in satisfying specified security requirements for systems or system components.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"security specification","link":"https://csrc.nist.gov/glossary/term/security_specification","abbrSyn":[{"text":"specification","link":"https://csrc.nist.gov/glossary/term/specification"}],"definitions":[{"text":"An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, architectural designs) associated with a system.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under specification "}]},{"text":"The requirements for the security-relevant portion of the system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"An information item that identifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other expected characteristics of a system, service, or process.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under specification ","refSources":[{"text":"ISO/IEC/IEEE 15289:2019","link":"https://www.iso.org/standard/74909.html"}]}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied. See specification requirement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under specification ","refSources":[{"text":"IEEE 610.12-1990"}]}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied. \nRefer to security specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under specification ","refSources":[{"text":"IEEE 610.12"}]}]},{"text":"The requirements for the security-relevant portion of the system. \nNote: The security specification may be provided as a separate document or may be captured with a broader specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"The requirements for the security-relevant portion of the system.\nNote: The security specification may be provided as a separate document or may be captured with a broader specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied.\nRefer to security specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under specification ","refSources":[{"text":"IEEE 610.12"}]}]}]},{"term":"Security Status","link":"https://csrc.nist.gov/glossary/term/security_status","abbrSyn":[{"text":"Security Posture"}],"definitions":[{"text":"The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The security status of an organization’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the organization and to react as the situation changes.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"See Security Posture.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"}]},{"text":"The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Posture ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"security strength","link":"https://csrc.nist.gov/glossary/term/security_strength","abbrSyn":[{"text":"Bits of security"}],"definitions":[{"text":"A number associated with the amount of work (i.e., the number of operations) that is required to break a cryptographic algorithm or system. In this Recommendation, the security strength is specified in bits and is a specific value from the set {80, 112, 128, 192, 256}. Note that a security strength of 80 bits is no longer considered sufficiently secure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. In this Recommendation, the security strength is specified in bits and is a specific value from the set {80, 112, 128, 192, 256}. Note that a security strength of 80 bits is no longer considered sufficiently secure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. If 2N execution operations of the algorithm (or system) are required to break the cryptographic algorithm, then the security strength is N bits.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1"}]},{"text":"A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. In this Recommendation, the security strength is specified in bits and is a specific value from the set {80, 112, 128, 192, 256}.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A number associated with the amount of work (e.g., the number of operations) that is required to break a cryptographic algorithm or system.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]},{"text":"A measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. plaintext/ciphertext pairs for a given encryption algorithm). In this Recommendation, the security strength of a key derivation function is measured by the work required to distinguish the output of the KDF from a bit string selected uniformly at random from the set of all bit strings with the same length as the output of the KDF, under the assumption that the key derivation key is the only unknown input to the KDF.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]"}]},{"text":"A number associated with the amount of work (that is, the number of basic operations of some sort) required to break a cryptographic algorithm or system. Security strength is often expressed in bits. If the security strength is S bits, then it is expected that (roughly) 2S basic operations are required to break the algorithm or system.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A number associated with the expected amount of work (that is, the base 2 logarithm of the number of operations) to cryptanalyze a cryptographic algorithm or system.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A number associated with the amount of work (i.e., the number of operations) that is required to break a cryptographic algorithm or system.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"A number associated with the amount of work (that is, the number of operations of some sort) that is required to break a cryptographic algorithm or system in some way. In this Recommendation, the security strength is specified in bits and is a specific value from the set {112, 128, 192, 256}. If the security strength associated with an algorithm or system is S bits, then it is expected that (roughly) 2S basic operations are required to break it.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A"}]},{"text":"A number characterizing the amount of work that is expected to suffice to \"break\" the security definition of a given cryptographic algorithm.","sources":[{"text":"NIST SP 800-108r1","link":"https://doi.org/10.6028/NIST.SP.800-108r1-upd1","note":" [August 2022 (Includes updates as of 02-02-2024)]"}]},{"text":"A number characterizing the amount of work that is expected to suffice to “defeat” an implemented cryptographic mechanism (e.g., by compromising its functionality and/or circumventing the protection that its use was intended to facilitate). In this Recommendation, security strength is measured in bits. If the security strength of a particular implementation of a cryptographic mechanism is s bits, it is expected that the equivalent of (roughly) 2s basic operations of some sort will be sufficient to defeat it in some way.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Security strength "}]},{"text":"A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. In this policy, security strength is specified in bits and is a specific value from the set {80, 112, 128, 192, 256}.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See security strength.","sources":[{"text":"NIST SP 800-107 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-107r1","underTerm":" under Bits of security "}]}]},{"term":"security target","link":"https://csrc.nist.gov/glossary/term/security_target","definitions":[{"text":"An implementation-dependent statement of security needs for a specific identified target of evaluation (TOE).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 15408-1"}]}]}]},{"term":"security technical implementation guide (STIG)","link":"https://csrc.nist.gov/glossary/term/security_technical_implementation_guide","abbrSyn":[{"text":"STIG","link":"https://csrc.nist.gov/glossary/term/stig"},{"text":"STIGs"}],"definitions":[{"text":"Based on Department of Defense (DoD) policy and security controls. Implementation guide geared to a specific product and version. Contains all requirements that have been flagged as applicable for the product which have been selected on a DoD baseline.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8500.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Security Technical Implementation Guideline","link":"https://csrc.nist.gov/glossary/term/security_technical_implementation_guideline","abbrSyn":[{"text":"STIG","link":"https://csrc.nist.gov/glossary/term/stig"}],"definitions":null},{"term":"security test and evaluation (ST&E)","link":"https://csrc.nist.gov/glossary/term/security_test_and_evaluation","abbrSyn":[{"text":"ST&E","link":"https://csrc.nist.gov/glossary/term/stande"}],"definitions":[{"text":"Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Security testing","link":"https://csrc.nist.gov/glossary/term/security_testing","definitions":[{"text":"Testing that attempts to verify that an implementation protects data and maintains functionality as intended.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Security Testing, Validation, and Measurement Group","link":"https://csrc.nist.gov/glossary/term/security_testing_validation_and_measurement_group","abbrSyn":[{"text":"STVMG","link":"https://csrc.nist.gov/glossary/term/stvmg"}],"definitions":null},{"term":"Security Token Service","link":"https://csrc.nist.gov/glossary/term/security_token_service","abbrSyn":[{"text":"STS","link":"https://csrc.nist.gov/glossary/term/sts"}],"definitions":null},{"term":"Security Tool Distribution","link":"https://csrc.nist.gov/glossary/term/security_tool_distribution","abbrSyn":[{"text":"STD","link":"https://csrc.nist.gov/glossary/term/std"}],"definitions":null},{"term":"Security/System Requirements Review","link":"https://csrc.nist.gov/glossary/term/security_system_requirements_review","abbrSyn":[{"text":"SRR","link":"https://csrc.nist.gov/glossary/term/srr"}],"definitions":null},{"term":"Security-focused Configuration Management","link":"https://csrc.nist.gov/glossary/term/security_focused_configuration_management","abbrSyn":[{"text":"SecCM","link":"https://csrc.nist.gov/glossary/term/seccm"}],"definitions":null},{"term":"Security-Oriented Code Review","link":"https://csrc.nist.gov/glossary/term/security_oriented_code_review","definitions":[{"text":"A code review, or audit, investigates the coding practices used in the application. The main objective of such reviews is to discover security defects and potentially identify solutions.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Security in the Software Lifecycle: Making Software Development Processes—and Software Produced by Them—More Secure Version 1.0","link":"https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=52112"}]}]}]},{"term":"security-relevant change","link":"https://csrc.nist.gov/glossary/term/security_relevant_change","definitions":[{"text":"Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"security-relevant information","link":"https://csrc.nist.gov/glossary/term/security_relevant_information","definitions":[{"text":"Information within the system that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Any information within the information system that can potentially impact the operation of security functions or the provision of security services in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security-Relevant Information "}]}]},{"term":"SED","link":"https://csrc.nist.gov/glossary/term/sed","abbrSyn":[{"text":"Self-Encrypting Devices"},{"text":"Self-Encrypting Drives"}],"definitions":null},{"term":"Seed","link":"https://csrc.nist.gov/glossary/term/seed","abbrSyn":[{"text":"RBG seed","link":"https://csrc.nist.gov/glossary/term/rbg_seed"}],"definitions":[{"text":"The input to a pseudorandom number generator. Different seeds generate different pseudorandom sequences.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"A string of bits that is used to initialize a DRBG. Also just called a Seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under RBG seed "}]},{"text":"A secret value that is used to initialize a process (e.g., a DRBG). Also see RBG seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"Noun : A string of bits that is used as input to a DRBG mechanism. The seed will determine a portion of the internal state of the DRBG, and its entropy must be sufficient to support the security strength of the DRBG. Verb : To acquire bits with sufficient entropy for the desired security strength. These bits will be used as input to a DRBG mechanism to determine a portion of the initial internal state. Also see reseed.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A string of bits that is used to initialize a DRBG. Also called a Seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under RBG seed "}]},{"text":"A secret value that is used to initialize a process (e.g., a deterministic random bit generator). Also see RNG seed.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}],"seeAlso":[{"text":"RBG seed","link":"rbg_seed"},{"text":"reseed","link":"reseed"},{"text":"RNG seed","link":"rng_seed"}]},{"term":"seed key","link":"https://csrc.nist.gov/glossary/term/seed_key","definitions":[{"text":"Initial key used to start an updating or key generation process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Seed Period","link":"https://csrc.nist.gov/glossary/term/seed_period","definitions":[{"text":"The period of time between instantiating or reseeding a DRBG with one seed and reseeding that DRBG with another seed.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Seedlife","link":"https://csrc.nist.gov/glossary/term/seedlife","definitions":[{"text":"The length of the seed period.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"SEG","link":"https://csrc.nist.gov/glossary/term/seg","abbrSyn":[{"text":"Security Experts Group","link":"https://csrc.nist.gov/glossary/term/security_experts_group"},{"text":"Security Gateway","link":"https://csrc.nist.gov/glossary/term/security_gateway"}],"definitions":null},{"term":"Segregated Witness","link":"https://csrc.nist.gov/glossary/term/segregated_witness","abbrSyn":[{"text":"SegWit","link":"https://csrc.nist.gov/glossary/term/segwit"}],"definitions":null},{"term":"SegWit","link":"https://csrc.nist.gov/glossary/term/segwit","abbrSyn":[{"text":"Segregated Witness","link":"https://csrc.nist.gov/glossary/term/segregated_witness"}],"definitions":null},{"term":"SEHOP","link":"https://csrc.nist.gov/glossary/term/sehop","abbrSyn":[{"text":"Structured Exception Handler Overwrite Protection","link":"https://csrc.nist.gov/glossary/term/structured_exception_handler_overwrite_protection"}],"definitions":null},{"term":"SEI","link":"https://csrc.nist.gov/glossary/term/sei","abbrSyn":[{"text":"Software Engineering Institute","link":"https://csrc.nist.gov/glossary/term/software_engineering_institute"}],"definitions":null},{"term":"SEL","link":"https://csrc.nist.gov/glossary/term/sel","abbrSyn":[{"text":"Schweitzer Engineering Laboratories","link":"https://csrc.nist.gov/glossary/term/schweitzer_engineering_laboratories"},{"text":"Secure Exception Level","link":"https://csrc.nist.gov/glossary/term/secure_exception_level"}],"definitions":null},{"term":"selection operation","link":"https://csrc.nist.gov/glossary/term/selection_operation","definitions":[{"text":"See assignment operation and organization-defined parameter.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A control parameter that allows an organization to select a value from a list of predefined values provided as part of the control or control enhancement (e.g., selecting to either restrict an action or prohibit an action).","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"See assignment operation and organization-defined control parameter.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"term":"selection statement","link":"https://csrc.nist.gov/glossary/term/selection_statement","definitions":[{"text":"A control parameter that allows an organization to select a value from a list of pre-defined values provided as part of the control or control enhancement (e.g., selecting to either restrict an action or prohibit an action). See assignment and organization-defined control parameter.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Self testing","link":"https://csrc.nist.gov/glossary/term/self_testing","definitions":[{"text":"Testing within a system, device or process during normal operation to detect misbehavior.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Self-Contained Breathing Apparatus","link":"https://csrc.nist.gov/glossary/term/self_contained_breathing_apparatus","abbrSyn":[{"text":"SCBA","link":"https://csrc.nist.gov/glossary/term/scba"}],"definitions":null},{"term":"Self-dual Key","link":"https://csrc.nist.gov/glossary/term/self_dual_key","definitions":[{"text":"A key with the property that when you encrypt twice with this key, the result is the initial input.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"self-encrypting devices / self-encrypting drives (SED)","link":"https://csrc.nist.gov/glossary/term/self_encrypting_devices___self_encrypting_drives","abbrSyn":[{"text":"SED","link":"https://csrc.nist.gov/glossary/term/sed"}],"definitions":[{"text":"Data storage device with built-in cryptographic processing that may be utilized to encrypt and decrypt the stored data, occurring within the device and without dependence on a connected information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","note":" - Adapted"}]}]}]},{"term":"self-protection","link":"https://csrc.nist.gov/glossary/term/self_protection","definitions":[{"text":"The protection provided by an entity to ensure its own correct behavior and function despite adversity.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"Self-Service Module","link":"https://csrc.nist.gov/glossary/term/self_service_module","abbrSyn":[{"text":"SSM","link":"https://csrc.nist.gov/glossary/term/ssm"}],"definitions":null},{"term":"Self-signed certificate","link":"https://csrc.nist.gov/glossary/term/self_signed_certificate","definitions":[{"text":"A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee the authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the information within the certificate but does not guarantee the authenticity of that information. The trust of self-signed certificates is based on the secure procedures used to distribute them.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self- signed certificate protects the integrity of the data, but does not guarantee the authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"SEM","link":"https://csrc.nist.gov/glossary/term/sem","abbrSyn":[{"text":"Security Event Management","link":"https://csrc.nist.gov/glossary/term/security_event_management"}],"definitions":null},{"term":"Semantic matching","link":"https://csrc.nist.gov/glossary/term/semantic_matching","definitions":[{"text":"uses contextual attributes of the digital object to interpret the artifact in a manner that more closely corresponds with human perceptual categories. For example, perceptual hashes allow the matching of visually similar images and are unconcerned with the low-level details of how the images are persistently stored. Semantic methods tend to provide the most specific results but also tend to be the most computationally expensive ones.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Semantic Web Services Architecture","link":"https://csrc.nist.gov/glossary/term/semantic_web_services_architecture","abbrSyn":[{"text":"SWSA","link":"https://csrc.nist.gov/glossary/term/swsa"}],"definitions":null},{"term":"Semantics","link":"https://csrc.nist.gov/glossary/term/semantics","definitions":[{"text":"The intended meaning of acceptable sentences of a language.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Semantics of a language","link":"https://csrc.nist.gov/glossary/term/semantics_of_a_language","definitions":[{"text":"The meanings of all the language's acceptable sentences.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Semi-Active Tag","link":"https://csrc.nist.gov/glossary/term/semi_active_tag","definitions":[{"text":"A tag that uses a battery to communicate but remains dormant until a reader sends an energizing signal. Semi-active tags have a longer range than passive tags and a longer battery life than active tags.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"semiblock","link":"https://csrc.nist.gov/glossary/term/semiblock","definitions":[{"text":"Given a block cipher, a bit string whose length is half of the block size.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"semiblock string","link":"https://csrc.nist.gov/glossary/term/semiblock_string","definitions":[{"text":"For a given block size, a string that can be represented as the concatenation of semiblocks.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Semi-Free-Start","link":"https://csrc.nist.gov/glossary/term/semi_free_start","abbrSyn":[{"text":"SFS","link":"https://csrc.nist.gov/glossary/term/sfs"}],"definitions":null},{"term":"Semi-Passive Tag","link":"https://csrc.nist.gov/glossary/term/semi_passive_tag","definitions":[{"text":"A passive tag that uses a battery to power on-board circuitry or sensors but not to produce back channel signals.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Semi-Qualitative Risk Analysis","link":"https://csrc.nist.gov/glossary/term/semi_qualitative_risk_analysis","definitions":[{"text":"A method for risk analysis with qualitative categories assigned numeric values to allow for the calculation of numeric results.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286"}]}]},{"term":"Semi-Quantitative Assessment","link":"https://csrc.nist.gov/glossary/term/semi_quantitative_assessment","definitions":[{"text":"Use of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"DHS Risk Lexicon","link":"https://www.dhs.gov/dhs-risk-lexicon"}]}]}]},{"term":"Sender","link":"https://csrc.nist.gov/glossary/term/sender","definitions":[{"text":"The party that sends secret keying material to the receiver in a key-transport transaction. Contrast with receiver.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"The party that sends secret keying material to the receiver using a key-transport transaction. Contrast with receiver.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"Sender Policy Framework","link":"https://csrc.nist.gov/glossary/term/sender_policy_framework","abbrSyn":[{"text":"SPF","link":"https://csrc.nist.gov/glossary/term/spf"}],"definitions":null},{"term":"senior accountable official for risk management","link":"https://csrc.nist.gov/glossary/term/senior_accountable_official_for_risk_management","abbrSyn":[{"text":"SAORM","link":"https://csrc.nist.gov/glossary/term/saorm"}],"definitions":[{"text":"The senior official, designated by the head of each agency, who has vision into all areas of the organization and is responsible for alignment of information security management processes with strategic, operational, and budgetary planning processes.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB M-17-25","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf"}]}]}]},{"term":"senior agency information security officer (SAISO)","link":"https://csrc.nist.gov/glossary/term/senior_agency_information_security_officer","abbrSyn":[{"text":"chief information security officer","link":"https://csrc.nist.gov/glossary/term/chief_information_security_officer"},{"text":"Chief Information Security Officer"},{"text":"CHIEF INFORMATION SECURITY OFFICER"},{"text":"SAISO","link":"https://csrc.nist.gov/glossary/term/saiso"},{"text":"Senior Information Security Officer"},{"text":"senior information security officer (SISO)","link":"https://csrc.nist.gov/glossary/term/senior_information_security_officer"}],"definitions":[{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SENIOR AGENCY INFORMATION SECURITY OFFICER ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under senior agency information security officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under senior agency information security officer "}]},{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under CHIEF INFORMATION SECURITY OFFICER "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Information Security Officer "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under chief information security officer "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under chief information security officer "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under chief information security officer "}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \n[Note 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses.\nNote 2: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"See senior agency information security officer (SAISO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under senior information security officer (SISO) ","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\nNote: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the chief information officer (CIO) responsibilities under the Federal Information Security Management Act (FISMA) and serving as the CIO’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \nNote: Also known as senior information security officer (SISO) or chief information security officer (CISO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544","note":" - Adapted"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Modernization Act FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \nNote 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses. \nNote 2: Organizations subordinate to federal agencies may use the term Senior Agency Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the chief information officer (CIO) responsibilities under the Federal Information Security Management Act (FISMA) and who serves as the CIO’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. Note: Also known as senior information security officer (SISO) or chief information security officer (CISO).","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under Senior Agency Information Security Officer (SAISO) ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. Note: Organizations subordinate to federal agencies may use the term senior information security officer or chief information security officer to denote individuals who fill positions with similar responsibilities to senior agency information security officers.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under senior agency information security officer "}]},{"text":"See Senior Agency Information Security Officer","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Chief Information Security Officer "}]}],"seeAlso":[{"text":"chief information security officer (CISO)"}]},{"term":"senior agency official for privacy","link":"https://csrc.nist.gov/glossary/term/senior_agency_official_for_privacy","abbrSyn":[{"text":"Chief Privacy Officer","link":"https://csrc.nist.gov/glossary/term/chief_privacy_officer"},{"text":"SAOP","link":"https://csrc.nist.gov/glossary/term/saop"}],"definitions":[{"text":"See Senior Agency Official for Privacy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Chief Privacy Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Chief Privacy Officer "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under Chief Privacy Officer "}]},{"text":"The senior organizational official with overall organization-wide responsibility for information privacy issues.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Official for Privacy "}]},{"text":"The senior official, designated by the head of each agency, who has agency-wide responsibility for privacy, including implementation of privacy protections; compliance with Federal laws, regulations, and policies relating to privacy; management of privacy risks at the agency; and a central policy-making role in the agency’s development and evaluation of legislative, regulatory, and other policy proposals.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Senior Agency Official for Privacy "}]},{"text":"Senior official, designated by the head of each agency, who has agency-wide responsibility for privacy, including implementation of privacy protections; compliance with Federal laws, regulations, and policies relating to privacy; management of privacy risks at the agency; and a central policy-making role in the agency’s development and evaluation of legislative, regulatory, and other policy proposals.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The senior official, designated by the head of each agency, who has agency-wide responsibility for privacy, including implementation of privacy protections; compliance with Federal laws, regulations, and policies relating to privacy management of privacy risks at the agency; and a central policy-making role in the agency’s development and evaluation of legislative, regulatory, and other policy proposals.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Senior Agency Official For Privacy "}]}]},{"term":"Senior Information Assurance Officer","link":"https://csrc.nist.gov/glossary/term/senior_information_assurance_officer","abbrSyn":[{"text":"SIAO","link":"https://csrc.nist.gov/glossary/term/siao"}],"definitions":null},{"term":"senior information security officer (SISO)","link":"https://csrc.nist.gov/glossary/term/senior_information_security_officer","abbrSyn":[{"text":"Senior Agency Information Security Officer"},{"text":"senior agency information security officer (SAISO)","link":"https://csrc.nist.gov/glossary/term/senior_agency_information_security_officer"},{"text":"SISO","link":"https://csrc.nist.gov/glossary/term/siso"}],"definitions":[{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \n[Note 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses.\nNote 2: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Senior (Agency) Information Security Officer (SISO) ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"See senior agency information security officer (SAISO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under senior information security officer "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under senior information security officer "}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \nNote: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Senior (Agency) Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\n[Note: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.]","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.\nNote: Organizations subordinate to federal agencies may use the term Senior Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"Official responsible for carrying out the chief information officer (CIO) responsibilities under the Federal Information Security Management Act (FISMA) and serving as the CIO’s primary liaison to the agency’s authorizing officials, information system owners, and information systems security officers. \nNote: Also known as senior information security officer (SISO) or chief information security officer (CISO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under senior agency information security officer (SAISO) ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"},{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544","note":" - Adapted"}]}]},{"text":"Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Modernization Act FISMA and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers. \nNote 1: With respect to SecCM, a Senior Agency Information Security Officer is an individual that provides organization-wide procedures and/or templates for SecCM, manages or participates in the Configuration Control Board, and/or provides technical staff for security impact analyses. \nNote 2: Organizations subordinate to federal agencies may use the term Senior Agency Information Security Officer or Chief Information Security Officer to denote individuals filling positions with similar responsibilities to Senior Agency Information Security Officers.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Agency Information Security Officer ","refSources":[{"text":"44 U.S.C., Sec. 3544","link":"https://www.govinfo.gov/app/details/USCODE-2008-title44/USCODE-2008-title44-chap35-subchapIII-sec3544"}]}]},{"text":"See Senior Agency Information Security Officer (SAISO)","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under Senior Information Security Officer (SISO) "}]}]},{"term":"Sensing Capability","link":"https://csrc.nist.gov/glossary/term/sensing_capability","definitions":[{"text":"The ability to provide an observation of an aspect of the physical world in the form of measurement data.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Sensitive","link":"https://csrc.nist.gov/glossary/term/sensitive","definitions":[{"text":"A descriptor of information whose loss, misuse, or unauthorized access or modification could adversely affect security.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"Sensitive But Unclassified","link":"https://csrc.nist.gov/glossary/term/sensitive_but_unclassified","abbrSyn":[{"text":"SBU","link":"https://csrc.nist.gov/glossary/term/sbu"}],"definitions":null},{"term":"sensitive compartmented information (SCI)","link":"https://csrc.nist.gov/glossary/term/sensitive_compartmented_information","abbrSyn":[{"text":"SCI","link":"https://csrc.nist.gov/glossary/term/sci"}],"definitions":[{"text":"Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence. ","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sensitive Compartmented Information ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sensitive Compartmented Information ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under sensitive compartmented information ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"1. A subset of Classified National Intelligence concerning or derived from intelligence sources, methods, or analytical processes, that is required to be protected within formal access control systems established by the Director of National Intelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICD 703","link":"https://www.dni.gov/files/documents/ICD/ICD%20703.pdf"}]}]},{"text":"2. Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of National Intelligence.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Sensitive Compartmented Information Facility (SCIF)","link":"https://csrc.nist.gov/glossary/term/sensitive_compartmented_information_facility","abbrSyn":[{"text":"SCIF","link":"https://csrc.nist.gov/glossary/term/scif"}],"definitions":[{"text":"An area, room, group of rooms, buildings, or installation certified and accredited as meeting Director of National Intelligence security standards for the processing, storage, and/or discussion of sensitive compartmented information (SCI).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ICS 700-1"}]}]}]},{"term":"sensitive information","link":"https://csrc.nist.gov/glossary/term/sensitive_information","definitions":[{"text":"Information where the loss, misuse, or unauthorized access or modification could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act); that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Sensitive Information ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Sensitive Information ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"See controlled unclassified information (CUI). \nNote: The term sensitive information as well as others such as For Official Use Only (FOUO) and Sensitive But Unclassified (SBU) will no longer be used upon implementation of 32 CFR 2002.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Sensitive but unclassified information.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Sensitive (information) "}]}],"seeAlso":[{"text":"controlled unclassified information (CUI)","link":"controlled_unclassified_information"}]},{"term":"Sensitive Security Parameter","link":"https://csrc.nist.gov/glossary/term/sensitive_security_parameter","abbrSyn":[{"text":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp"}],"definitions":null},{"term":"sensitivity","link":"https://csrc.nist.gov/glossary/term/sensitivity","definitions":[{"text":"A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"}]},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Sensitivity ","refSources":[{"text":"NIST SP 800-60"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Sensitivity ","refSources":[{"text":"NIST SP 800-60"}]}]},{"text":"the degree to which an IT system or application requires protection (to ensureconfidentiality, integrity, and availability) which is determined by an evaluation of the nature and criticality of the data processed, the relation of the system to the organization missions and the economic value of the system components.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under Sensitivity "}]},{"text":"Used in this guideline to mean a measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Sensitivity "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Sensitivity "}]}]},{"term":"Sentences, formal","link":"https://csrc.nist.gov/glossary/term/sentences_formal","definitions":[{"text":"The entire set of sentences that can be created or recognized as being valid using the formal syntax specifications of a formal language.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"SEP","link":"https://csrc.nist.gov/glossary/term/sep","abbrSyn":[{"text":"Secure Entry Point","link":"https://csrc.nist.gov/glossary/term/secure_entry_point"},{"text":"Symantec Endpoint Protection","link":"https://csrc.nist.gov/glossary/term/symantec_endpoint_protection"}],"definitions":null},{"term":"SEPA","link":"https://csrc.nist.gov/glossary/term/sepa","abbrSyn":[{"text":"Smart Electric Power Alliance","link":"https://csrc.nist.gov/glossary/term/smart_electric_power_alliance"}],"definitions":null},{"term":"Separation of Concerns","link":"https://csrc.nist.gov/glossary/term/separation_of_concerns","definitions":[{"text":"A design principle for breaking down an application into modules, layers, and encapsulations, the roles of which are independent of one another.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Separation of Duty (SOD)","link":"https://csrc.nist.gov/glossary/term/separation_of_duty","abbrSyn":[{"text":"SoD","link":"https://csrc.nist.gov/glossary/term/sod"}],"definitions":[{"text":"refers to the principle that no user should be given enough privileges to misuse the system on their own. For example, the person authorizing a paycheck should not also be the one who can prepare them. Separation of duties can be enforced either statically (by defining conflicting roles, i.e., roles which cannot be executed by the same user) or dynamically (by enforcing the control at access time). An example of dynamic separation of duty is the two-person rule. The first user to execute a two-person operation can be any authorized user, whereas the second user can be any authorized user different from the first [R.S. Sandhu., and P Samarati, “Access Control: Principles and Practice,” IEEE Communications Magazine 32(9), September 1994, pp. 40-48.]. There are various types of SOD, an important one is history-based SOD that regulate for example, the same subject (role) cannot access the same object for variable number of times.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]},{"text":"A security principle that divides critical functions among different staff members in an attempt to ensure that no one individual has enough information or access privilege to perpetrate damaging fraud.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Separation of duties "}]}]},{"term":"SEPM","link":"https://csrc.nist.gov/glossary/term/sepm","abbrSyn":[{"text":"Symantec Endpoint Protection Manager","link":"https://csrc.nist.gov/glossary/term/symantec_endpoint_protection_manager"},{"text":"Symantec End-Point Protection Manager"}],"definitions":null},{"term":"Sequence","link":"https://csrc.nist.gov/glossary/term/sequence","definitions":[{"text":"An ordered set of quantities.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"An ordered list of quantities.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Sequence Number","link":"https://csrc.nist.gov/glossary/term/sequence_number","abbrSyn":[{"text":"SQN","link":"https://csrc.nist.gov/glossary/term/sqn"}],"definitions":null},{"term":"Sequence Read Archive","link":"https://csrc.nist.gov/glossary/term/sequence_read_archive","abbrSyn":[{"text":"SRA","link":"https://csrc.nist.gov/glossary/term/sra"}],"definitions":null},{"term":"Serial Advanced Technology Attachment","link":"https://csrc.nist.gov/glossary/term/serial_advanced_technology_attachment","abbrSyn":[{"text":"SATA","link":"https://csrc.nist.gov/glossary/term/sata"}],"definitions":null},{"term":"Serial Attached SCSI","link":"https://csrc.nist.gov/glossary/term/serial_attached_scsi","abbrSyn":[{"text":"SAS","link":"https://csrc.nist.gov/glossary/term/sas"}],"definitions":null},{"term":"Serial Peripheral Interface","link":"https://csrc.nist.gov/glossary/term/serial_peripheral_interface","abbrSyn":[{"text":"SPI","link":"https://csrc.nist.gov/glossary/term/spi"}],"definitions":null},{"term":"Serial Test","link":"https://csrc.nist.gov/glossary/term/serial_test","definitions":[{"text":"The purpose of this test is to determine whether the number of occurrences of m-bit overlapping patterns is approximately the same as would be expected for a random sequence.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Server","link":"https://csrc.nist.gov/glossary/term/server","definitions":[{"text":"A system entity that provides a service in response to requests from clients.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]"}]},{"text":"A computer or device on a network that manages network resources. Examples include file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries).","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]},{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]},{"text":"A computer or device on a network that manages network resources. Examples are file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries).","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]}]},{"term":"Server Message Block","link":"https://csrc.nist.gov/glossary/term/server_message_block","abbrSyn":[{"text":"SMB","link":"https://csrc.nist.gov/glossary/term/smb"}],"definitions":null},{"term":"Server Name Indication","link":"https://csrc.nist.gov/glossary/term/server_name_indication","abbrSyn":[{"text":"SNI","link":"https://csrc.nist.gov/glossary/term/sni"}],"definitions":null},{"term":"Server Platform Services Firmware","link":"https://csrc.nist.gov/glossary/term/server_platform_services_firmware","abbrSyn":[{"text":"SPS FW","link":"https://csrc.nist.gov/glossary/term/sps_fw"}],"definitions":null},{"term":"Server Routing Protocol","link":"https://csrc.nist.gov/glossary/term/server_routing_protocol","abbrSyn":[{"text":"SRP","link":"https://csrc.nist.gov/glossary/term/srp"}],"definitions":null},{"term":"Server Side Includes","link":"https://csrc.nist.gov/glossary/term/server_side_includes","abbrSyn":[{"text":"SSI","link":"https://csrc.nist.gov/glossary/term/ssi"}],"definitions":null},{"term":"service","link":"https://csrc.nist.gov/glossary/term/service","definitions":[{"text":"A software component participating in a service-oriented architecture that provides functionality or participates in realizing one or more capabilities.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Service ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"A set of related IT components provided in support of one or more business processes.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Service "}]},{"text":"Performance of activities, work, or duties.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 12207"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"A capability or function provided by an entity.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"service authority","link":"https://csrc.nist.gov/glossary/term/service_authority","abbrSyn":[{"text":"COMSEC service authority","link":"https://csrc.nist.gov/glossary/term/comsec_service_authority"}],"definitions":[{"text":"See service authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under COMSEC service authority ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The COMSEC Service Authority is the Department/Agency (D/A) senior staff component/command level element that provides staff supervision and oversight of COMSEC operations, policies, procedures, accounting, resource management, material acquisition, and training throughout the D/A. The multitude of responsibilities inherent to the COMSEC Service Authority functions may be allocated to one or more senior staff elements, while specific oversight and execution of selected functional responsibilities may be delegated to subordinate field agencies and activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under service authority (COMSEC) ","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Service Class Provider","link":"https://csrc.nist.gov/glossary/term/service_class_provider","abbrSyn":[{"text":"SCP","link":"https://csrc.nist.gov/glossary/term/scp"}],"definitions":null},{"term":"Service Component Reference Model","link":"https://csrc.nist.gov/glossary/term/service_component_reference_model","abbrSyn":[{"text":"SRM","link":"https://csrc.nist.gov/glossary/term/srm"}],"definitions":null},{"term":"Service Composition","link":"https://csrc.nist.gov/glossary/term/service_composition","definitions":[{"text":"Aggregation of multiple small services into larger services.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]}]},{"term":"Service Description","link":"https://csrc.nist.gov/glossary/term/service_description","definitions":[{"text":"A set of documents that describe the interface to and semantics of a service.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"Service Discovery Protocol","link":"https://csrc.nist.gov/glossary/term/service_discovery_protocol","abbrSyn":[{"text":"SDP","link":"https://csrc.nist.gov/glossary/term/sdp"}],"definitions":null},{"term":"Service Interface","link":"https://csrc.nist.gov/glossary/term/service_interface","definitions":[{"text":"The abstract boundary that a service exposes. It defines the types of messages and the message exchange patterns that are involved in interacting with the service, together with any conditions implied by those messages.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"service level agreement (SLA)","link":"https://csrc.nist.gov/glossary/term/service_level_agreement","abbrSyn":[{"text":"SLA","link":"https://csrc.nist.gov/glossary/term/sla"}],"definitions":[{"text":"Defines the specific responsibilities of the service provider and sets the customer expectations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A service contract between an FCKMS service provider and an FCKMS service-using organization that defines the level of service to be provided, such as the time to recover from an operational failure or a system compromise.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Service Level Agreement (SLA) "}]},{"text":"Represents a commitment between a service provider and one or more customers and addresses specific aspects of the service, such as responsibilities, details on the type of service, expected performance level (e.g., reliability, acceptable quality, and response times), and requirements for reporting, resolution, and termination.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1","underTerm":" under service-level agreement "}]}]},{"term":"Service Mesh","link":"https://csrc.nist.gov/glossary/term/service_mesh","abbrSyn":[{"text":"SM","link":"https://csrc.nist.gov/glossary/term/sm"}],"definitions":null},{"term":"Service Model Operating System","link":"https://csrc.nist.gov/glossary/term/service_model_operating_system","abbrSyn":[{"text":"SMOS","link":"https://csrc.nist.gov/glossary/term/smos"}],"definitions":null},{"term":"Service Organization Control","link":"https://csrc.nist.gov/glossary/term/service_organization_control","abbrSyn":[{"text":"SOC","link":"https://csrc.nist.gov/glossary/term/soc"}],"definitions":null},{"term":"Service Principal Name","link":"https://csrc.nist.gov/glossary/term/service_principal_name","abbrSyn":[{"text":"SPN","link":"https://csrc.nist.gov/glossary/term/spn"}],"definitions":null},{"term":"Service Processor","link":"https://csrc.nist.gov/glossary/term/service_processor","abbrSyn":[{"text":"SP","link":"https://csrc.nist.gov/glossary/term/sp"}],"definitions":null},{"term":"Service Provider","link":"https://csrc.nist.gov/glossary/term/service_provider","abbrSyn":[{"text":"SP","link":"https://csrc.nist.gov/glossary/term/sp"}],"definitions":[{"text":"A provider of basic services or value-added services for operation of a network; generally refers to public carriers and other commercial enterprises.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"text":"A provider of basic services or value-added services for operation of a network ­ generally refers to public carriers and other commercial enterprises.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"Service-Oriented Architecture (SOA)","link":"https://csrc.nist.gov/glossary/term/service_oriented_architecture","abbrSyn":[{"text":"SOA","link":"https://csrc.nist.gov/glossary/term/soa"}],"definitions":[{"text":"A collection of services. These services communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"A set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functions that are built as software components (i.e., discrete pieces of code and/or data structures) that can be reused for different purposes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Service-Oriented Architecture "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under service-oriented architecture "}]}]},{"term":"Serving Gateway","link":"https://csrc.nist.gov/glossary/term/serving_gateway","abbrSyn":[{"text":"S-GW","link":"https://csrc.nist.gov/glossary/term/s_gw"}],"definitions":null},{"term":"Session","link":"https://csrc.nist.gov/glossary/term/session","definitions":[{"text":"A persistent interaction between a subscriber and an endpoint, either an RP or a CSP. A session begins with an authentication event and ends with a session termination event. A session is bound by use of a session secret that the subscriber’s software (a browser, application, or OS) can present to the RP or CSP in lieu of the subscriber’s authentication credentials.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A persistent interaction between a subscriber and an end point, either a relying party or a Credential Service Provider. A session begins with an authentication event and ends with a session termination event. A session is bound by use of a session secret that the subscriber’s software (a browser, application, or operating system) can present to the relying party or the Credential Service Provider in lieu of the subscriber’s authentication credentials.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17"}]}]},{"term":"Session Description Protocol","link":"https://csrc.nist.gov/glossary/term/session_description_protocol","abbrSyn":[{"text":"SDP","link":"https://csrc.nist.gov/glossary/term/sdp"}],"definitions":null},{"term":"Session Hijack Attack","link":"https://csrc.nist.gov/glossary/term/session_hijack_attack","definitions":[{"text":"An attack in which the attacker is able to insert himself or herself between a claimant and a verifier subsequent to a successful authentication exchange between the latter two parties. The attacker is able to pose as a subscriber to the verifier or vice versa to control session data exchange. Sessions between the claimant and the RP can be similarly compromised.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An attack in which the Attacker is able to insert himself or herself between a Claimant and a Verifier subsequent to a successful authentication exchange between the latter two parties. The Attacker is able to pose as a Subscriber to the Verifier or vice versa to control session data exchange. Sessions between the Claimant and the Relying Party can also be similarly compromised.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Session Initiation Protocol","link":"https://csrc.nist.gov/glossary/term/session_initiation_protocol","abbrSyn":[{"text":"SIP","link":"https://csrc.nist.gov/glossary/term/sip"}],"definitions":null},{"term":"set theory relationship mapping","link":"https://csrc.nist.gov/glossary/term/set_theory_relationship_mapping","definitions":[{"text":"A concept relationship style derived from the branch of mathematics known as set theory.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]},{"text":"An OLIR that characterizes each relationship between pairs of elements by qualifying the rationale for indicating the connection between the elements and classifying the relationship based on set theory principles.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Set Theory Relationship Mapping OLIR "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Set Theory Relationship Mapping OLIR "}]}]},{"term":"Setting the bar","link":"https://csrc.nist.gov/glossary/term/setting_the_bar","definitions":[{"text":"Setting the bar means that a decision must be made as to the complexity of the material that will be developed; it applies to all three types of learning – awareness, training, and education.","sources":[{"text":"NIST SP 800-50","link":"https://doi.org/10.6028/NIST.SP.800-50"}]}]},{"term":"Set-User-ID","link":"https://csrc.nist.gov/glossary/term/set_user_id","abbrSyn":[{"text":"SUID","link":"https://csrc.nist.gov/glossary/term/suid"}],"definitions":null},{"term":"SEV","link":"https://csrc.nist.gov/glossary/term/sev","abbrSyn":[{"text":"Secured Encrypted Virtualization","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization"}],"definitions":null},{"term":"SEV-ES","link":"https://csrc.nist.gov/glossary/term/sev_es","abbrSyn":[{"text":"Secured Encrypted Virtualization with Encrypted State","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization_with_encrypted_state"}],"definitions":null},{"term":"SEV-SNP","link":"https://csrc.nist.gov/glossary/term/sev_snp","abbrSyn":[{"text":"Secured Encrypted Virtualization with Secured Nested Paging","link":"https://csrc.nist.gov/glossary/term/secured_encrypted_virtualization_with_secured_nested_paging"}],"definitions":null},{"term":"SF","link":"https://csrc.nist.gov/glossary/term/sf","abbrSyn":[{"text":"Single Factor"},{"text":"Standard Form","link":"https://csrc.nist.gov/glossary/term/standard_form"}],"definitions":[{"text":"A characteristic of an authentication system or an authenticator that requires only one authentication factor (something you know, something you have, or something you are) for successful authentication.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Single Factor "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Single Factor "}]}]},{"term":"SFA","link":"https://csrc.nist.gov/glossary/term/sfa","abbrSyn":[{"text":"Security Fault Analysis"}],"definitions":null},{"term":"SFC","link":"https://csrc.nist.gov/glossary/term/sfc","abbrSyn":[{"text":"Stealthwatch Flow Collector","link":"https://csrc.nist.gov/glossary/term/stealthwatch_flow_collector"},{"text":"System File Checker","link":"https://csrc.nist.gov/glossary/term/system_file_checker"}],"definitions":null},{"term":"SFP+","link":"https://csrc.nist.gov/glossary/term/sfp_plus","abbrSyn":[{"text":"Enhanced Small Form-Factor Pluggable","link":"https://csrc.nist.gov/glossary/term/enhanced_small_form_factor_pluggable"}],"definitions":null},{"term":"SFS","link":"https://csrc.nist.gov/glossary/term/sfs","abbrSyn":[{"text":"Semi-Free-Start","link":"https://csrc.nist.gov/glossary/term/semi_free_start"}],"definitions":null},{"term":"SFTP","link":"https://csrc.nist.gov/glossary/term/sftp","abbrSyn":[{"text":"Secure File Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/secure_file_transfer_protocol"},{"text":"Secure FTP","link":"https://csrc.nist.gov/glossary/term/secure_ftp"}],"definitions":null},{"term":"SFUG","link":"https://csrc.nist.gov/glossary/term/sfug","note":"(C.F.D.)","abbrSyn":[{"text":"Security Features Users Guide","link":"https://csrc.nist.gov/glossary/term/security_features_users_guide"}],"definitions":null},{"term":"SGCC","link":"https://csrc.nist.gov/glossary/term/sgcc","abbrSyn":[{"text":"Smart Grid Cybersecurity Committee","link":"https://csrc.nist.gov/glossary/term/smart_grid_cybersecurity_committee"}],"definitions":null},{"term":"SGIP","link":"https://csrc.nist.gov/glossary/term/sgip","abbrSyn":[{"text":"Smart Grid Interoperability Panel","link":"https://csrc.nist.gov/glossary/term/smart_grid_interoperability_panel"}],"definitions":null},{"term":"SGT","link":"https://csrc.nist.gov/glossary/term/sgt","abbrSyn":[{"text":"Security Group Tag","link":"https://csrc.nist.gov/glossary/term/security_group_tag"}],"definitions":null},{"term":"S-GW","link":"https://csrc.nist.gov/glossary/term/s_gw","abbrSyn":[{"text":"Serving Gateway","link":"https://csrc.nist.gov/glossary/term/serving_gateway"}],"definitions":null},{"term":"SGX","link":"https://csrc.nist.gov/glossary/term/sgx","abbrSyn":[{"text":"Software Guard eXtensions","link":"https://csrc.nist.gov/glossary/term/software_guard_extensions"},{"text":"Software Guard Extensions"}],"definitions":null},{"term":"SHA","link":"https://csrc.nist.gov/glossary/term/sha","abbrSyn":[{"text":"Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm"},{"text":"Secure Hashing Algorithm"}],"definitions":[{"text":"A hash algorithm with the property that it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under Secure Hash Algorithm ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"Secure Hash Algorithm.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"SHA-1","link":"https://csrc.nist.gov/glossary/term/sha_1","abbrSyn":[{"text":"Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm"},{"text":"Secure Hash Algorithm 1"},{"text":"Secure Hash Algorithm, version 1"},{"text":"Secure Hash Algorithm, Version 1"},{"text":"Secure Hash Algorithm-1"},{"text":"SHA1"}],"definitions":[{"text":"A hash algorithm with the property that it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under Secure Hash Algorithm ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"The Secure Hash Algorithm defined in Federal Information Processing Standard 180-1.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]},{"text":"A hash function specified in FIPS 180-2, the Secure Hash Standard.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Secure Hash Algorithm 1 ","refSources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Secure Hash Algorithm 1 ","refSources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"text":"The SHA-1 hash for the resource.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"SHA-2","link":"https://csrc.nist.gov/glossary/term/sha_2","abbrSyn":[{"text":"Secure Hash Algorithm","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm"}],"definitions":[{"text":"A hash algorithm with the property that it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under Secure Hash Algorithm ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]}]},{"term":"SHA-256","link":"https://csrc.nist.gov/glossary/term/sha_256","abbrSyn":[{"text":"Secure Hash Algorithm 256","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_256"},{"text":"Secure Hash Algorithm 256-bit"}],"definitions":[{"text":"A hash algorithm that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Secure Hash Algorithm 256 ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Secure Hash Algorithm 256 ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Secure Hash Algorithm 256 ","refSources":[{"text":"FIPS 180-4","link":"https://doi.org/10.6028/NIST.FIPS.180-4"}]}]},{"text":"The SHA-256 hash for the resource.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"SHA-256(M)","link":"https://csrc.nist.gov/glossary/term/sha_256_m","definitions":[{"text":"SHA-256 hash function as specified in [3].","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"SHA-256/192(M)","link":"https://csrc.nist.gov/glossary/term/sha_256_192_m","definitions":[{"text":"T192(SHA-256(M)), the most significant (i.e., leftmost) 192 bits of the SHA-256 hash of M.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"SHA-3","link":"https://csrc.nist.gov/glossary/term/sha_3","abbrSyn":[{"text":"Secure Hash Algorithm 3","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_3"}],"definitions":[{"text":"Secure Hash Algorithm-3.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Shadow Stack","link":"https://csrc.nist.gov/glossary/term/shadow_stack","definitions":[{"text":"A parallel hardware stack that applications can utilize to store a copy of return addresses that are checked against the normal program stack on return operations.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"SHAKE","link":"https://csrc.nist.gov/glossary/term/shake","abbrSyn":[{"text":"Secure Hash Algorithm Keccak","link":"https://csrc.nist.gov/glossary/term/secure_hash_algorithm_keccak"}],"definitions":null},{"term":"SHAKE256/192(M)","link":"https://csrc.nist.gov/glossary/term/shake256_192_m","definitions":[{"text":"SHAKE256(M, 192), where SHAKE256 is specified in Section 6.2 of [5]. The output length is 192 bits.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"SHAKE256/256(M)","link":"https://csrc.nist.gov/glossary/term/shake256_256_m","definitions":[{"text":"SHAKE256(M, 256), where SHAKE256 is specified in Section 6.2 of [5]. The output length is 256 bits.","sources":[{"text":"NIST SP 800-208","link":"https://doi.org/10.6028/NIST.SP.800-208"}]}]},{"term":"SHAP","link":"https://csrc.nist.gov/glossary/term/shap","abbrSyn":[{"text":"Shapley Additive exPlanations","link":"https://csrc.nist.gov/glossary/term/shapley_additive_explanations"}],"definitions":null},{"term":"Shapley Additive exPlanations","link":"https://csrc.nist.gov/glossary/term/shapley_additive_explanations","abbrSyn":[{"text":"SHAP","link":"https://csrc.nist.gov/glossary/term/shap"}],"definitions":null},{"term":"Sharding","link":"https://csrc.nist.gov/glossary/term/sharding","definitions":[{"text":"A blockchain configuration and architecture that enables the processing of transactions in parallel. The blockchain’s global state is split among multiple blockchain subnetworks coordinated by a separate hub blockchain.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"shared control","link":"https://csrc.nist.gov/glossary/term/shared_control","definitions":[{"text":"A security or privacy control that is implemented for an information system in part as a common control and in part as a system-specific control. See hybrid control.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Shared Secret","link":"https://csrc.nist.gov/glossary/term/shared_secret","definitions":[{"text":"The secret byte string that is computed/generated during the execution of an approved key-establishment scheme and used as input to a key-derivation method as part of that transaction.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed using a key-establishment scheme and is used as input to a (single-step) key derivation function or an extraction-then-expansion procedure that derives keying material in a two-step process.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed using a key agreement algorithm.","sources":[{"text":"NIST SP 800-135 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-135r1","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed using a key-agreement scheme and is used as input to a key derivation method.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Shared secret "}]},{"text":"A value generated during a public-key-based key establishment scheme defined in NIST SP 800-56A or SP 800-56B.","sources":[{"text":"NIST SP 800-56C","link":"https://doi.org/10.6028/NIST.SP.800-56C","note":" [Superseded]","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed using a key-agreement scheme and is used as input to a key-derivation function/method.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Shared secret "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Shared secret "}]},{"text":"A secret used in authentication that is known to the subscriber and the verifier.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A secret value that has been computed during the execution of a key-establishment scheme, is known by both participants, and is used as input to a key-derivation method to produce secret keying material.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed during an execution of a key-establishment scheme between two parties, is known by both participants, and is used as input to a key-derivation method to produce keying material.","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Shared secret "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Shared secret "}]},{"text":"A secret value that is computed during a (pair-wise) key-agreement transaction and is used as input to derive a key using a key-derivation method.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed using a key-agreement scheme and is used as input to a key-derivation method.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Shared secret "}]},{"text":"A secret value that has been computed during a key-establishment scheme, is known by both participants, and is used as input to a key-derivation method to produce keying material.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Shared secret "}]},{"text":"A secret used in authentication that is known to the Claimant and the Verifier.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Shared Service Provider","link":"https://csrc.nist.gov/glossary/term/shared_service_provider","abbrSyn":[{"text":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp"}],"definitions":null},{"term":"Shared Service Providers","link":"https://csrc.nist.gov/glossary/term/shared_service_providers","abbrSyn":[{"text":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp"}],"definitions":null},{"term":"Shared Situational Awareness","link":"https://csrc.nist.gov/glossary/term/shared_situational_awareness","abbrSyn":[{"text":"SSA","link":"https://csrc.nist.gov/glossary/term/ssa"}],"definitions":null},{"term":"shielded enclosure","link":"https://csrc.nist.gov/glossary/term/shielded_enclosure","definitions":[{"text":"Room or container designed to attenuate electromagnetic radiation, acoustic signals, or emanations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Short Integer Solution","link":"https://csrc.nist.gov/glossary/term/short_integer_solution","abbrSyn":[{"text":"SIS","link":"https://csrc.nist.gov/glossary/term/sis"}],"definitions":null},{"term":"Short Message Service (SMS)","link":"https://csrc.nist.gov/glossary/term/short_message_service","abbrSyn":[{"text":"SMS","link":"https://csrc.nist.gov/glossary/term/sms"}],"definitions":[{"text":"A cellular network facility that allows users to send and receive text messages of up to 160 alphanumeric characters on their handset.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a mobile phone network facility that allows users to send and receive alphanumeric text messages of up to 160 characters on their cell phone or other handheld device","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Short Message Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Short Message Service "}]}]},{"term":"Short Message Service Chat","link":"https://csrc.nist.gov/glossary/term/short_message_service_chat","definitions":[{"text":"a facility for exchanging messages between mobile phone users in real-time via SMS text messaging, which allows previous messages from the same conversation to be viewed.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Short Term Key","link":"https://csrc.nist.gov/glossary/term/short_term_key","abbrSyn":[{"text":"STK","link":"https://csrc.nist.gov/glossary/term/stk"}],"definitions":null},{"term":"short title","link":"https://csrc.nist.gov/glossary/term/short_title","definitions":[{"text":"Identifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and controlling (e.g., KAM-211, KG-175). Each item of accountable COMSEC material is assigned a short title to facilitate handling, accounting and control.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"short title assignment requester (STAR)","link":"https://csrc.nist.gov/glossary/term/short_title_assignment_requester","abbrSyn":[{"text":"STAR","link":"https://csrc.nist.gov/glossary/term/star"}],"definitions":[{"text":"The key management entity (KME) privileged to request assignment of a new short title and generation of key against that short title.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Shortest Independent Vector Problem","link":"https://csrc.nist.gov/glossary/term/shortest_independent_vector_problem","abbrSyn":[{"text":"SIVP","link":"https://csrc.nist.gov/glossary/term/sivp"}],"definitions":null},{"term":"Shortest Vector Problem","link":"https://csrc.nist.gov/glossary/term/shortest_vector_problem","abbrSyn":[{"text":"SVP","link":"https://csrc.nist.gov/glossary/term/svp"}],"definitions":null},{"term":"short-term stability","link":"https://csrc.nist.gov/glossary/term/short_term_stability","definitions":[{"text":"The stability of a time or frequency signal over a short measurement interval, usually an interval of 100 seconds or less in duration.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Shred","link":"https://csrc.nist.gov/glossary/term/shred","definitions":[{"text":"A method of sanitizing media; the act of cutting or tearing into small particles.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Shrinkage","link":"https://csrc.nist.gov/glossary/term/shrinkage","definitions":[{"text":"Product loss or theft that results in declining revenue.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"SHS","link":"https://csrc.nist.gov/glossary/term/shs","abbrSyn":[{"text":"Secure Hash Standard"}],"definitions":null},{"term":"SI","link":"https://csrc.nist.gov/glossary/term/si","abbrSyn":[{"text":"System and Information Integrity","link":"https://csrc.nist.gov/glossary/term/system_and_information_integrity"},{"text":"System and Information Protection","link":"https://csrc.nist.gov/glossary/term/system_and_information_protection"}],"definitions":null},{"term":"SIA","link":"https://csrc.nist.gov/glossary/term/sia","abbrSyn":[{"text":"Security Impact Analysis"},{"text":"Security Industry Association","link":"https://csrc.nist.gov/glossary/term/security_industry_association"}],"definitions":[{"text":"The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Impact Analysis "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Impact Analysis ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"The analysis conducted by an organizational official to determine the extent to which a change to the information system has or may have affected the security posture of the system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Security Impact Analysis ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"The analysis conducted by an agency official, often during the continuous monitoring phase of the security certification and accreditation process, to determine the extent to which changes to the information system have affected the security posture of the system.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Impact Analysis ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]}]},{"term":"SIAO","link":"https://csrc.nist.gov/glossary/term/siao","note":"(C.F.D.)","abbrSyn":[{"text":"Senior Information Assurance Officer","link":"https://csrc.nist.gov/glossary/term/senior_information_assurance_officer"}],"definitions":null},{"term":"SID","link":"https://csrc.nist.gov/glossary/term/sid","abbrSyn":[{"text":"Security Identify","link":"https://csrc.nist.gov/glossary/term/security_identify"},{"text":"Signature ID","link":"https://csrc.nist.gov/glossary/term/signature_id"},{"text":"System Identifier","link":"https://csrc.nist.gov/glossary/term/system_identifier"}],"definitions":null},{"term":"Side Channel Analysis with Reinforcement Learning","link":"https://csrc.nist.gov/glossary/term/side_channel_analysis_with_reinforcement_learning","abbrSyn":[{"text":"SCARL","link":"https://csrc.nist.gov/glossary/term/scarl"}],"definitions":null},{"term":"Sidechain","link":"https://csrc.nist.gov/glossary/term/sidechain","definitions":[{"text":"A blockchain with its own consensus mechanism and set of nodes that is connected to another blockchain through a two-way bridge.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Side-Channel Attack","link":"https://csrc.nist.gov/glossary/term/side_channel_attack","abbrSyn":[{"text":"SCA","link":"https://csrc.nist.gov/glossary/term/sca"}],"definitions":[{"text":"An attack enabled by leakage of information from a physical cryptosystem. Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Side-Channel Attacks ","refSources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]}]},{"term":"SIDH","link":"https://csrc.nist.gov/glossary/term/sidh","abbrSyn":[{"text":"supersingular isogeny Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/supersingular_isogeny_diffie_hellman"},{"text":"Supersingular Isogeny Diffie-Hellman"}],"definitions":null},{"term":"SIDR","link":"https://csrc.nist.gov/glossary/term/sidr","abbrSyn":[{"text":"Secure Inter-Domain Routing","link":"https://csrc.nist.gov/glossary/term/secure_inter_domain_routing"}],"definitions":null},{"term":"SIDR WG","link":"https://csrc.nist.gov/glossary/term/sidr_wg","abbrSyn":[{"text":"Secure Inter-Domain Routing Working Group","link":"https://csrc.nist.gov/glossary/term/secure_inter_domain_routing_working_group"}],"definitions":null},{"term":"SIEM","link":"https://csrc.nist.gov/glossary/term/siem","abbrSyn":[{"text":"Security Incident and Event Management","link":"https://csrc.nist.gov/glossary/term/security_incident_and_event_management"},{"text":"Security Incident Event Monitoring","link":"https://csrc.nist.gov/glossary/term/security_incident_event_monitoring"},{"text":"Security Information and Event Management","link":"https://csrc.nist.gov/glossary/term/security_information_and_event_management"},{"text":"Security Information and Event Monitoring"},{"text":"Security Information and Events Management"}],"definitions":null},{"term":"SIF","link":"https://csrc.nist.gov/glossary/term/sif","abbrSyn":[{"text":"Safety Instrumented Function","link":"https://csrc.nist.gov/glossary/term/safety_instrumented_function"}],"definitions":null},{"term":"SIFA","link":"https://csrc.nist.gov/glossary/term/sifa","abbrSyn":[{"text":"Statistical Ineffective Fault Attack","link":"https://csrc.nist.gov/glossary/term/statistical_ineffective_fault_attack"}],"definitions":null},{"term":"SIG","link":"https://csrc.nist.gov/glossary/term/sig_acronym","abbrSyn":[{"text":"Special Interest Group","link":"https://csrc.nist.gov/glossary/term/special_interest_group"}],"definitions":null},{"term":"SIGE(…)","link":"https://csrc.nist.gov/glossary/term/sig_generated_by_entity","definitions":[{"text":"A digital signature generated by the entity E using an approved hash function and an approved digital signature algorithm. The data that is signed is the information contained within the parentheses.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]}]},{"term":"Signal Processing for Space Communications Workshop","link":"https://csrc.nist.gov/glossary/term/signal_processing_for_space_communications_workshop","abbrSyn":[{"text":"SPSC","link":"https://csrc.nist.gov/glossary/term/spsc"}],"definitions":null},{"term":"Signal Processing System","link":"https://csrc.nist.gov/glossary/term/signal_processing_system","abbrSyn":[{"text":"SiPS","link":"https://csrc.nist.gov/glossary/term/sips"}],"definitions":null},{"term":"Signaling Radio Bearer","link":"https://csrc.nist.gov/glossary/term/signaling_radio_bearer","abbrSyn":[{"text":"SRB","link":"https://csrc.nist.gov/glossary/term/srb"}],"definitions":null},{"term":"signaling rate","link":"https://csrc.nist.gov/glossary/term/signaling_rate","definitions":[{"text":"The signaling rate of a digital signal is defined as the reciprocal of the bit width (1/bit width). The signaling rate is used to determine the frequency range of electrical isolation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"Signatory","link":"https://csrc.nist.gov/glossary/term/signatory","definitions":[{"text":"The entity that generates a digital signature on data using a private key.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}]},{"term":"signature","link":"https://csrc.nist.gov/glossary/term/signature","definitions":[{"text":"A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Signature ","refSources":[{"text":"NIST SP 800-61","link":"https://doi.org/10.6028/NIST.SP.800-61"}]},{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","underTerm":" under Signature "}]},{"text":"A recognizable, distinguishing pattern. See attack signature and digital signature.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-61 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-61r2","note":" - Adapted"}]}]},{"text":"The ability to trace the origin of the data.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Signature "}]},{"text":"A set of characteristics of known malware instances that can be used to identify known malware and some new variants of known malware.","sources":[{"text":"NIST SP 800-83 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-83r1","underTerm":" under Signature "}]}],"seeAlso":[{"text":"attack signature","link":"attack_signature"},{"text":"digital signature","link":"digital_signature"}]},{"term":"Signature and Verification Operations Parallelizing Manager","link":"https://csrc.nist.gov/glossary/term/sig_ver_ops_parallelizing_manager","abbrSyn":[{"text":"SSVOPM","link":"https://csrc.nist.gov/glossary/term/ssvopm"}],"definitions":null},{"term":"Signature Block Header","link":"https://csrc.nist.gov/glossary/term/signature_block_header","abbrSyn":[{"text":"SBH","link":"https://csrc.nist.gov/glossary/term/sbh"}],"definitions":null},{"term":"signature certificate","link":"https://csrc.nist.gov/glossary/term/signature_certificate","definitions":[{"text":"A public key certificate that contains a public key intended for verifying digital signatures rather than authenticating, encrypting data or performing any other cryptographic functions.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Signature Certificate "}]}]},{"term":"Signature generation","link":"https://csrc.nist.gov/glossary/term/signature_generation","definitions":[{"text":"The process of using a digital signature algorithm and a private key to generate a digital signature on data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"The use of a digital signature algorithm and a private key to generate a digital signature on data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Signature ID","link":"https://csrc.nist.gov/glossary/term/signature_id","abbrSyn":[{"text":"SID","link":"https://csrc.nist.gov/glossary/term/sid"}],"definitions":null},{"term":"Signature validation","link":"https://csrc.nist.gov/glossary/term/signature_validation","definitions":[{"text":"The (mathematical) verification of the digital signature and obtaining the appropriate assurances (e.g., public key validity, private key possession, etc.).","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"The (mathematical) verification of the digital signature plus obtaining the appropriate assurances (e.g., public key validity, private key possession, etc.).","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Signature verification","link":"https://csrc.nist.gov/glossary/term/signature_verification","definitions":[{"text":"The process of using a digital signature algorithm and a public key to verify a digital signature on data.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"The use of a digital signature algorithm and a public key to verify a digital signature on data.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The use of a digital signature and a public key to verify a digital signature on data.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"Signature-in-question","link":"https://csrc.nist.gov/glossary/term/signature_in_question","definitions":[{"text":"The digital signature to be verified and validated.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Signed data","link":"https://csrc.nist.gov/glossary/term/signed_data","definitions":[{"text":"The data or message upon which a digital signature has been computed. Also, see Message.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]}],"seeAlso":[{"text":"Message","link":"message"}]},{"term":"Signed Response","link":"https://csrc.nist.gov/glossary/term/signed_response","abbrSyn":[{"text":"SRES","link":"https://csrc.nist.gov/glossary/term/sres"}],"definitions":null},{"term":"Signed Zone","link":"https://csrc.nist.gov/glossary/term/signed_zone","definitions":[{"text":"A zone whose RRsets are signed and which contains properly constructed DNSKEY, Resource Record Signature (RRSIG), Next Secure (NSEC), and (optionally) DS records.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"significant consequences","link":"https://csrc.nist.gov/glossary/term/significant_consequences","definitions":[{"text":"Loss of life, significant responsive actions against the United States, significant damage to property, serious adverse U.S. foreign policy consequences, or serious economic impact on the United States.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"PPD-20"}]}]}]},{"term":"Silicon Provider","link":"https://csrc.nist.gov/glossary/term/silicon_provider","abbrSyn":[{"text":"SiP"}],"definitions":null},{"term":"SIM","link":"https://csrc.nist.gov/glossary/term/sim","abbrSyn":[{"text":"Security Information Management","link":"https://csrc.nist.gov/glossary/term/security_information_management"},{"text":"Subsciber Identity Module"},{"text":"Subscriber Identity Module"}],"definitions":[{"text":"A smart card chip specialized for use in GSM equipment.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Subscriber Identity Module "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Subscriber Identity Module "}]}]},{"term":"SIMD","link":"https://csrc.nist.gov/glossary/term/simd","abbrSyn":[{"text":"Single Instruction, Multiple Data","link":"https://csrc.nist.gov/glossary/term/single_instruction_multiple_data"}],"definitions":null},{"term":"SIMID","link":"https://csrc.nist.gov/glossary/term/simid","abbrSyn":[{"text":"Single Instruction, Multiple Data","link":"https://csrc.nist.gov/glossary/term/single_instruction_multiple_data"}],"definitions":null},{"term":"Similarity","link":"https://csrc.nist.gov/glossary/term/similarity","definitions":[{"text":"The similarity of two artifacts, as measured by a particular approximate matching algorithm, is defined as an increasing monotonic function of the number of matching features contained in their respective feature sets.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Similarity digest","link":"https://csrc.nist.gov/glossary/term/similarity_digest","definitions":[{"text":"A similarity digest is a (compressed) representation of the original data object’s feature set that is suitable for comparison with other similarity digests created by the same algorithm. In most cases, the digest is much smaller than the original artifact and the original object is not recoverable from the digest.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Similarity function","link":"https://csrc.nist.gov/glossary/term/similarity_function","definitions":[{"text":"compares two similarity digests and outputs a score. The\nrecommended approach is to assign a score s in the 0 ≤ s ≤ 1 range, where 0 indicates no similarity and 1 indicates high similarity. This score represents a normalized estimate of the number of matching features in the feature sets corresponding to the artifacts from which the similarity digests were created.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Simple Certificate Enrollment Protocol (SCEP)","link":"https://csrc.nist.gov/glossary/term/simple_certificate_enrollment_protocol_scep","abbrSyn":[{"text":"SCEP","link":"https://csrc.nist.gov/glossary/term/scep"}],"definitions":[{"text":"A protocol defined in an IETF internet draft specification that is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as referenced in other industry standards.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Certificate Enrollment Protocol "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Simple Key Loader","link":"https://csrc.nist.gov/glossary/term/simple_key_loader","abbrSyn":[{"text":"SKL","link":"https://csrc.nist.gov/glossary/term/skl"}],"definitions":null},{"term":"Simple Mail Transfer Protocol (SMTP)","link":"https://csrc.nist.gov/glossary/term/simple_mail_transfer_protocol","abbrSyn":[{"text":"SMTP","link":"https://csrc.nist.gov/glossary/term/smtp"}],"definitions":[{"text":"An MTA protocol defined by IETF RFC 2821. SMTP is the most commonly used MTA protocol.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]},{"text":"the primary protocol used to transfer electronic mail messages on the Internet.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Mail Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Mail Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Simple Mail Transfer Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Simple Mail Transfer Protocol "}]}]},{"term":"Simple Name Server","link":"https://csrc.nist.gov/glossary/term/simple_name_server","abbrSyn":[{"text":"SNS","link":"https://csrc.nist.gov/glossary/term/sns"}],"definitions":null},{"term":"Simple Network Time Protocol","link":"https://csrc.nist.gov/glossary/term/simple_network_time_protocol","abbrSyn":[{"text":"SNTP","link":"https://csrc.nist.gov/glossary/term/sntp"}],"definitions":null},{"term":"Simple Object Access Protocol","link":"https://csrc.nist.gov/glossary/term/simple_object_access_protocol","abbrSyn":[{"text":"SOAP","link":"https://csrc.nist.gov/glossary/term/soap"}],"definitions":[{"text":"An XML-based protocol for exchanging structured information in a decentralized, distributed environment.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under SOAP ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]}]},{"term":"Simple Power Analysis","link":"https://csrc.nist.gov/glossary/term/simple_power_analysis","abbrSyn":[{"text":"SPA","link":"https://csrc.nist.gov/glossary/term/spa"}],"definitions":null},{"term":"Simple Public-Key GSS-API Mechanism","link":"https://csrc.nist.gov/glossary/term/simple_public_key_gss_api_mechanism","abbrSyn":[{"text":"SPKM","link":"https://csrc.nist.gov/glossary/term/spkm"}],"definitions":null},{"term":"Simple Service Discovery Protocol","link":"https://csrc.nist.gov/glossary/term/simple_service_discovery_protocol","abbrSyn":[{"text":"SSDP","link":"https://csrc.nist.gov/glossary/term/ssdp"}],"definitions":null},{"term":"Simple Theorem Prover constraint solver","link":"https://csrc.nist.gov/glossary/term/simple_theorem_prover_constraint_solver","abbrSyn":[{"text":"STP","link":"https://csrc.nist.gov/glossary/term/stp"}],"definitions":null},{"term":"Simple t-way combination coverage","link":"https://csrc.nist.gov/glossary/term/simple_t_way_combination_coverage","definitions":[{"text":"For a given test set for n variables, simple t-way combination coverage is the proportion of t-way combinations of n variables for which all variable-values configurations are fully covered.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"Simplified Local Internet Number Resource Management","link":"https://csrc.nist.gov/glossary/term/simplified_local_internet_number_resource_management","abbrSyn":[{"text":"SLURM","link":"https://csrc.nist.gov/glossary/term/slurm"}],"definitions":null},{"term":"Simulators","link":"https://csrc.nist.gov/glossary/term/simulators","definitions":[{"text":"A functional exercise staff member who simulates or represents non-participating individuals or organizations whose input or participation is necessary to the flow of the exercise.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Single Instruction, Multiple Data","link":"https://csrc.nist.gov/glossary/term/single_instruction_multiple_data","abbrSyn":[{"text":"SIMD","link":"https://csrc.nist.gov/glossary/term/simd"},{"text":"SIMID","link":"https://csrc.nist.gov/glossary/term/simid"}],"definitions":null},{"term":"Single Log-Out","link":"https://csrc.nist.gov/glossary/term/single_log_out","abbrSyn":[{"text":"SLO","link":"https://csrc.nist.gov/glossary/term/slo"}],"definitions":null},{"term":"single point keying (SPK)","link":"https://csrc.nist.gov/glossary/term/single_point_keying","abbrSyn":[{"text":"SPK","link":"https://csrc.nist.gov/glossary/term/spk"}],"definitions":[{"text":"Means of distributing key to multiple, local crypto equipment or devices from a single fill point.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Single Sign-On","link":"https://csrc.nist.gov/glossary/term/single_sign_on","abbrSyn":[{"text":"SSO","link":"https://csrc.nist.gov/glossary/term/sso"}],"definitions":null},{"term":"Single-Factor","link":"https://csrc.nist.gov/glossary/term/single_factor","abbrSyn":[{"text":"SF","link":"https://csrc.nist.gov/glossary/term/sf"}],"definitions":[{"text":"A characteristic of an authentication system or an authenticator that requires only one authentication factor (something you know, something you have, or something you are) for successful authentication.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Single Factor "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Single Factor "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Singulation","link":"https://csrc.nist.gov/glossary/term/singulation","definitions":[{"text":"A function performed by a reader to individually identify any tags in the reader’s operating range.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"SINIT ACM","link":"https://csrc.nist.gov/glossary/term/sinit_acm","abbrSyn":[{"text":"Secure Initialization Authenticated Code Module","link":"https://csrc.nist.gov/glossary/term/secure_initialization_authenticated_code_module"}],"definitions":null},{"term":"SIP","link":"https://csrc.nist.gov/glossary/term/sip","abbrSyn":[{"text":"Session Initiation Protocol","link":"https://csrc.nist.gov/glossary/term/session_initiation_protocol"},{"text":"Silicon Provider","link":"https://csrc.nist.gov/glossary/term/silicon_provider"}],"definitions":null},{"term":"SiPS","link":"https://csrc.nist.gov/glossary/term/sips","abbrSyn":[{"text":"Signal Processing System","link":"https://csrc.nist.gov/glossary/term/signal_processing_system"}],"definitions":null},{"term":"SIS","link":"https://csrc.nist.gov/glossary/term/sis","abbrSyn":[{"text":"safety instrumented system","link":"https://csrc.nist.gov/glossary/term/safety_instrumented_system"},{"text":"Short Integer Solution","link":"https://csrc.nist.gov/glossary/term/short_integer_solution"}],"definitions":[{"text":"A system that is composed of sensors, logic solvers, and final control elements whose purpose is to take the process to a safe state when predetermined conditions are violated. Other terms commonly used include emergency shutdown system (ESS), safety shutdown system (SSD), and safety interlock system (SIS).","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under safety instrumented system ","refSources":[{"text":"ANSI/ISA-84.00.01","link":"https://www.isa.org/pdfs/microsites267/s-840001-pt1/"}]}]}]},{"term":"SISO","link":"https://csrc.nist.gov/glossary/term/siso","abbrSyn":[{"text":"Senior Information Security Officer"}],"definitions":[{"text":"See Senior Agency Information Security Officer.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Senior Information Security Officer "}]}]},{"term":"Site Recovery Manager","link":"https://csrc.nist.gov/glossary/term/site_recovery_manager","abbrSyn":[{"text":"SRM","link":"https://csrc.nist.gov/glossary/term/srm"}],"definitions":null},{"term":"situational awareness","link":"https://csrc.nist.gov/glossary/term/situational_awareness","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":[{"text":"Perception of elements in the system and/or environment and a comprehension of their meaning, which could include a projection of the future status of perceived elements and the uncertainty associated with that status.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 17757:2019","link":"https://www.iso.org/standard/76126.html"}]}]},{"text":"Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"SIVP","link":"https://csrc.nist.gov/glossary/term/sivp","abbrSyn":[{"text":"Shortest Independent Vector Problem","link":"https://csrc.nist.gov/glossary/term/shortest_independent_vector_problem"}],"definitions":null},{"term":"Size, Weight, and Power","link":"https://csrc.nist.gov/glossary/term/size_weight_and_power","abbrSyn":[{"text":"SWaP","link":"https://csrc.nist.gov/glossary/term/swap"}],"definitions":null},{"term":"SK","link":"https://csrc.nist.gov/glossary/term/sk","abbrSyn":[{"text":"Secure Kernel","link":"https://csrc.nist.gov/glossary/term/secure_kernel"}],"definitions":null},{"term":"SKCE","link":"https://csrc.nist.gov/glossary/term/skce","abbrSyn":[{"text":"StrongKey Crypto Engine","link":"https://csrc.nist.gov/glossary/term/strongkey_crypto_engine"},{"text":"StrongKey CryptoEngine","link":"https://csrc.nist.gov/glossary/term/strongkey_cryptoengine"}],"definitions":null},{"term":"Skill","link":"https://csrc.nist.gov/glossary/term/skill","definitions":[{"text":"The capacity to perform an observable action.","sources":[{"text":"NIST SP 800-181 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-181r1"},{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]},{"text":"an observable competence to perform a learned psychomotor act. Skills in the psychomotor domain describe the ability to physically manipulate a tool or instrument like a hand or a hammer. Skills needed for cybersecurity rely less on physical manipulation of tools and instruments and more on applying tools, frameworks, processes, and controls that have an impact on the cybersecurity posture of an organization or individual.","sources":[{"text":"NIST SP 800-181","link":"https://doi.org/10.6028/NIST.SP.800-181","note":" [Superseded]"}]}]},{"term":"Skimming","link":"https://csrc.nist.gov/glossary/term/skimming","definitions":[{"text":"The unauthorized use of a reader to read tags without the authorization or knowledge of tag’s owner or the individual in possession of the tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"SKL","link":"https://csrc.nist.gov/glossary/term/skl","abbrSyn":[{"text":"Simple Key Loader","link":"https://csrc.nist.gov/glossary/term/simple_key_loader"}],"definitions":null},{"term":"SKU","link":"https://csrc.nist.gov/glossary/term/sku","abbrSyn":[{"text":"Stock Keeping Unit","link":"https://csrc.nist.gov/glossary/term/stock_keeping_unit"}],"definitions":null},{"term":"SLA","link":"https://csrc.nist.gov/glossary/term/sla","abbrSyn":[{"text":"Service Level Agreement"},{"text":"service-level agreement"},{"text":"Service-Level Agreement"},{"text":"Service-Level Agreements"}],"definitions":[{"text":"Represents a commitment between a service provider and one or more customers and addresses specific aspects of the service, such as responsibilities, details on the type of service, expected performance level (e.g., reliability, acceptable quality, and response times), and requirements for reporting, resolution, and termination.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1","underTerm":" under service-level agreement "}]}]},{"term":"Slack Space","link":"https://csrc.nist.gov/glossary/term/slack_space","definitions":[{"text":"The unused space in a file allocation block or memory page that may hold residual data.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"SLC","link":"https://csrc.nist.gov/glossary/term/slc","abbrSyn":[{"text":"Software Lifecycle","link":"https://csrc.nist.gov/glossary/term/software_lifecycle"}],"definitions":null},{"term":"SLO","link":"https://csrc.nist.gov/glossary/term/slo","abbrSyn":[{"text":"Single Log-Out","link":"https://csrc.nist.gov/glossary/term/single_log_out"}],"definitions":null},{"term":"SLURM","link":"https://csrc.nist.gov/glossary/term/slurm","abbrSyn":[{"text":"Simplified Local Internet Number Resource Management","link":"https://csrc.nist.gov/glossary/term/simplified_local_internet_number_resource_management"}],"definitions":null},{"term":"SM","link":"https://csrc.nist.gov/glossary/term/sm","abbrSyn":[{"text":"Secure Messaging","link":"https://csrc.nist.gov/glossary/term/secure_messaging"},{"text":"Security Measure","link":"https://csrc.nist.gov/glossary/term/security_measure"},{"text":"Service Mesh","link":"https://csrc.nist.gov/glossary/term/service_mesh"}],"definitions":null},{"term":"Small and Medium-size Business","link":"https://csrc.nist.gov/glossary/term/small_and_medium_size_business","abbrSyn":[{"text":"SMB","link":"https://csrc.nist.gov/glossary/term/smb"}],"definitions":null},{"term":"Small business","link":"https://csrc.nist.gov/glossary/term/small_business","definitions":[{"text":"Small businesses are defined differently depending on the industry sector. For this publication, the definition of a small business includes for-profit, non-profit, and similar organizations with up to 500 employees. Synonymous with “Small Enterprise or Small Organization”. See the SBA website www.sba.gov for more information.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1"}]}]},{"term":"Small Business Administration","link":"https://csrc.nist.gov/glossary/term/small_business_administration","abbrSyn":[{"text":"SBA","link":"https://csrc.nist.gov/glossary/term/sba"}],"definitions":null},{"term":"Small Business Innovation Research","link":"https://csrc.nist.gov/glossary/term/small_business_innovation_research","abbrSyn":[{"text":"SBIR","link":"https://csrc.nist.gov/glossary/term/sbir"}],"definitions":null},{"term":"Small Computer System Interface","link":"https://csrc.nist.gov/glossary/term/small_computer_system_interface","abbrSyn":[{"text":"SCSI","link":"https://csrc.nist.gov/glossary/term/scsi"}],"definitions":[{"text":"A magnetic media interface specification. Small Computer System Interface.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under SCSI "}]}]},{"term":"Small Office/Home Office","link":"https://csrc.nist.gov/glossary/term/small_office_home_office","abbrSyn":[{"text":"SOHO","link":"https://csrc.nist.gov/glossary/term/soho"}],"definitions":null},{"term":"SMAP","link":"https://csrc.nist.gov/glossary/term/smap","abbrSyn":[{"text":"Supervisor Mode Access Prevention","link":"https://csrc.nist.gov/glossary/term/supervisor_mode_access_prevention"}],"definitions":null},{"term":"smart card","link":"https://csrc.nist.gov/glossary/term/smart_card","definitions":[{"text":"A credit card-sized card with embedded integrated circuits that can store, process, and communicate information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A plastic card containing a computer chip that enables the holder to purchase goods and services, enter restricted areas, access medical, financial, or other records, or perform other operations requiring data stored on the chip.100","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Smart Card "}]}]},{"term":"Smart Card Enabled Physical Access Control System","link":"https://csrc.nist.gov/glossary/term/smart_card_enabled_physical_access_control_system","abbrSyn":[{"text":"SCEPACS","link":"https://csrc.nist.gov/glossary/term/scepacs"}],"definitions":null},{"term":"smart data","link":"https://csrc.nist.gov/glossary/term/smart_data","definitions":[{"text":"Association of authority, access requirements, retention provenance and any additional information with a data object; smart data includes data provenance and data tagging.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS IAD Guidance No. 400"}]}]}]},{"term":"Smart Electric Power Alliance","link":"https://csrc.nist.gov/glossary/term/smart_electric_power_alliance","abbrSyn":[{"text":"SEPA","link":"https://csrc.nist.gov/glossary/term/sepa"}],"definitions":null},{"term":"Smart Grid Cybersecurity Committee","link":"https://csrc.nist.gov/glossary/term/smart_grid_cybersecurity_committee","abbrSyn":[{"text":"SGCC","link":"https://csrc.nist.gov/glossary/term/sgcc"}],"definitions":null},{"term":"Smart Grid Interoperability Panel","link":"https://csrc.nist.gov/glossary/term/smart_grid_interoperability_panel","abbrSyn":[{"text":"SGIP","link":"https://csrc.nist.gov/glossary/term/sgip"}],"definitions":null},{"term":"Smart Meter","link":"https://csrc.nist.gov/glossary/term/smart_meter","definitions":[{"text":"A device that includes Metrology, Communications Module, and, optionally, HAN interface. These components are typically integrated into a single physical unit suitable for installation in a standard utility meter socket. Sub-components may or may not be integrated on the printed circuit boards contained within the Smart Meter.","sources":[{"text":"NISTIR 7823","link":"https://doi.org/10.6028/NIST.IR.7823","refSources":[{"text":"SG-AMI 1-2009"}]}]}]},{"term":"SMB","link":"https://csrc.nist.gov/glossary/term/smb","abbrSyn":[{"text":"Server Message Block","link":"https://csrc.nist.gov/glossary/term/server_message_block"},{"text":"Small and Medium-size Business","link":"https://csrc.nist.gov/glossary/term/small_and_medium_size_business"},{"text":"Small and Medium-Sized Businesses"}],"definitions":null},{"term":"SMBIOS","link":"https://csrc.nist.gov/glossary/term/smbios","abbrSyn":[{"text":"System Management BIOS","link":"https://csrc.nist.gov/glossary/term/system_management_bios"}],"definitions":null},{"term":"SMBus","link":"https://csrc.nist.gov/glossary/term/smbus","abbrSyn":[{"text":"System Management Bus","link":"https://csrc.nist.gov/glossary/term/system_management_bus"}],"definitions":null},{"term":"SMC","link":"https://csrc.nist.gov/glossary/term/smc","abbrSyn":[{"text":"Secure Monitor Call","link":"https://csrc.nist.gov/glossary/term/secure_monitor_call"},{"text":"Security Mode Command","link":"https://csrc.nist.gov/glossary/term/security_mode_command"},{"text":"Stealthwatch Management Center","link":"https://csrc.nist.gov/glossary/term/stealthwatch_management_center"},{"text":"Stealthwatch Management Console","link":"https://csrc.nist.gov/glossary/term/stealthwatch_management_console"}],"definitions":null},{"term":"SME","link":"https://csrc.nist.gov/glossary/term/sme","abbrSyn":[{"text":"Secure Memory Encryption","link":"https://csrc.nist.gov/glossary/term/secure_memory_encryption"},{"text":"Subject Matter Expert","link":"https://csrc.nist.gov/glossary/term/subject_matter_expert"}],"definitions":null},{"term":"SMEP","link":"https://csrc.nist.gov/glossary/term/smep","abbrSyn":[{"text":"Supervisor Mode Execution Prevention","link":"https://csrc.nist.gov/glossary/term/supervisor_mode_execution_prevention"}],"definitions":null},{"term":"SMI","link":"https://csrc.nist.gov/glossary/term/smi","abbrSyn":[{"text":"System Management Interrupt","link":"https://csrc.nist.gov/glossary/term/system_management_interrupt"}],"definitions":null},{"term":"SMIMEA","link":"https://csrc.nist.gov/glossary/term/smimea","abbrSyn":[{"text":"S/MIME Certificate Association (Resource Record)","link":"https://csrc.nist.gov/glossary/term/s_mime_certificate_association"}],"definitions":null},{"term":"SMI-S","link":"https://csrc.nist.gov/glossary/term/smi_s","abbrSyn":[{"text":"Storage Management Initiative Specification","link":"https://csrc.nist.gov/glossary/term/storage_management_initiative_specification"}],"definitions":null},{"term":"SML","link":"https://csrc.nist.gov/glossary/term/sml","abbrSyn":[{"text":"Stored Measurement Log","link":"https://csrc.nist.gov/glossary/term/stored_measurement_log"}],"definitions":null},{"term":"SMM","link":"https://csrc.nist.gov/glossary/term/smm","abbrSyn":[{"text":"System Management Mode"}],"definitions":null},{"term":"SMOS","link":"https://csrc.nist.gov/glossary/term/smos","abbrSyn":[{"text":"Service Model Operating System","link":"https://csrc.nist.gov/glossary/term/service_model_operating_system"}],"definitions":null},{"term":"SMPC","link":"https://csrc.nist.gov/glossary/term/smpc","abbrSyn":[{"text":"Secure Multi-Party Computation","link":"https://csrc.nist.gov/glossary/term/secure_multi_party_computation"}],"definitions":null},{"term":"SMS","link":"https://csrc.nist.gov/glossary/term/sms","abbrSyn":[{"text":"Short Message Service"},{"text":"Systems Management Server","link":"https://csrc.nist.gov/glossary/term/systems_management_server"}],"definitions":[{"text":"a mobile phone network facility that allows users to send and receive alphanumeric text messages of up to 160 characters on their cell phone or other handheld device","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Short Message Service "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Short Message Service "}]}]},{"term":"SMS Chat","link":"https://csrc.nist.gov/glossary/term/sms_chat","definitions":[{"text":"A facility for exchanging messages in real-time using SMS text messaging that allows previously exchanged messages to be viewed.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"SMT","link":"https://csrc.nist.gov/glossary/term/smt","abbrSyn":[{"text":"System Management Tools","link":"https://csrc.nist.gov/glossary/term/system_management_tools"}],"definitions":null},{"term":"SMTP","link":"https://csrc.nist.gov/glossary/term/smtp","abbrSyn":[{"text":"Simple Mail Transfer Protocol"},{"text":"Simple Mail Transport Protocol"}],"definitions":[{"text":"the primary protocol used to transfer electronic mail messages on the Internet.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Mail Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Simple Mail Transfer Protocol ","refSources":[{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Simple Mail Transfer Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Simple Mail Transfer Protocol "}]}]},{"term":"Snapshot","link":"https://csrc.nist.gov/glossary/term/snapshot","definitions":[{"text":"A record of the state of a running image, generally captured as the differences between an image and the current state.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"SNI","link":"https://csrc.nist.gov/glossary/term/sni","abbrSyn":[{"text":"Server Name Indication","link":"https://csrc.nist.gov/glossary/term/server_name_indication"}],"definitions":null},{"term":"sniffer","link":"https://csrc.nist.gov/glossary/term/sniffer","abbrSyn":[{"text":"packet sniffer and passive wiretapping","link":"https://csrc.nist.gov/glossary/term/packet_sniffer_and_passive_wiretapping"}],"definitions":[{"text":"See packet sniffer and passive wiretapping.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SNMP","link":"https://csrc.nist.gov/glossary/term/snmp","abbrSyn":[{"text":"Simple Network Management Protocol"}],"definitions":null},{"term":"SNonce","link":"https://csrc.nist.gov/glossary/term/snonce","abbrSyn":[{"text":"Supplicant Number once","link":"https://csrc.nist.gov/glossary/term/supplicant_number_once"}],"definitions":null},{"term":"SNS","link":"https://csrc.nist.gov/glossary/term/sns","abbrSyn":[{"text":"Simple Name Server","link":"https://csrc.nist.gov/glossary/term/simple_name_server"}],"definitions":null},{"term":"SNTP","link":"https://csrc.nist.gov/glossary/term/sntp","abbrSyn":[{"text":"Simple Network Time Protocol","link":"https://csrc.nist.gov/glossary/term/simple_network_time_protocol"}],"definitions":null},{"term":"SO","link":"https://csrc.nist.gov/glossary/term/so","abbrSyn":[{"text":"Security Object","link":"https://csrc.nist.gov/glossary/term/security_object"},{"text":"System Owner"}],"definitions":[{"text":"Person or organization having responsibility for the development, procurement, integration, modification, operation, and maintenance, and/or final disposition of an information system.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under System Owner ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System Owner ","refSources":[{"text":"CNSSI 4009-2010"}]}]}]},{"term":"SOA","link":"https://csrc.nist.gov/glossary/term/soa","abbrSyn":[{"text":"Service Oriented Architecture"},{"text":"Service-Oriented Architecture"},{"text":"Start of Authority","link":"https://csrc.nist.gov/glossary/term/start_of_authority"}],"definitions":[{"text":"A set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functions that are built as software components (i.e., discrete pieces of code and/or data structures) that can be reused for different purposes.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Service-Oriented Architecture "}]}]},{"term":"SOAP","link":"https://csrc.nist.gov/glossary/term/soap","abbrSyn":[{"text":"Simple Object Access Protocol","link":"https://csrc.nist.gov/glossary/term/simple_object_access_protocol"}],"definitions":[{"text":"An XML-based protocol for exchanging structured information in a decentralized, distributed environment.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]}]},{"term":"SOAP Header","link":"https://csrc.nist.gov/glossary/term/soap_header","definitions":[{"text":"A collection of zero or more blocks of information prepended to a SOAP message, each of which might be targeted at any SOAP receiver within the message path.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"SOAP Message","link":"https://csrc.nist.gov/glossary/term/soap_message","definitions":[{"text":"The basic unit of communication between SOAP nodes.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary - W3C Working Group Note 11 February 2004","link":"https://www.w3.org/TR/ws-gloss/"}]}]}]},{"term":"SOAR","link":"https://csrc.nist.gov/glossary/term/soar","abbrSyn":[{"text":"Security Orchestration Automated Response","link":"https://csrc.nist.gov/glossary/term/security_orchestration_automated_response"},{"text":"security orchestration, automation, and response","link":"https://csrc.nist.gov/glossary/term/security_orchestration_automation_and_response"},{"text":"State-of-the-Art Resources","link":"https://csrc.nist.gov/glossary/term/state_of_the_art_resources"}],"definitions":null},{"term":"SOC","link":"https://csrc.nist.gov/glossary/term/soc","abbrSyn":[{"text":"Security Operations Center","link":"https://csrc.nist.gov/glossary/term/security_operations_center"},{"text":"Service Organization Control","link":"https://csrc.nist.gov/glossary/term/service_organization_control"},{"text":"System on a Chip"},{"text":"System on Chip","link":"https://csrc.nist.gov/glossary/term/system_on_chip"},{"text":"System-on-Chip"}],"definitions":null},{"term":"SOCHE","link":"https://csrc.nist.gov/glossary/term/soche","abbrSyn":[{"text":"Southwestern Ohio Council for Higher Education","link":"https://csrc.nist.gov/glossary/term/southwestern_ohio_council_for_higher_education"}],"definitions":null},{"term":"Social Security Number","link":"https://csrc.nist.gov/glossary/term/social_security_number","abbrSyn":[{"text":"SSN","link":"https://csrc.nist.gov/glossary/term/ssn"}],"definitions":null},{"term":"Society of Automotive Engineers","link":"https://csrc.nist.gov/glossary/term/society_of_automotive_engineers","abbrSyn":[{"text":"SAE","link":"https://csrc.nist.gov/glossary/term/sae"}],"definitions":null},{"term":"Society of Chemical Manufacturers and Affiliates","link":"https://csrc.nist.gov/glossary/term/society_chemical_mfrs_affiliates","abbrSyn":[{"text":"SOCMA","link":"https://csrc.nist.gov/glossary/term/socma"}],"definitions":null},{"term":"SOCKS Protocol","link":"https://csrc.nist.gov/glossary/term/socks_protocol","definitions":[{"text":"An Internet protocol to allow client applications to form a circuit-level gateway to a network firewall via a proxy service.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}]},{"term":"SOCMA","link":"https://csrc.nist.gov/glossary/term/socma","abbrSyn":[{"text":"Society of Chemical Manufacturers and Affiliates","link":"https://csrc.nist.gov/glossary/term/society_chemical_mfrs_affiliates"}],"definitions":null},{"term":"SoD","link":"https://csrc.nist.gov/glossary/term/sod","abbrSyn":[{"text":"Separation of Duty (SOD)","link":"https://csrc.nist.gov/glossary/term/separation_of_duty"}],"definitions":[{"text":"refers to the principle that no user should be given enough privileges to misuse the system on their own. For example, the person authorizing a paycheck should not also be the one who can prepare them. Separation of duties can be enforced either statically (by defining conflicting roles, i.e., roles which cannot be executed by the same user) or dynamically (by enforcing the control at access time). An example of dynamic separation of duty is the two-person rule. The first user to execute a two-person operation can be any authorized user, whereas the second user can be any authorized user different from the first [R.S. Sandhu., and P Samarati, “Access Control: Principles and Practice,” IEEE Communications Magazine 32(9), September 1994, pp. 40-48.]. There are various types of SOD, an important one is history-based SOD that regulate for example, the same subject (role) cannot access the same object for variable number of times.","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192","underTerm":" under Separation of Duty (SOD) "}]}]},{"term":"SOFA-B","link":"https://csrc.nist.gov/glossary/term/sofa_b","abbrSyn":[{"text":"Strength of Function for Authenticators – Biometrics","link":"https://csrc.nist.gov/glossary/term/strength_of_function_for_authenticators_biometrics"}],"definitions":null},{"term":"Soft fork","link":"https://csrc.nist.gov/glossary/term/soft_fork","definitions":[{"text":"A change to a blockchain implementation that is backwards compatible. Non-updated nodes can continue to transact with updated nodes.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"software","link":"https://csrc.nist.gov/glossary/term/software","abbrSyn":[{"text":"firmware","link":"https://csrc.nist.gov/glossary/term/firmware"},{"text":"hardware","link":"https://csrc.nist.gov/glossary/term/hardware"}],"definitions":[{"text":"See hardware and software.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under firmware "}]},{"text":"Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under firmware "}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under firmware ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under firmware "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer programs and associated data that may be dynamically written or modified during execution.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Software ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693","underTerm":" under Software "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The material physical components of a system. See software and firmware.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under hardware "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under hardware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under hardware "},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under hardware "}]},{"text":"The material physical components of an information system. See firmware and software.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under hardware ","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under firmware ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer programs and data stored in hardware—typically in read-only memory (ROM) or programmable read-only memory (PROM)—such that programs and data cannot be dynamically written or modified during execution of the programs. See hardware and software.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under firmware "},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under firmware "}]},{"text":"All or part of the programs, procedures, rules, and associated documentation of an information processing system.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Software ","refSources":[{"text":"ISO/IEC 19770-2"}]}]},{"text":"“Computer programs and associated data that may be dynamically written or modified during the device’s execution”","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","underTerm":" under Software ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Computer programs and associated data that may be dynamically written or modified during the device’s execution (e.g., application code, libraries).","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under Software "},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Software ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - Adapted"}]}]},{"text":"The physical components of a system. See Software and Firmware.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under hardware "}]}],"seeAlso":[{"text":"hardware","link":"hardware"},{"text":"Hardware"}]},{"term":"Software and Supply Chain Assurance","link":"https://csrc.nist.gov/glossary/term/software_and_supply_chain_assurance","abbrSyn":[{"text":"SSCA","link":"https://csrc.nist.gov/glossary/term/ssca"}],"definitions":null},{"term":"Software and Systems Division","link":"https://csrc.nist.gov/glossary/term/software_and_systems_division","abbrSyn":[{"text":"SSD","link":"https://csrc.nist.gov/glossary/term/ssd"}],"definitions":[{"text":"A Solid State Drive (SSD) is a storage device that uses solid state memory to store persistent data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under SSD "}]}]},{"term":"Software as a Service (SaaS)","link":"https://csrc.nist.gov/glossary/term/software_as_a_service","abbrSyn":[{"text":"SaaS","link":"https://csrc.nist.gov/glossary/term/saas"}],"definitions":[{"text":"The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.","sources":[{"text":"NIST SP 800-145","link":"https://doi.org/10.6028/NIST.SP.800-145"}]}]},{"term":"Software Asset Management","link":"https://csrc.nist.gov/glossary/term/software_asset_management","abbrSyn":[{"text":"Capability, Software Asset Management","link":"https://csrc.nist.gov/glossary/term/capability_software_asset_management"},{"text":"SWAM","link":"https://csrc.nist.gov/glossary/term/swam"}],"definitions":[{"text":"An ISCM capability that identifies unauthorized software on devices that is likely to be used by attackers as a platform from which to extend compromise of the network to be mitigated.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Software Asset Management "}]},{"text":"See Capability, Software Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"software assurance (SwA)","link":"https://csrc.nist.gov/glossary/term/software_assurance","abbrSyn":[{"text":"SwA","link":"https://csrc.nist.gov/glossary/term/swa"}],"definitions":[{"text":"1. The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.44","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]},{"text":"2. The planned and systematic set of activities that ensure that software life cycle processes and products conform to requirements, standards, and procedures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NASA-STD 8739.8","link":"https://standards.nasa.gov/standard/nasa/nasa-std-87398"}]}]},{"text":"The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions as intended by the purchaser or user.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Software Assurance "}]},{"text":"The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle and that the software functions in the intended manner.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Software Assurance "}]}]},{"term":"Software Assurance Automation Protocol","link":"https://csrc.nist.gov/glossary/term/software_assurance_automation_protocol","abbrSyn":[{"text":"SwAAP","link":"https://csrc.nist.gov/glossary/term/swaap"}],"definitions":null},{"term":"Software Assurance Forum for Excellence in Code","link":"https://csrc.nist.gov/glossary/term/software_assurance_forum_for_excellence_in_code","abbrSyn":[{"text":"SAFECode","link":"https://csrc.nist.gov/glossary/term/safecode"}],"definitions":null},{"term":"Software Assurance Maturity Model","link":"https://csrc.nist.gov/glossary/term/software_assurance_maturity_model","abbrSyn":[{"text":"SAMM","link":"https://csrc.nist.gov/glossary/term/samm"}],"definitions":null},{"term":"Software Assurance Reference Dataset","link":"https://csrc.nist.gov/glossary/term/software_assurance_reference_dataset","abbrSyn":[{"text":"SARD","link":"https://csrc.nist.gov/glossary/term/sard"}],"definitions":null},{"term":"Software Bill of Materials","link":"https://csrc.nist.gov/glossary/term/software_bill_of_materials","abbrSyn":[{"text":"SBOM","link":"https://csrc.nist.gov/glossary/term/sbom"}],"definitions":[{"text":"A formal record containing the details and supply chain relationships of various components used in building software. Software developers and vendors often create products by assembling existing open source and commercial software components. The SBOM enumerates these components in a product.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"E.O. 14028","link":"https://www.federalregister.gov/d/2021-10460","note":" - supra note 1, § 10(j)"}]}]}]},{"term":"software composition analysis","link":"https://csrc.nist.gov/glossary/term/software_composition_analysis","abbrSyn":[{"text":"SCA","link":"https://csrc.nist.gov/glossary/term/sca"}],"definitions":null},{"term":"software configuration management","link":"https://csrc.nist.gov/glossary/term/software_configuration_management","abbrSyn":[{"text":"SCM","link":"https://csrc.nist.gov/glossary/term/scm"}],"definitions":null},{"term":"Software Defined Network","link":"https://csrc.nist.gov/glossary/term/software_defined_network","abbrSyn":[{"text":"SDN","link":"https://csrc.nist.gov/glossary/term/sdn"}],"definitions":null},{"term":"Software Defined Perimeter","link":"https://csrc.nist.gov/glossary/term/software_defined_perimeter","abbrSyn":[{"text":"SDP","link":"https://csrc.nist.gov/glossary/term/sdp"}],"definitions":null},{"term":"Software Defined Wide Area Network","link":"https://csrc.nist.gov/glossary/term/software_defined_wide_area_network","abbrSyn":[{"text":"SDWAN","link":"https://csrc.nist.gov/glossary/term/sdwan"},{"text":"SD-WAN","link":"https://csrc.nist.gov/glossary/term/sd_wan"}],"definitions":null},{"term":"Software Delegated Exception Interface","link":"https://csrc.nist.gov/glossary/term/software_delegated_exception_interface","abbrSyn":[{"text":"SDEI","link":"https://csrc.nist.gov/glossary/term/sdei"}],"definitions":null},{"term":"Software Development Kit","link":"https://csrc.nist.gov/glossary/term/software_development_kit","abbrSyn":[{"text":"SDK","link":"https://csrc.nist.gov/glossary/term/sdk"}],"definitions":null},{"term":"Software Development Life Cycle","link":"https://csrc.nist.gov/glossary/term/software_development_life_cycle","abbrSyn":[{"text":"SDLC","link":"https://csrc.nist.gov/glossary/term/sdlc"}],"definitions":[{"text":"A formal or informal methodology for designing, creating, and maintaining software (including code built into hardware).","sources":[{"text":"NIST SP 800-218","link":"https://doi.org/10.6028/NIST.SP.800-218"}]}]},{"term":"Software Engineering Institute","link":"https://csrc.nist.gov/glossary/term/software_engineering_institute","abbrSyn":[{"text":"SEI","link":"https://csrc.nist.gov/glossary/term/sei"}],"definitions":null},{"term":"Software Guard eXtensions","link":"https://csrc.nist.gov/glossary/term/software_guard_extensions","abbrSyn":[{"text":"SGX","link":"https://csrc.nist.gov/glossary/term/sgx"}],"definitions":null},{"term":"Software Identification","link":"https://csrc.nist.gov/glossary/term/software_identification","abbrSyn":[{"text":"SWID","link":"https://csrc.nist.gov/glossary/term/swid"},{"text":"SWID Tag","link":"https://csrc.nist.gov/glossary/term/swid_tag"}],"definitions":[{"text":"A SWID tag is an ISO 19770-2 compliant XML file describing a software product. It is typically digitally signed by the software manufacturer to verify its validity. Ideally, for purposes of software asset management, the SWID tag will contain the digests (digital fingerprints) of each software file installed or placed on the device with the product.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under SWID Tag "}]}]},{"term":"software identification (SWID) tag","link":"https://csrc.nist.gov/glossary/term/software_identification_tag","definitions":[{"text":"A set of structured data elements containing authoritative identification information about a software component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 19770-2"}]}]}]},{"term":"Software Inventory Message and Attributes","link":"https://csrc.nist.gov/glossary/term/software_inventory_message_and_attributes","abbrSyn":[{"text":"SWIMA","link":"https://csrc.nist.gov/glossary/term/swima"}],"definitions":null},{"term":"Software Lifecycle","link":"https://csrc.nist.gov/glossary/term/software_lifecycle","abbrSyn":[{"text":"SLC","link":"https://csrc.nist.gov/glossary/term/slc"}],"definitions":null},{"term":"Software Measures and Metrics to Reduce Security Vulnerabilities","link":"https://csrc.nist.gov/glossary/term/software_measures_and_metrics_to_reduce_security_vulnerabilities","abbrSyn":[{"text":"SwMM-RSV","link":"https://csrc.nist.gov/glossary/term/swmm_rsv"}],"definitions":null},{"term":"software product and executable file version","link":"https://csrc.nist.gov/glossary/term/software_product_and_executable_file_version","definitions":[{"text":"A patch level versioning of the software product or digital fingerprint version of a software file.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Software Restriction Policy","link":"https://csrc.nist.gov/glossary/term/software_restriction_policy","abbrSyn":[{"text":"SRP","link":"https://csrc.nist.gov/glossary/term/srp"}],"definitions":null},{"term":"software supply chain","link":"https://csrc.nist.gov/glossary/term/software_supply_chain","abbrSyn":[{"text":"SSC","link":"https://csrc.nist.gov/glossary/term/ssc"}],"definitions":null},{"term":"software system test and evaluation process","link":"https://csrc.nist.gov/glossary/term/software_system_test_and_evaluation_process","definitions":[{"text":"Process that plans, develops, and documents the qualitative/quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Software-Defined Data Center","link":"https://csrc.nist.gov/glossary/term/software_defined_data_center","abbrSyn":[{"text":"SDDC","link":"https://csrc.nist.gov/glossary/term/sddc"}],"definitions":null},{"term":"Software-Defined Networking","link":"https://csrc.nist.gov/glossary/term/software_defined_networking","abbrSyn":[{"text":"SDN","link":"https://csrc.nist.gov/glossary/term/sdn"}],"definitions":null},{"term":"Software-Defined Storage","link":"https://csrc.nist.gov/glossary/term/software_defined_storage","abbrSyn":[{"text":"SDS","link":"https://csrc.nist.gov/glossary/term/sds"}],"definitions":null},{"term":"SOHO","link":"https://csrc.nist.gov/glossary/term/soho","abbrSyn":[{"text":"Small Office Home Office"},{"text":"Small Office/Home Office","link":"https://csrc.nist.gov/glossary/term/small_office_home_office"}],"definitions":null},{"term":"Solid-State Drive","link":"https://csrc.nist.gov/glossary/term/solid_state_drive","abbrSyn":[{"text":"SSD","link":"https://csrc.nist.gov/glossary/term/ssd"}],"definitions":[{"text":"A Solid State Drive (SSD) is a storage device that uses solid state memory to store persistent data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under SSD "}]}]},{"term":"SoM","link":"https://csrc.nist.gov/glossary/term/som","abbrSyn":[{"text":"Strength of Mechanism"}],"definitions":null},{"term":"SONET","link":"https://csrc.nist.gov/glossary/term/sonet","abbrSyn":[{"text":"Synchronous Optical Network","link":"https://csrc.nist.gov/glossary/term/synchronous_optical_network"}],"definitions":null},{"term":"SOP","link":"https://csrc.nist.gov/glossary/term/sop","abbrSyn":[{"text":"Standard Operating Procedure"},{"text":"Standard operating procedures","link":"https://csrc.nist.gov/glossary/term/standard_operating_procedures"},{"text":"Standard Operating Procedures"}],"definitions":null},{"term":"SoR","link":"https://csrc.nist.gov/glossary/term/sor","abbrSyn":[{"text":"Statement of Requirements","link":"https://csrc.nist.gov/glossary/term/statement_of_requirements"}],"definitions":[{"text":"A system of records is a group of records under the control of a Federal agency which contains a personal identifier (such as a name, date of birth, finger print, Social Security Number, and Employee Number) and one other item of personal data (such as home address, performance rating, and blood type) from which information is retrieved using a personal identifier.","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under SOR "}]}]},{"term":"SORN","link":"https://csrc.nist.gov/glossary/term/sorn","abbrSyn":[{"text":"System of Records Notice"}],"definitions":[{"text":"The Privacy Act requires each agency to publish a notice of its systems of records in the Federal Register. This is called a System of Record Notice (SORN).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2"}]},{"text":"An official public notice of an organization’s system(s) of records, as required by the Privacy Act of 1974, that identifies: (i) the purpose for the system of records; (ii) the individuals covered by information in the system of records; (iii) the categories of records maintained about individuals; and (iv) the ways in which the information is shared.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System of Records Notice "}]}]},{"term":"SoS","link":"https://csrc.nist.gov/glossary/term/sos","abbrSyn":[{"text":"System of Systems"}],"definitions":null},{"term":"Source Address","link":"https://csrc.nist.gov/glossary/term/source_address","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":null},{"term":"Source Address Validation","link":"https://csrc.nist.gov/glossary/term/source_address_validation","abbrSyn":[{"text":"SAV","link":"https://csrc.nist.gov/glossary/term/sav"}],"definitions":null},{"term":"Source authentication","link":"https://csrc.nist.gov/glossary/term/source_authentication","definitions":[{"text":"A process that provides assurance of the source of information.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"The process of providing assurance about the source of information. Sometimes called identity authentication or origin authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]},{"text":"The process of providing assurance about the source of information. Sometimes called origin authentication. Compare with Entity authentication.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"The process of providing assurance about the source of information; sometimes called data-origin authentication. Compare with Identity authentication.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]},{"text":"The process of providing assurance about the source of information. Sometimes called origin authentication. Compare with Identity authentication.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}],"seeAlso":[{"text":"Entity authentication","link":"entity_authentication"}]},{"term":"Source content","link":"https://csrc.nist.gov/glossary/term/source_content","definitions":[{"text":"Part or all of SCAP source data streams.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Source Name","link":"https://csrc.nist.gov/glossary/term/source_name","definitions":[{"text":"A single WFN that a matching engine compares to a target WFN to determine whether or not there is a source-to-target match. (This is the X value in the CPE 2.2 matching algorithm.)","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"Source of Randomness","link":"https://csrc.nist.gov/glossary/term/source_of_randomness","abbrSyn":[{"text":"Randomness Source","link":"https://csrc.nist.gov/glossary/term/randomness_source"}],"definitions":[{"text":"A component of a DRBG (which consists of a DRBG mechanism and a randomness source) that outputs bitstrings that are used as entropy input by the DRBG mechanism. The randomness source can be an entropy source or an RBG.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Randomness Source "}]},{"text":"See Randomness Source.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Source Restriction","link":"https://csrc.nist.gov/glossary/term/source_restriction","definitions":[{"text":"A restriction configured for an authorized key that limits the IP addresses or host names from which login using the key may take place. In some SSH implementations, source restrictions can be configured by using a \"from=\" restriction in an authorized keys file.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"Source Value","link":"https://csrc.nist.gov/glossary/term/source_value","definitions":[{"text":"A single value that a matching engine compares to a corresponding target value to determine whether or not there is a source-to-target match. Source values include A-V pairs or set relation values (e.g., superset or subset).","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"Source-based Remotely Triggered Black-Holing","link":"https://csrc.nist.gov/glossary/term/source_based_remotely_triggered_black_holing","abbrSyn":[{"text":"S/RTBH","link":"https://csrc.nist.gov/glossary/term/s_rtbh"}],"definitions":null},{"term":"Sources Sought Notice","link":"https://csrc.nist.gov/glossary/term/sources_sought_notice","definitions":[{"text":"A synopsis posted by a government agency that states they are seeking possible sources for a project. It is not a solicitation for work, nor is it a request for proposal.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"FAR, Subpart 7.3","link":"https://www.acquisition.gov/browse/index/far"},{"text":"OMB Circular A-76","link":"https://georgewbush-whitehouse.archives.gov/omb/circulars/a076/a76_incl_tech_correction.html"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"FAR, Subpart 7.3","link":"https://www.acquisition.gov/browse/index/far"},{"text":"OMB Circular A-76","link":"https://georgewbush-whitehouse.archives.gov/omb/circulars/a076/a76_incl_tech_correction.html"}]}]}]},{"term":"Southwestern Ohio Council for Higher Education","link":"https://csrc.nist.gov/glossary/term/southwestern_ohio_council_for_higher_education","abbrSyn":[{"text":"SOCHE","link":"https://csrc.nist.gov/glossary/term/soche"}],"definitions":null},{"term":"SOW","link":"https://csrc.nist.gov/glossary/term/sow","abbrSyn":[{"text":"Statement of Work"}],"definitions":[{"text":"The SOW details what the developer must do in the performance of the contract. Documentation developed under the contract, for example, is specified in the SOW. Security assurance requirements, which detail many aspects of the processes the developer follows and what evidence must be provided to assure the organization that the processes have been conducted correctly and completely, may also be specified in the SOW.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Statement of Work ","refSources":[{"text":"NIST SP 800-64 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-64r2"}]}]}]},{"term":"SOX","link":"https://csrc.nist.gov/glossary/term/sox","abbrSyn":[{"text":"Sarbanes-Oxley"},{"text":"Sarbanes-Oxley Act","link":"https://csrc.nist.gov/glossary/term/sarbanes_oxley_act"}],"definitions":null},{"term":"SP","link":"https://csrc.nist.gov/glossary/term/sp","abbrSyn":[{"text":"(NIST) Special Publication"},{"text":"NIST Special Publication","link":"https://csrc.nist.gov/glossary/term/nist_special_publication"},{"text":"Secure Partition","link":"https://csrc.nist.gov/glossary/term/secure_partition"},{"text":"Service Pack"},{"text":"Service Processor","link":"https://csrc.nist.gov/glossary/term/service_processor"},{"text":"Service Provider","link":"https://csrc.nist.gov/glossary/term/service_provider"},{"text":"Special Publication"},{"text":"Special Publication (NIST)"},{"text":"Special Publications"}],"definitions":[{"text":"Include proceedings of conferences sponsored by NIST, NIST annual reports, and other special publications appropriate to this grouping such as wall charts, pocket cards, and bibliographies.","sources":[{"text":"NIST SP 800-19","link":"https://doi.org/10.6028/NIST.SP.800-19","note":" [Withdrawn]","underTerm":" under Special Publications "}]},{"text":"Microsoft’s term for a collection of patches integrated into a single large update.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under Service Pack "}]},{"text":"A provider of basic services or value-added services for operation of a network; generally refers to public carriers and other commercial enterprises.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Service Provider ","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Service Provider ","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Service Provider ","refSources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"text":"A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. The 1800 series reports the results of NCCoE demonstration projects.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "}]},{"text":"A type of publication issued by NIST. Specifically, the Special Publication 800-series reports on the Information Technology Laboratory's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. The 1800 series reports the results of National Cybersecurity Center of Excellence demonstration projects.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Special Publication "}]},{"text":"A provider of basic services or value-added services for operation of a network ­ generally refers to public carriers and other commercial enterprises.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under Service Provider "}]}]},{"term":"SPA","link":"https://csrc.nist.gov/glossary/term/spa","abbrSyn":[{"text":"Simple Power Analysis","link":"https://csrc.nist.gov/glossary/term/simple_power_analysis"}],"definitions":null},{"term":"Space Policy Directive","link":"https://csrc.nist.gov/glossary/term/space_policy_directive","abbrSyn":[{"text":"SPD","link":"https://csrc.nist.gov/glossary/term/spd"}],"definitions":null},{"term":"space structures","link":"https://csrc.nist.gov/glossary/term/space_structures","definitions":[{"text":"Any human-made assets in space, including “space debris” or “space junk” that is no longer in use for any business or mission need.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"spam","link":"https://csrc.nist.gov/glossary/term/spam","definitions":[{"text":"Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Spam ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Spam ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Unsolicited bulk commercial email messages.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under Spam "}]},{"text":"The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Spam "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Unsolicited email.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Spam "}]}]},{"term":"SPAN","link":"https://csrc.nist.gov/glossary/term/span","abbrSyn":[{"text":"Switch Port Analyzer"},{"text":"Switched Port Analyzer","link":"https://csrc.nist.gov/glossary/term/switched_port_analyzer"}],"definitions":null},{"term":"SPARQL","link":"https://csrc.nist.gov/glossary/term/sparql","definitions":[{"text":"SPARQL Protocol and RDF Query Language","sources":[{"text":"NISTIR 7815","link":"https://doi.org/10.6028/NIST.IR.7815"}]}]},{"term":"SPD","link":"https://csrc.nist.gov/glossary/term/spd","abbrSyn":[{"text":"Security Policy Database"},{"text":"Space Policy Directive","link":"https://csrc.nist.gov/glossary/term/space_policy_directive"}],"definitions":null},{"term":"SPDM","link":"https://csrc.nist.gov/glossary/term/spdm","abbrSyn":[{"text":"Security Protocol and Data Model","link":"https://csrc.nist.gov/glossary/term/security_protocol_and_data_model"}],"definitions":null},{"term":"spear phishing","link":"https://csrc.nist.gov/glossary/term/spear_phishing","definitions":[{"text":"A colloquial term that can be used to describe any highly targeted phishing attack.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoJ Report on Phishing","link":"https://www.justice.gov/sites/default/files/opa/legacy/2006/11/21/report_on_phishing.pdf"}]}]}]},{"term":"special access program","link":"https://csrc.nist.gov/glossary/term/special_access_program","abbrSyn":[{"text":"SAP","link":"https://csrc.nist.gov/glossary/term/sap"}],"definitions":[{"text":"A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Special Access Program ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"special access program facility","link":"https://csrc.nist.gov/glossary/term/special_access_program_facility","abbrSyn":[{"text":"SAPF","link":"https://csrc.nist.gov/glossary/term/sapf"}],"definitions":[{"text":"A specific physical space that has been formally accredited in writing by the cognizant program security officer (PSO) that satisfies the criteria for generating, safeguarding, handling, discussing, and storing classified or unclassified program information, hardware, and materials.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDM 5205.07 Vol. 1","link":"https://www.esd.whs.mil/Directives/issuances/dodm/"}]}]}]},{"term":"special category","link":"https://csrc.nist.gov/glossary/term/special_category","definitions":[{"text":"Sensitive compartmented information (SCI), special access program (SAP) information, or other compartment information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"special character","link":"https://csrc.nist.gov/glossary/term/special_character","definitions":[{"text":"Any non-alphanumeric character that can be rendered on a standard, American-English keyboard. Use of a specific special character may be application dependent. The list of 7-bit ASCII special characters follows: ` ~! @ # $ % ^ & * ( ) _ + | } { “ : ? > < [ ] \\ ; ’ , . / - =","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A non-alphanumeric character that may be defined by one or more CPE specifications to have a special meaning when it appears unquoted in a WFN. Special characters typically trigger a processor to perform a given function. The rules for escaping CPE special characters are defined in the CPE Naming specification [CPE23-N:5.3.2].","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696","underTerm":" under Special Character "}]}]},{"term":"Special Cyber Operations Research and Engineering","link":"https://csrc.nist.gov/glossary/term/special_cyber_operations_research_and_engineering","abbrSyn":[{"text":"SCORE","link":"https://csrc.nist.gov/glossary/term/score"}],"definitions":null},{"term":"Special Interest Group","link":"https://csrc.nist.gov/glossary/term/special_interest_group","abbrSyn":[{"text":"SIG","link":"https://csrc.nist.gov/glossary/term/sig_acronym"}],"definitions":null},{"term":"Specialized Security-Limited Functionality","link":"https://csrc.nist.gov/glossary/term/specialized_security_limited_functionality","abbrSyn":[{"text":"SSLF","link":"https://csrc.nist.gov/glossary/term/sslf"}],"definitions":null},{"term":"Specialized Security-Limited Functionality (SSLF) Environment","link":"https://csrc.nist.gov/glossary/term/specialized_security_limited_functionality_environment","definitions":[{"text":"A Custom environment that is highly restrictive and secure; it is usually reserved for systems that have the highest threats and associated impacts.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]},{"text":"Environment encompassing systems with specialized security requirements, in which higher security needs typically result in more limited functionality.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"}]},{"text":"Custom environment encompassing systems with specialized security requirements, in which higher security needs typically result in more limited functionality.","sources":[{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]}]},{"term":"Specific","link":"https://csrc.nist.gov/glossary/term/specific","abbrSyn":[{"text":"S","link":"https://csrc.nist.gov/glossary/term/s_uppercase"}],"definitions":[{"text":"The desired security strength for a digital signature.","sources":[{"text":"NIST SP 800-106","link":"https://doi.org/10.6028/NIST.SP.800-106","underTerm":" under S "}]},{"text":"The summation symbol.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a","underTerm":" under S "}]},{"text":"String of bytes.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under S "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under S "}]}]},{"term":"specification","link":"https://csrc.nist.gov/glossary/term/specification","abbrSyn":[{"text":"security specification","link":"https://csrc.nist.gov/glossary/term/security_specification"}],"definitions":[{"text":"An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, architectural designs) associated with a system.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"The requirements for the security-relevant portion of the system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under security specification "}]},{"text":"An information item that identifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other expected characteristics of a system, service, or process.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15289:2019","link":"https://www.iso.org/standard/74909.html"}]}]},{"text":"An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Specification ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, architectural designs) associated with an information system.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Specification "}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied. See specification requirement.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"IEEE 610.12-1990"}]}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied. \nRefer to security specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]},{"text":"The requirements for the security-relevant portion of the system. \nNote: The security specification may be provided as a separate document or may be captured with a broader specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security specification "}]},{"text":"The requirements for the security-relevant portion of the system.\nNote: The security specification may be provided as a separate document or may be captured with a broader specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under security specification "}]},{"text":"A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied.\nRefer to security specification.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]}],"seeAlso":[{"text":"specification requirement","link":"specification_requirement"}]},{"term":"Specification Limit","link":"https://csrc.nist.gov/glossary/term/specification_limit","abbrSyn":[{"text":"Limit, Specification","link":"https://csrc.nist.gov/glossary/term/limit_specification"}],"definitions":[{"text":"A condition indicating that risk has exceeded acceptable levels and that immediate action is needed to reduce the risk, or the system/assessment object may need to be removed from production (lose authority to operate).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Limit, Specification "}]},{"text":"See Limit, Specification.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"specification requirement","link":"https://csrc.nist.gov/glossary/term/specification_requirement","definitions":[{"text":"A type of requirement that provides a specification for a specific capability that implements all or part of a control and that may be assessed (i.e., as part of the verification, validation, testing, and evaluation processes).","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}],"seeAlso":[{"text":"specification","link":"specification"}]},{"term":"Specification versioning","link":"https://csrc.nist.gov/glossary/term/specification_versioning","definitions":[{"text":"The process of denoting a revision to a specification by changing its version number.","sources":[{"text":"NIST SP 800-126A","link":"https://doi.org/10.6028/NIST.SP.800-126A"}]}]},{"term":"SPF","link":"https://csrc.nist.gov/glossary/term/spf","abbrSyn":[{"text":"Sender Policy Framework","link":"https://csrc.nist.gov/glossary/term/sender_policy_framework"}],"definitions":null},{"term":"SPI","link":"https://csrc.nist.gov/glossary/term/spi","abbrSyn":[{"text":"Security Parameters Index"},{"text":"Serial Peripheral Interface","link":"https://csrc.nist.gov/glossary/term/serial_peripheral_interface"}],"definitions":[{"text":"Arbitrarily chosen value that acts as a unique identifier for an IPsec connection.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Security Parameters Index "}]}]},{"term":"SPIFFE","link":"https://csrc.nist.gov/glossary/term/spiffe","abbrSyn":[{"text":"Secure Production Identity Framework for Everyone","link":"https://csrc.nist.gov/glossary/term/secure_production_identity_framework_for_everyone"}],"definitions":null},{"term":"SPIFFE Runtime Environment","link":"https://csrc.nist.gov/glossary/term/spiffe_runtime_environment","abbrSyn":[{"text":"SPIRE","link":"https://csrc.nist.gov/glossary/term/spire"}],"definitions":null},{"term":"SPIFFE Verifiable Identity Document","link":"https://csrc.nist.gov/glossary/term/spiffe_verifiable_identity_document","abbrSyn":[{"text":"SVID","link":"https://csrc.nist.gov/glossary/term/svid"}],"definitions":null},{"term":"spillage","link":"https://csrc.nist.gov/glossary/term/spillage","abbrSyn":[{"text":"classified information spillage"},{"text":"contamination","link":"https://csrc.nist.gov/glossary/term/contamination"},{"text":"data spillage","link":"https://csrc.nist.gov/glossary/term/data_spillage"}],"definitions":[{"text":"Security incident that occurs whenever classified data is spilled either onto an unclassified information system or to an information system with a lower level of classification or different security category. \nRationale: Spillage encompasses this term.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under classified information spillage "}]},{"text":"See spillage.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under contamination "},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under data spillage "}]},{"text":"Security incident that results in the transfer of classified information onto an information system not authorized to store or process that information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SPIRE","link":"https://csrc.nist.gov/glossary/term/spire","abbrSyn":[{"text":"SPIFFE Runtime Environment","link":"https://csrc.nist.gov/glossary/term/spiffe_runtime_environment"}],"definitions":null},{"term":"SPK","link":"https://csrc.nist.gov/glossary/term/spk","abbrSyn":[{"text":"Single Point Key(ing)"}],"definitions":null},{"term":"SPKI","link":"https://csrc.nist.gov/glossary/term/spki","abbrSyn":[{"text":"SubjectPublicKeyInfo","link":"https://csrc.nist.gov/glossary/term/subjectpublickeyinfo"}],"definitions":null},{"term":"SPKM","link":"https://csrc.nist.gov/glossary/term/spkm","abbrSyn":[{"text":"Simple Public-Key GSS-API Mechanism","link":"https://csrc.nist.gov/glossary/term/simple_public_key_gss_api_mechanism"}],"definitions":null},{"term":"SPL","link":"https://csrc.nist.gov/glossary/term/spl","abbrSyn":[{"text":"Structured Product Labeling","link":"https://csrc.nist.gov/glossary/term/structured_product_labeling"}],"definitions":null},{"term":"split knowledge","link":"https://csrc.nist.gov/glossary/term/split_knowledge","definitions":[{"text":"2. A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" - Adapted"}]}]},{"text":"1. Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A process by which a cryptographic key is split into n key components, each of which provides no knowledge of the original key. The components can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to construct the original key, then knowledge of any k – 1 key components provides no information about the original key other than, possibly, its length. \nNote that in this Recommendation, split knowledge is not intended to cover key shares, such as those used in threshold or multi-party signatures.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Split knowledge "}]},{"text":"A process by which a cryptographic key is split into n key shares, each of which provides no knowledge of the key. The shares can be subsequently combined to create or recreate a cryptographic key or to perform independent cryptographic operations on the data to be protected using each key share. If knowledge of k (where k is less than or equal to n) shares is required to construct the key, then knowledge of any k – 1 key shares provides no information about the key other than, possibly, its length.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Split knowledge "}]},{"text":"A process by which a cryptographic key is split into n multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to construct the original key, then knowledge of any k-1 key components provides no information about the original key other than, possibly, its length. Note that in this document, split knowledge is not intended to cover key shares, such as those used in threshold or multi-party signatures.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Split knowledge "}]}]},{"term":"split tunneling","link":"https://csrc.nist.gov/glossary/term/split_tunneling","definitions":[{"text":"A method that routes organization-specific traffic through the SSL VPN tunnel, but routes other traffic through the remote user's default gateway.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Split Tunneling "}]},{"text":"The process of allowing a remote user or device to establish a non-remote connection with a system and simultaneously communicate via some other connection to a resource in an external network. This method of network access enables a user to access remote devices (e.g., a networked printer) at the same time as accessing uncontrolled networks.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"The process of allowing a remote user or device to establish a non-remote connection with a system and simultaneously communicate via some other connection to a resource in an external network. This method of network access enables a user to access remote devices, and simultaneously, access uncontrolled networks.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"SPM","link":"https://csrc.nist.gov/glossary/term/spm","abbrSyn":[{"text":"Secure Partition Manager","link":"https://csrc.nist.gov/glossary/term/secure_partition_manager"}],"definitions":null},{"term":"SPN","link":"https://csrc.nist.gov/glossary/term/spn","abbrSyn":[{"text":"Service Principal Name","link":"https://csrc.nist.gov/glossary/term/service_principal_name"},{"text":"Substitution–Permutation Network","link":"https://csrc.nist.gov/glossary/term/substitution_permutation_network"}],"definitions":null},{"term":"Sponge Construction","link":"https://csrc.nist.gov/glossary/term/sponge_construction","definitions":[{"text":"The method originally specified in [Cryptographic sponge functions, version 0.1] for defining a function from the following: 1) an underlying function on bit strings of a fixed length, 2) a padding rule, and 3) a rate. Both the input and the output of the resulting function are bit strings that can be arbitrarily long.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"Sponge Function","link":"https://csrc.nist.gov/glossary/term/sponge_function","definitions":[{"text":"A function that is defined according to the sponge construction, possibly specialized to a fixed output length.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]}]},{"term":"sponsor","link":"https://csrc.nist.gov/glossary/term/sponsor","definitions":[{"text":"Submits a Derived PIV Credential request on behalf of the applicant.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"}]}]},{"term":"Sponsor (of a certificate)","link":"https://csrc.nist.gov/glossary/term/sponsor_of_a_certificate","definitions":[{"text":"A human entity that is responsible for managing a certificate for the non-human entity identified as the subject in the certificate (e.g., applying for the certificate; generating the key pair; replacing the certificate, when required; and revoking the certificate). Note that a certificate sponsor is also a sponsor of the public key in the certificate and the corresponding private key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A human entity that is responsible for managing a certificate for the non-human entity identified as the subject in the certificate (e.g., a device, application or process). Certificate management includes applying for the certificate, generating the key pair, replacing the certificate when required, and revoking the certificate). Note that a certificate sponsor is also a sponsor of the public key in the certificate and the corresponding private key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"Sponsor (of a key)","link":"https://csrc.nist.gov/glossary/term/sponsor_of_a_key","definitions":[{"text":"A human entity that is responsible for managing a key for the non-human entity (e.g., device, application or process) that is authorized to use the key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"A human entity that is responsible for managing a key for the non-human entity (e.g., organization, device, application or process) that is authorized to use the key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"spoofing","link":"https://csrc.nist.gov/glossary/term/spoofing","definitions":[{"text":"Two classes of spoofing include (1) measurement spoofing: introduces signal or signal delay that cause the target receiver to produce incorrect measurements of time of arrival or frequency of arrival or their rates of change; and (2) data spoofing: introduces incorrect digital data to the target receiver for its use in processing of signals and the calculation of PNT.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"DHS GPS CI","note":" - adapted"}]}]},{"text":"Within the context of this document, spoofing includes manipulation of legitimate GNSS signals with intent to corrupt PNT data or signal measurement integrity. For example, it includes, but is not limited to: the transmission of delayed or false GNSS signals with intent to manipulate an asset’s computed position or time and frequency.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1"}]},{"text":"Faking the sending address of a transmission to gain illegal entry into a secure system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"SPP","link":"https://csrc.nist.gov/glossary/term/spp","abbrSyn":[{"text":"Security and Privacy Profile","link":"https://csrc.nist.gov/glossary/term/security_and_privacy_profile"}],"definitions":null},{"term":"Sprawl","link":"https://csrc.nist.gov/glossary/term/sprawl","definitions":[{"text":"The proliferation of images.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"spread spectrum","link":"https://csrc.nist.gov/glossary/term/spread_spectrum","definitions":[{"text":"Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SPS","link":"https://csrc.nist.gov/glossary/term/sps","abbrSyn":[{"text":"Standard Positioning Service","link":"https://csrc.nist.gov/glossary/term/standard_positioning_service"}],"definitions":null},{"term":"SPS FW","link":"https://csrc.nist.gov/glossary/term/sps_fw","abbrSyn":[{"text":"Server Platform Services Firmware","link":"https://csrc.nist.gov/glossary/term/server_platform_services_firmware"}],"definitions":null},{"term":"SPSC","link":"https://csrc.nist.gov/glossary/term/spsc","abbrSyn":[{"text":"Signal Processing for Space Communications Workshop","link":"https://csrc.nist.gov/glossary/term/signal_processing_for_space_communications_workshop"}],"definitions":null},{"term":"SPSD","link":"https://csrc.nist.gov/glossary/term/spsd","abbrSyn":[{"text":"State Public Safety Department","link":"https://csrc.nist.gov/glossary/term/state_public_safety_department"}],"definitions":null},{"term":"SPT","link":"https://csrc.nist.gov/glossary/term/spt","abbrSyn":[{"text":"Security Policy Templates","link":"https://csrc.nist.gov/glossary/term/security_policy_templates"}],"definitions":null},{"term":"spyware","link":"https://csrc.nist.gov/glossary/term/spyware","definitions":[{"text":"Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Spyware ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Spyware "}]},{"text":"Software that is secretly or surreptitiously installed into a system to gather information on individuals or organizations without their knowledge; a type of malicious code.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Spyware ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Software that is secretly or surreptitiously installed onto an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Spyware ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Spyware "}]},{"text":"A program embedded within an application that collects information and periodically communicates back to its home site, unbeknownst to the user.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Spyware "}]},{"text":"Malware intended to violate a user’s privacy.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under Spyware "}]},{"text":"Malware specifically intended to violate a user’s privacy.","sources":[{"text":"NIST SP 800-69","link":"https://doi.org/10.6028/NIST.SP.800-69","note":" [Withdrawn]","underTerm":" under Spyware "}]}]},{"term":"SQL","link":"https://csrc.nist.gov/glossary/term/sql","abbrSyn":[{"text":"Structured query language"},{"text":"Structured Query Language","link":"https://csrc.nist.gov/glossary/term/structured_query_language"}],"definitions":null},{"term":"SQL injection","link":"https://csrc.nist.gov/glossary/term/sql_injection","definitions":[{"text":"Attacks that look for web sites that pass insufficiently-processed user input to database back-ends","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682"}]}]},{"term":"SQL Server Management Studio","link":"https://csrc.nist.gov/glossary/term/sql_server_management_studio","abbrSyn":[{"text":"SSMS","link":"https://csrc.nist.gov/glossary/term/ssms"}],"definitions":null},{"term":"SQLi","link":"https://csrc.nist.gov/glossary/term/sqli","abbrSyn":[{"text":"Structured Query Language Injection","link":"https://csrc.nist.gov/glossary/term/structured_query_language_injection"}],"definitions":null},{"term":"SQN","link":"https://csrc.nist.gov/glossary/term/sqn","abbrSyn":[{"text":"Sequence Number","link":"https://csrc.nist.gov/glossary/term/sequence_number"}],"definitions":null},{"term":"square","link":"https://csrc.nist.gov/glossary/term/square","definitions":[{"text":"The property that some element \\(x\\) of a finite field \\(\\mathbf{GF}(q)\\) can be written as \\(x=z^2\\) for some element \\(z\\) in the same field \\(\\mathbf{GF}(q)\\).","sources":[{"text":"NIST SP 800-186","link":"https://doi.org/10.6028/NIST.SP.800-186"}]}]},{"term":"SRA","link":"https://csrc.nist.gov/glossary/term/sra","abbrSyn":[{"text":"Security Reference Architecture","link":"https://csrc.nist.gov/glossary/term/security_reference_architecture"},{"text":"Security Risk Assessment","link":"https://csrc.nist.gov/glossary/term/security_risk_assessment"},{"text":"Sequence Read Archive","link":"https://csrc.nist.gov/glossary/term/sequence_read_archive"}],"definitions":null},{"term":"SRAM","link":"https://csrc.nist.gov/glossary/term/sram","abbrSyn":[{"text":"Static Random Access Memory","link":"https://csrc.nist.gov/glossary/term/static_random_access_memory"}],"definitions":null},{"term":"SRB","link":"https://csrc.nist.gov/glossary/term/srb","abbrSyn":[{"text":"Signaling Radio Bearer","link":"https://csrc.nist.gov/glossary/term/signaling_radio_bearer"}],"definitions":null},{"term":"SRES","link":"https://csrc.nist.gov/glossary/term/sres","abbrSyn":[{"text":"Signed Response","link":"https://csrc.nist.gov/glossary/term/signed_response"}],"definitions":null},{"term":"SRG","link":"https://csrc.nist.gov/glossary/term/srg","abbrSyn":[{"text":"Security Requirements Guide"}],"definitions":null},{"term":"sRGB","link":"https://csrc.nist.gov/glossary/term/srgb","abbrSyn":[{"text":"Standard Red Green Blue","link":"https://csrc.nist.gov/glossary/term/standard_red_green_blue"}],"definitions":null},{"term":"SRK","link":"https://csrc.nist.gov/glossary/term/srk","abbrSyn":[{"text":"Storage Root Key","link":"https://csrc.nist.gov/glossary/term/storage_root_key"}],"definitions":null},{"term":"SRM","link":"https://csrc.nist.gov/glossary/term/srm","abbrSyn":[{"text":"Service Component Reference Model","link":"https://csrc.nist.gov/glossary/term/service_component_reference_model"},{"text":"Site Recovery Manager","link":"https://csrc.nist.gov/glossary/term/site_recovery_manager"}],"definitions":null},{"term":"SRP","link":"https://csrc.nist.gov/glossary/term/srp","abbrSyn":[{"text":"Server Routing Protocol","link":"https://csrc.nist.gov/glossary/term/server_routing_protocol"},{"text":"Software Restriction Policies"},{"text":"Software Restriction Policy","link":"https://csrc.nist.gov/glossary/term/software_restriction_policy"}],"definitions":null},{"term":"SRR","link":"https://csrc.nist.gov/glossary/term/srr","abbrSyn":[{"text":"Security/System Requirements Review","link":"https://csrc.nist.gov/glossary/term/security_system_requirements_review"}],"definitions":null},{"term":"SRTM","link":"https://csrc.nist.gov/glossary/term/srtm","abbrSyn":[{"text":"Security Requirements Traceability Matrix"}],"definitions":null},{"term":"SRx update ID","link":"https://csrc.nist.gov/glossary/term/srx_update_id","abbrSyn":[{"text":"SUID","link":"https://csrc.nist.gov/glossary/term/suid"}],"definitions":null},{"term":"SRxCryptoAPI","link":"https://csrc.nist.gov/glossary/term/srx_crypto_api","abbrSyn":[{"text":"SCA","link":"https://csrc.nist.gov/glossary/term/sca"}],"definitions":null},{"term":"SSA","link":"https://csrc.nist.gov/glossary/term/ssa","abbrSyn":[{"text":"Sector-Specific Agency","link":"https://csrc.nist.gov/glossary/term/sector_specific_agency"},{"text":"Shared Situational Awareness","link":"https://csrc.nist.gov/glossary/term/shared_situational_awareness"}],"definitions":null},{"term":"SSAA","link":"https://csrc.nist.gov/glossary/term/ssaa","abbrSyn":[{"text":"System Security Authorization Agreement","link":"https://csrc.nist.gov/glossary/term/system_security_authorization_agreement"}],"definitions":null},{"term":"SSC","link":"https://csrc.nist.gov/glossary/term/ssc","abbrSyn":[{"text":"Secure Service Container","link":"https://csrc.nist.gov/glossary/term/secure_service_container"},{"text":"software supply chain","link":"https://csrc.nist.gov/glossary/term/software_supply_chain"}],"definitions":null},{"term":"SSCA","link":"https://csrc.nist.gov/glossary/term/ssca","abbrSyn":[{"text":"Software and Supply Chain Assurance","link":"https://csrc.nist.gov/glossary/term/software_and_supply_chain_assurance"}],"definitions":null},{"term":"SSCP","link":"https://csrc.nist.gov/glossary/term/sscp","abbrSyn":[{"text":"Secure SCADA Communications Protocol","link":"https://csrc.nist.gov/glossary/term/secure_scada_communications_protocol"}],"definitions":null},{"term":"SSD","link":"https://csrc.nist.gov/glossary/term/ssd","abbrSyn":[{"text":"ITL Software and Systems Division","link":"https://csrc.nist.gov/glossary/term/itl_software_and_systems_division"},{"text":"Software and Systems Division","link":"https://csrc.nist.gov/glossary/term/software_and_systems_division"},{"text":"Solid State Drive"},{"text":"Solid-State Drive","link":"https://csrc.nist.gov/glossary/term/solid_state_drive"}],"definitions":[{"text":"A Solid State Drive (SSD) is a storage device that uses solid state memory to store persistent data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"SSDF","link":"https://csrc.nist.gov/glossary/term/ssdf","abbrSyn":[{"text":"Secure Software Development Framework","link":"https://csrc.nist.gov/glossary/term/secure_software_development_framework"}],"definitions":null},{"term":"SSDP","link":"https://csrc.nist.gov/glossary/term/ssdp","abbrSyn":[{"text":"Simple Service Discovery Protocol","link":"https://csrc.nist.gov/glossary/term/simple_service_discovery_protocol"}],"definitions":null},{"term":"SSE","link":"https://csrc.nist.gov/glossary/term/sse","abbrSyn":[{"text":"System Security Engineer","link":"https://csrc.nist.gov/glossary/term/system_security_engineer"},{"text":"Systems Security Engineering"}],"definitions":null},{"term":"SSE-CMM","link":"https://csrc.nist.gov/glossary/term/sse_cmm","abbrSyn":[{"text":"Systems Security Engineering - Capability Maturity Model","link":"https://csrc.nist.gov/glossary/term/systems_security_engineering_capability_maturity_model"}],"definitions":null},{"term":"SSFA","link":"https://csrc.nist.gov/glossary/term/ssfa","abbrSyn":[{"text":"Subset Fault Analysis","link":"https://csrc.nist.gov/glossary/term/subset_fault_analysis"}],"definitions":null},{"term":"SSH","link":"https://csrc.nist.gov/glossary/term/ssh","abbrSyn":[{"text":"Secure Shell","link":"https://csrc.nist.gov/glossary/term/secure_shell"},{"text":"Secure SHell"},{"text":"Secure Shell (network protocol)","link":"https://csrc.nist.gov/glossary/term/secure_shell_network_protocol"},{"text":"Secure Shell protocol"}],"definitions":null},{"term":"SSH Client","link":"https://csrc.nist.gov/glossary/term/ssh_client","definitions":[{"text":"The software implementation that enables a user or an automated process to remotely access an SSH server. An SSH client is responsible for reliably performing all of the operations necessary to ensure a secure connection, including generating identity keys, prompting users to verify host keys, authenticating and establishing encrypted connections with SSH servers, prompting users for credentials, performing public key authentication, etc.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"SSH Key","link":"https://csrc.nist.gov/glossary/term/ssh_key","definitions":[{"text":"A term that is generally used to refer to an identity and authorized keys. The term may also be occasionally used to refer to host or server private keys.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"SSH Server","link":"https://csrc.nist.gov/glossary/term/ssh_server","definitions":[{"text":"A software implementation that enables SSH access to a system from SSH clients. SSH server may be included with an operating system or appliance or may be add-on software. An SSH server is typically a complex set of software modules responsible for a broad number of tasks, including enforcing configured SSH settings, authenticating users, limiting access to certain users and groups, ensuring secure connections, interfacing with other systems (e.g., PAM and Kerberos), performing file transfers, etc.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"SSI","link":"https://csrc.nist.gov/glossary/term/ssi","abbrSyn":[{"text":"Server Side Includes","link":"https://csrc.nist.gov/glossary/term/server_side_includes"}],"definitions":null},{"term":"SSID","link":"https://csrc.nist.gov/glossary/term/ssid","abbrSyn":[{"text":"Service Set Identifier"}],"definitions":[{"text":"A name assigned to a wireless access point that allows stations to distinguish one wireless access point from another.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Service Set Identifier ","refSources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" - adapted"}]}]}]},{"term":"SSL","link":"https://csrc.nist.gov/glossary/term/ssl","abbrSyn":[{"text":"Secure Socket Layer"},{"text":"Secure Socket Layer (protocol)"},{"text":"Secure Sockets Layer"}],"definitions":null},{"term":"SSL Visibility","link":"https://csrc.nist.gov/glossary/term/ssl_visibility","note":"(Symantec Appliance)","abbrSyn":[{"text":"SSL VISIBILITY"},{"text":"SSLV","link":"https://csrc.nist.gov/glossary/term/sslv"}],"definitions":null},{"term":"SSL/TLS","link":"https://csrc.nist.gov/glossary/term/ssl-tls","abbrSyn":[{"text":"Secure Socket Layer/Transport Layer Security"},{"text":"Secure Sockets Layer/Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/secure_sockets_layer__transport_layer_security"}],"definitions":null},{"term":"SSLF","link":"https://csrc.nist.gov/glossary/term/sslf","abbrSyn":[{"text":"Specialized Security-Limited Functionality","link":"https://csrc.nist.gov/glossary/term/specialized_security_limited_functionality"}],"definitions":null},{"term":"SSLV","link":"https://csrc.nist.gov/glossary/term/sslv","abbrSyn":[{"text":"SSL Visibility","link":"https://csrc.nist.gov/glossary/term/ssl_visibility"}],"definitions":null},{"term":"SSM","link":"https://csrc.nist.gov/glossary/term/ssm","abbrSyn":[{"text":"Self-Service Module","link":"https://csrc.nist.gov/glossary/term/self_service_module"}],"definitions":null},{"term":"SSMS","link":"https://csrc.nist.gov/glossary/term/ssms","abbrSyn":[{"text":"SQL Server Management Studio","link":"https://csrc.nist.gov/glossary/term/sql_server_management_studio"}],"definitions":null},{"term":"SSN","link":"https://csrc.nist.gov/glossary/term/ssn","abbrSyn":[{"text":"Social Security Number","link":"https://csrc.nist.gov/glossary/term/social_security_number"}],"definitions":null},{"term":"SSO","link":"https://csrc.nist.gov/glossary/term/sso","abbrSyn":[{"text":"Single Sign On"},{"text":"Single sign-on"},{"text":"Single Sign-on"},{"text":"Single Sign-On","link":"https://csrc.nist.gov/glossary/term/single_sign_on"},{"text":"Standards-Setting Organization","link":"https://csrc.nist.gov/glossary/term/standards_setting_organization"},{"text":"System Security Officer"},{"text":"Systems Security Officer"}],"definitions":null},{"term":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp","abbrSyn":[{"text":"Secure Simple Pairing","link":"https://csrc.nist.gov/glossary/term/secure_simple_pairing"},{"text":"Sensitive Security Parameter","link":"https://csrc.nist.gov/glossary/term/sensitive_security_parameter"},{"text":"Shared Service Provider","link":"https://csrc.nist.gov/glossary/term/shared_service_provider"},{"text":"Shared Service Providers","link":"https://csrc.nist.gov/glossary/term/shared_service_providers"},{"text":"System Security Plan"}],"definitions":[{"text":"Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under System Security Plan ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"Formal document that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"Formal document that provides an overview of the security requirements for a system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18","note":" - Adapted"}]}]}]},{"term":"SSPP","link":"https://csrc.nist.gov/glossary/term/sspp","abbrSyn":[{"text":"Substation Serial Protection Protocol","link":"https://csrc.nist.gov/glossary/term/substation_serial_protection_protocol"}],"definitions":null},{"term":"SSTP","link":"https://csrc.nist.gov/glossary/term/sstp","abbrSyn":[{"text":"Secure Socket Tunneling Protocol","link":"https://csrc.nist.gov/glossary/term/secure_socket_tunneling_protocol"}],"definitions":null},{"term":"SSVOPM","link":"https://csrc.nist.gov/glossary/term/ssvopm","abbrSyn":[{"text":"Signature and Verification Operations Parallelizing Manager","link":"https://csrc.nist.gov/glossary/term/sig_ver_ops_parallelizing_manager"}],"definitions":null},{"term":"ST&E","link":"https://csrc.nist.gov/glossary/term/stande","abbrSyn":[{"text":"Security Test and Evaluation"},{"text":"Security Test And Evaluation"},{"text":"Security, Test, and Evaluation"}],"definitions":null},{"term":"STA","link":"https://csrc.nist.gov/glossary/term/sta","abbrSyn":[{"text":"Station","link":"https://csrc.nist.gov/glossary/term/station"}],"definitions":null},{"term":"stability","link":"https://csrc.nist.gov/glossary/term/stability","definitions":[{"text":"An inherent characteristic of an oscillator that determines how well it can produce the same frequency over a given time interval. Stability does not indicate whether the frequency is right or wrong, but only whether it stays the same. The stability of an oscillator does not necessarily change when the frequency offset changes. An oscillator can be adjusted, and its frequency moved either further away from or closer to its nominal frequency without changing its stability at all.\nThe stability of an oscillator is usually specified by a statistic, such as the Allan deviation, that estimates the frequency fluctuations of the device over a given time interval. Some devices, such as an OCXO [Oven Controlled Crystal (Xtal) Oscillator] have good short-term stability and poor long-term stability. Other devices, such as a GPS disciplined oscillator (GPSDO), typically have poor short-term stability and good long-term stability.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z","note":" - adapted"}]}]}]},{"term":"stablecoin","link":"https://csrc.nist.gov/glossary/term/stablecoin","definitions":[{"text":"A cryptocurrency token that is a fungible unit of financial value pegged to a currency, some other asset, or index. It can be traded directly between parties and converted to other currencies or the pegged asset.","sources":[{"text":"NIST IR 8408","link":"https://doi.org/10.6028/NIST.IR.8408"}]}]},{"term":"stage","link":"https://csrc.nist.gov/glossary/term/stage","definitions":[{"text":"Period within the life cycle of an entity that relates to the state of its description or realization.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"stakeholder","link":"https://csrc.nist.gov/glossary/term/stakeholder","definitions":[{"text":"Individual or organization having a right, share, claim, or interest in a system or in its possession of characteristics that meet their needs and expectations.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"Individual, team, organization, or classes thereof, having an interest in a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under stakeholder (system) ","refSources":[{"text":"ISO/IEC/IEEE 42010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under stakeholder (system) ","refSources":[{"text":"ISO/IEC/IEEE 42010:2011","link":"https://www.iso.org/standard/50508.html"}]}]}]},{"term":"Staking","link":"https://csrc.nist.gov/glossary/term/staking","definitions":[{"text":"Protocol-defined token collateralization earning yields and/or providing privileges, either at the base layer (in proof-of-stake consensus models) or at the smart contract layer.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"STAMP","link":"https://csrc.nist.gov/glossary/term/stamp","abbrSyn":[{"text":"Systems-Theoretic Accident Model and Processes","link":"https://csrc.nist.gov/glossary/term/systems_theoretic_accident_model_and_processes"}],"definitions":null},{"term":"Standalone Environment","link":"https://csrc.nist.gov/glossary/term/standalone_environment","definitions":[{"text":"Environment containing individually managed devices (e.g., desktops, laptops, smartphones, tablets).","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"},{"text":"NIST SP 800-70 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-70r3","note":" [Superseded]"}]},{"text":"Small office/home office environment.","sources":[{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"}]}]},{"term":"Standard Normal Cumulative Distribution Function","link":"https://csrc.nist.gov/glossary/term/standard_normal_cumulative_distribution_function","definitions":[{"text":"See the definition in Section 5.5.3. This is the normal function for mean = 0 and variance = 1.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Standard operating procedures","link":"https://csrc.nist.gov/glossary/term/standard_operating_procedures","abbrSyn":[{"text":"SOP","link":"https://csrc.nist.gov/glossary/term/sop"}],"definitions":[{"text":"A set of instructions used to describe a process or procedure that performs an explicit operation or explicit reaction to a given event.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Standard operating procedure "}]}]},{"term":"Standard Positioning Service","link":"https://csrc.nist.gov/glossary/term/standard_positioning_service","abbrSyn":[{"text":"SPS","link":"https://csrc.nist.gov/glossary/term/sps"}],"definitions":null},{"term":"Standard user account","link":"https://csrc.nist.gov/glossary/term/standard_user_account","abbrSyn":[{"text":"Daily Use Account","link":"https://csrc.nist.gov/glossary/term/daily_use_account"}],"definitions":[{"text":"See “Standard user account.”","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Daily Use Account "}]},{"text":"A user account with limited privileges that will be used for general tasks such as reading email and surfing the Web.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Standard User Account "}]}]},{"term":"Standard Red Green Blue","link":"https://csrc.nist.gov/glossary/term/standard_red_green_blue","abbrSyn":[{"text":"sRGB","link":"https://csrc.nist.gov/glossary/term/srgb"}],"definitions":null},{"term":"Standards Developing Organization","link":"https://csrc.nist.gov/glossary/term/standards_developing_organization","abbrSyn":[{"text":"SDO","link":"https://csrc.nist.gov/glossary/term/sdo"}],"definitions":[{"text":"any organization that develops and approves standards using various methods to establish consensus among its participants. Such organizations may be: accredited, such as ANSI -accredited IEEE; international treaty based, such as the ITU- T; private sector based, such as ISO/IEC; an international consortium, such as OASIS or IETF; or a government agency.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2"}]}]},{"term":"Standards Developing Organizations","link":"https://csrc.nist.gov/glossary/term/standards_developing_organizations","abbrSyn":[{"text":"SDO","link":"https://csrc.nist.gov/glossary/term/sdo"}],"definitions":null},{"term":"Standards-Setting Organization","link":"https://csrc.nist.gov/glossary/term/standards_setting_organization","abbrSyn":[{"text":"SSO","link":"https://csrc.nist.gov/glossary/term/sso"}],"definitions":null},{"term":"STAR","link":"https://csrc.nist.gov/glossary/term/star","abbrSyn":[{"text":"Short Title Assignment Requester"}],"definitions":null},{"term":"Start of Authority","link":"https://csrc.nist.gov/glossary/term/start_of_authority","abbrSyn":[{"text":"SOA","link":"https://csrc.nist.gov/glossary/term/soa"}],"definitions":null},{"term":"State","link":"https://csrc.nist.gov/glossary/term/state","definitions":[{"text":"Intermediate result of the AES block cipher that is represented as a two-dimensional array of bytes with four rows and \\(Nb\\) columns.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]}]},{"term":"State Channel","link":"https://csrc.nist.gov/glossary/term/state_channel","definitions":[{"text":"A scheme that enables the off-chain processing of transactions by a group of participants with instant second layer finality and deferred on-chain settlement via state updates.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"State Public Safety Department","link":"https://csrc.nist.gov/glossary/term/state_public_safety_department","abbrSyn":[{"text":"SPSD","link":"https://csrc.nist.gov/glossary/term/spsd"}],"definitions":null},{"term":"State Update","link":"https://csrc.nist.gov/glossary/term/state_update","definitions":[{"text":"An on-chain transaction used to anchor the current state of an external ledger onto the underlying blockchain.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Stateful","link":"https://csrc.nist.gov/glossary/term/stateful","definitions":[{"text":"Refers to a data representation or a process that is dependent on an external data store.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Stateful Inspection","link":"https://csrc.nist.gov/glossary/term/stateful_inspection","definitions":[{"text":"Packet filtering that also tracks the state of connections and blocks packets that deviate from the expected state.","sources":[{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","refSources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]},{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Stateful Protocol Analysis","link":"https://csrc.nist.gov/glossary/term/stateful_protocol_analysis","definitions":[{"text":"A firewalling capability that improves upon standard stateful inspection by adding basic intrusion detection technology. This technology consists of an inspection engine that analyzes protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations, allowing a firewall to allow or deny access based on how an application is running over a network.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Stateless","link":"https://csrc.nist.gov/glossary/term/stateless","definitions":[{"text":"Refers to a data representation or a process that is self-contained and does not depend on any external data store.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Stateless Inspection","link":"https://csrc.nist.gov/glossary/term/stateless_inspection","abbrSyn":[{"text":"Packet Filtering","link":"https://csrc.nist.gov/glossary/term/packet_filtering"}],"definitions":[{"text":"See “Packet Filtering”.","sources":[{"text":"NIST SP 800-41 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-41r1"}]}]},{"term":"Stateless Transport Tunneling","link":"https://csrc.nist.gov/glossary/term/stateless_transport_tunneling","abbrSyn":[{"text":"STT","link":"https://csrc.nist.gov/glossary/term/stt"}],"definitions":null},{"term":"Statement coverage","link":"https://csrc.nist.gov/glossary/term/statement_coverage","definitions":[{"text":"This is the simplest of coverage criteria – the percentage of statements exercised by the test set.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"Statement of Requirements","link":"https://csrc.nist.gov/glossary/term/statement_of_requirements","abbrSyn":[{"text":"SoR","link":"https://csrc.nist.gov/glossary/term/sor"}],"definitions":null},{"term":"statement of work requirement","link":"https://csrc.nist.gov/glossary/term/statement_of_work_requirement","definitions":[{"text":"A type of requirement that represents an action that is performed operationally or during system development.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"State-of-the-Art Resources","link":"https://csrc.nist.gov/glossary/term/state_of_the_art_resources","abbrSyn":[{"text":"SOAR","link":"https://csrc.nist.gov/glossary/term/soar"}],"definitions":null},{"term":"Static Analysis Reference Dataset","link":"https://csrc.nist.gov/glossary/term/static_analysis_reference_dataset","abbrSyn":[{"text":"SARD","link":"https://csrc.nist.gov/glossary/term/sard"}],"definitions":null},{"term":"Static Analysis Tool Exposition","link":"https://csrc.nist.gov/glossary/term/static_analysis_tool_exposition","abbrSyn":[{"text":"SATE","link":"https://csrc.nist.gov/glossary/term/sate"}],"definitions":null},{"term":"static application security tool","link":"https://csrc.nist.gov/glossary/term/static_application_security_tool","abbrSyn":[{"text":"SAST","link":"https://csrc.nist.gov/glossary/term/sast"}],"definitions":null},{"term":"static code analyzer","link":"https://csrc.nist.gov/glossary/term/static_code_analyzer","definitions":[{"text":"A tool that analyzes source code without executing the code. Static code analyzers are designed to review bodies of source code (at the programming language level) or compiled code (at the machine language level) to identify poor coding practices. Static code analyzers provide feedback to developers during the code development phase on security flaws that might be introduced into code.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Static Core Root of Trust for Measurement","link":"https://csrc.nist.gov/glossary/term/static_core_root_of_trust_for_measurement","abbrSyn":[{"text":"SCRTM","link":"https://csrc.nist.gov/glossary/term/scrtm"}],"definitions":null},{"term":"Static key","link":"https://csrc.nist.gov/glossary/term/static_key","definitions":[{"text":"A key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key-establishment scheme. Contrast with an Ephemeral key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]},{"text":"A key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key- establishment scheme. Contrast with an ephemeral key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]}]},{"term":"Static key pair","link":"https://csrc.nist.gov/glossary/term/static_key_pair","definitions":[{"text":"A key pair, consisting of a private key (i.e., a static private key) and a public key (i.e., a static public key) that is intended for use for a relatively long period of time and is typically intended for use in multiple key establishment transactions. Contrast with an ephemeral key pair.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"}]},{"text":"A long-term key pair for which the public key is often provided in a public-key certificate.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1"}]}]},{"term":"Static Random Access Memory","link":"https://csrc.nist.gov/glossary/term/static_random_access_memory","abbrSyn":[{"text":"SRAM","link":"https://csrc.nist.gov/glossary/term/sram"}],"definitions":null},{"term":"Station","link":"https://csrc.nist.gov/glossary/term/station","abbrSyn":[{"text":"STA","link":"https://csrc.nist.gov/glossary/term/sta"}],"definitions":[{"text":"A client device in a wireless network.","sources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]","underTerm":" under Station (STA) "}]}]},{"term":"Station Access Controller","link":"https://csrc.nist.gov/glossary/term/station_access_controller","abbrSyn":[{"text":"SAC","link":"https://csrc.nist.gov/glossary/term/sac"}],"definitions":null},{"term":"statistical disclosure control","link":"https://csrc.nist.gov/glossary/term/statistical_disclosure_control","abbrSyn":[{"text":"SDC","link":"https://csrc.nist.gov/glossary/term/sdc"},{"text":"statistical disclosure limitation","link":"https://csrc.nist.gov/glossary/term/statistical_disclosure_limitation"}],"definitions":[{"text":"The set of methods to reduce the risk of disclosing information on individuals, businesses or other organizations. Such methods are only related to the dissemination step and are usually based on restricting the amount of or modifying the data released.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188","underTerm":" under statistical disclosure limitation ","refSources":[{"text":"OECD Glossary of Statistical Terms","link":"https://doi.org/10.1787/9789264055087-en"}]}]}]},{"term":"Statistical Ineffective Fault Attack","link":"https://csrc.nist.gov/glossary/term/statistical_ineffective_fault_attack","abbrSyn":[{"text":"SIFA","link":"https://csrc.nist.gov/glossary/term/sifa"}],"definitions":null},{"term":"Statistical Test (of a Hypothesis)","link":"https://csrc.nist.gov/glossary/term/statistical_test","definitions":[{"text":"A function of the data (binary stream) which is computed and used to decide whether or not to reject the null hypothesis. A systematic statistical rule whose purpose is to generate a conclusion regarding whether the experimenter should accept or reject the null hypothesis Ho.","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"Statistically Independent Events","link":"https://csrc.nist.gov/glossary/term/statistically_independent_events","definitions":[{"text":"Two events are independent if the occurrence of one event does not affect the chances of the occurrence of the other event. The mathematical formulation of the independence of events A and B is the probability of the occurrence of both A and B being equal to the product of the probabilities of A and B (i.e., P(A and B) = P(A)P(B)).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"status authority (CSA)","link":"https://csrc.nist.gov/glossary/term/status_authority","definitions":[{"text":"A trusted entity that provides on-line verification to a relying party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]}]},{"term":"Status Word","link":"https://csrc.nist.gov/glossary/term/status_word","definitions":[{"text":"Two bytes returned by an integrated circuit card after processing any command that signify the success of or errors encountered during said processing.","sources":[{"text":"NIST SP 800-73-4","link":"https://doi.org/10.6028/NIST.SP.800-73-4"}]}]},{"term":"STD","link":"https://csrc.nist.gov/glossary/term/std","abbrSyn":[{"text":"Security Tool Distribution","link":"https://csrc.nist.gov/glossary/term/security_tool_distribution"}],"definitions":null},{"term":"STE","link":"https://csrc.nist.gov/glossary/term/ste","abbrSyn":[{"text":"Secure Terminal Equipment","link":"https://csrc.nist.gov/glossary/term/secure_terminal_equipment"}],"definitions":null},{"term":"Stealthwatch Flow Collector","link":"https://csrc.nist.gov/glossary/term/stealthwatch_flow_collector","abbrSyn":[{"text":"SFC","link":"https://csrc.nist.gov/glossary/term/sfc"}],"definitions":null},{"term":"Stealthwatch Management Center","link":"https://csrc.nist.gov/glossary/term/stealthwatch_management_center","abbrSyn":[{"text":"SMC","link":"https://csrc.nist.gov/glossary/term/smc"}],"definitions":null},{"term":"Stealthwatch Management Console","link":"https://csrc.nist.gov/glossary/term/stealthwatch_management_console","abbrSyn":[{"text":"SMC","link":"https://csrc.nist.gov/glossary/term/smc"}],"definitions":null},{"term":"steganography","link":"https://csrc.nist.gov/glossary/term/steganography","definitions":[{"text":"The art, science, and practice of communicating in a way that hides the existence of the communication.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","note":" - Adapted"}]}]},{"text":"The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Steganography "},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72","underTerm":" under Steganography "}]},{"text":"Embedding data within other data to conceal it.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86","underTerm":" under Steganography "}]}]},{"term":"STEM","link":"https://csrc.nist.gov/glossary/term/stem","abbrSyn":[{"text":"Science, Technology, Engineering, and Math","link":"https://csrc.nist.gov/glossary/term/science_technology_engineering_and_math"}],"definitions":null},{"term":"STIG","link":"https://csrc.nist.gov/glossary/term/stig","abbrSyn":[{"text":"Security Technical Implementation Guide"},{"text":"Security Technical Implementation Guideline","link":"https://csrc.nist.gov/glossary/term/security_technical_implementation_guideline"},{"text":"Security Technical Implementation Guidelines"},{"text":"Security Technical Implementation Guides"}],"definitions":null},{"term":"STIX","link":"https://csrc.nist.gov/glossary/term/stix","abbrSyn":[{"text":"OASIS Structured Threat Information Expression","link":"https://csrc.nist.gov/glossary/term/oasis_structured_threat_information_expression"},{"text":"Structured Threat Information eXpression","link":"https://csrc.nist.gov/glossary/term/structured_threat_information_expression"}],"definitions":null},{"term":"STK","link":"https://csrc.nist.gov/glossary/term/stk","abbrSyn":[{"text":"Short Term Key","link":"https://csrc.nist.gov/glossary/term/short_term_key"}],"definitions":null},{"term":"Stock Keeping Unit","link":"https://csrc.nist.gov/glossary/term/stock_keeping_unit","abbrSyn":[{"text":"SKU","link":"https://csrc.nist.gov/glossary/term/sku"}],"definitions":null},{"term":"Stockholm International Summit on Cyber Security in SCADA and ICS","link":"https://csrc.nist.gov/glossary/term/stockholm_international_summit_on_cyber_security_scada_ics","abbrSyn":[{"text":"CS3STHLM","link":"https://csrc.nist.gov/glossary/term/cs3sthlm"}],"definitions":null},{"term":"Storage","link":"https://csrc.nist.gov/glossary/term/storage","definitions":[{"text":"Retrievable retention of data. Electronic, electrostatic, or electrical hardware or other elements (media) into which data may be entered, and from which data may be retrieved.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Storage Area Network","link":"https://csrc.nist.gov/glossary/term/storage_area_network","abbrSyn":[{"text":"SAN","link":"https://csrc.nist.gov/glossary/term/san"}],"definitions":null},{"term":"Storage Management Initiative Specification","link":"https://csrc.nist.gov/glossary/term/storage_management_initiative_specification","abbrSyn":[{"text":"SMI-S","link":"https://csrc.nist.gov/glossary/term/smi_s"}],"definitions":null},{"term":"Storage Root Key","link":"https://csrc.nist.gov/glossary/term/storage_root_key","abbrSyn":[{"text":"SRK","link":"https://csrc.nist.gov/glossary/term/srk"}],"definitions":null},{"term":"Store a key or metadata","link":"https://csrc.nist.gov/glossary/term/store_a_key_or_metadata","definitions":[{"text":"Placing a key and/or metadata in storage outside of a cryptographic module without retaining the original copy in the cryptographic module.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Stored Measurement Log","link":"https://csrc.nist.gov/glossary/term/stored_measurement_log","abbrSyn":[{"text":"SML","link":"https://csrc.nist.gov/glossary/term/sml"}],"definitions":null},{"term":"STP","link":"https://csrc.nist.gov/glossary/term/stp","abbrSyn":[{"text":"Signal Transfer Point","link":"https://csrc.nist.gov/glossary/term/signal_transfer_point"},{"text":"Simple Theorem Prover constraint solver","link":"https://csrc.nist.gov/glossary/term/simple_theorem_prover_constraint_solver"}],"definitions":null},{"term":"STPA","link":"https://csrc.nist.gov/glossary/term/stpa","abbrSyn":[{"text":"System-Theoretic Process Analysis","link":"https://csrc.nist.gov/glossary/term/system_theoretic_process_analysis"}],"definitions":null},{"term":"Stream component","link":"https://csrc.nist.gov/glossary/term/stream_component","definitions":[{"text":"A major element of a data stream, such as an XCCDF benchmark or a set of OVAL definitions.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Stream Control Transmission Protocol","link":"https://csrc.nist.gov/glossary/term/stream_control_transmission_protocol","abbrSyn":[{"text":"SCTP","link":"https://csrc.nist.gov/glossary/term/sctp"}],"definitions":null},{"term":"strength of function","link":"https://csrc.nist.gov/glossary/term/strength_of_function","definitions":[{"text":"Criterion expressing the minimum efforts assumed necessary to defeat the specified security behavior of an implemented security function by directly attacking its underlying security mechanisms.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Criterion expressing the minimum efforts assumed necessary to defeat the specified security behavior of an implemented security function by directly attacking its underlying security mechanisms. \nNote 1: Strength of function has as a prerequisite that assumes that the underlying security mechanisms are correctly implemented. The concept of strength of functions may be equally applied to services or other capability-based abstraction provided by security mechanisms. \nNote 2: The term robustness combines the concepts of assurance of correct implementation with strength of function to provide finer granularity in determining the trustworthiness of a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"Criterion expressing the minimum efforts assumed necessary to defeat the specified security behavior of an implemented security function by directly attacking its underlying security mechanisms.\nNote 1: Strength of function has as a prerequisite that assumes that the underlying security mechanisms are correctly implemented. The concept of strength of functions may be equally applied to services or other capability-based abstraction provided by security mechanisms.\nNote 2: The term robustness combines the concepts of assurance of correct implementation with strength of function to provide finer granularity in determining the trustworthiness of a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Strength of Function for Authenticators – Biometrics","link":"https://csrc.nist.gov/glossary/term/strength_of_function_for_authenticators_biometrics","abbrSyn":[{"text":"SOFA-B","link":"https://csrc.nist.gov/glossary/term/sofa_b"}],"definitions":null},{"term":"strength of mechanism (SoM)","link":"https://csrc.nist.gov/glossary/term/strength_of_mechanism","abbrSyn":[{"text":"SoM","link":"https://csrc.nist.gov/glossary/term/som"}],"definitions":[{"text":"A scale for measuring the relative strength of a security mechanism.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Strength, Weakness, Opportunity, and Threat Analysis","link":"https://csrc.nist.gov/glossary/term/strength_weakness_opportunity_threat_analysis","abbrSyn":[{"text":"SWOT","link":"https://csrc.nist.gov/glossary/term/swot"}],"definitions":null},{"term":"Strengths, Weaknesses, Opportunities, Threats","link":"https://csrc.nist.gov/glossary/term/strengths_weaknesses_opportunities_threats","abbrSyn":[{"text":"SWOT","link":"https://csrc.nist.gov/glossary/term/swot"}],"definitions":null},{"term":"String","link":"https://csrc.nist.gov/glossary/term/string","abbrSyn":[{"text":"Bitstring","link":"https://csrc.nist.gov/glossary/term/bitstring"}],"definitions":[{"text":"An ordered sequence (string) of 0s and 1s. The leftmost bit is the most significant bit.","sources":[{"text":"NIST IR 8427","link":"https://doi.org/10.6028/NIST.IR.8427","underTerm":" under Bitstring "}]},{"text":"A sequence of bits.","sources":[{"text":"NIST SP 800-185","link":"https://doi.org/10.6028/NIST.SP.800-185"}]},{"text":"A bitstring is an ordered sequence of 0’s and 1’s.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1","underTerm":" under Bitstring "}]},{"text":"See Bitstring.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"An ordered sequence of 0’s and 1’s. The leftmost bit is the most significant bit.","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B","underTerm":" under Bitstring "}]}]},{"term":"striped core","link":"https://csrc.nist.gov/glossary/term/striped_core","definitions":[{"text":"A network architecture in which user data traversing a core IP network is decrypted, filtered and re-encrypted one or more times. \nNote: The decryption, filtering, and re-encryption are performed within a “Red gateway”; consequently, the core is “striped” because the data path is alternately Black, Red, and Black.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"strong authentication","link":"https://csrc.nist.gov/glossary/term/strong_authentication","definitions":[{"text":"A method used to secure computer systems and/or networks by verifying a user’s identity by requiring two-factors in order to authenticate (something you know, something you are, or something you have).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8420.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Strong Existential Unforgeability under Chosen-Message Attack","link":"https://csrc.nist.gov/glossary/term/strong_existential_unforgeability_under_chosen_message_attack","abbrSyn":[{"text":"SUF-CMA","link":"https://csrc.nist.gov/glossary/term/suf_cma"}],"definitions":null},{"term":"StrongAuth KeyAppliance","link":"https://csrc.nist.gov/glossary/term/strongauth_keyappliance","abbrSyn":[{"text":"SAKA","link":"https://csrc.nist.gov/glossary/term/saka"}],"definitions":null},{"term":"StrongKey Crypto Engine","link":"https://csrc.nist.gov/glossary/term/strongkey_crypto_engine","abbrSyn":[{"text":"SKCE","link":"https://csrc.nist.gov/glossary/term/skce"}],"definitions":null},{"term":"StrongKey CryptoEngine","link":"https://csrc.nist.gov/glossary/term/strongkey_cryptoengine","abbrSyn":[{"text":"SKCE","link":"https://csrc.nist.gov/glossary/term/skce"}],"definitions":null},{"term":"structural relationship mapping","link":"https://csrc.nist.gov/glossary/term/structural_relationship_mapping","definitions":[{"text":"A concept relationship style that captures an inherent hierarchical structure of concepts, usually defined within a single concept source.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]}]},{"term":"Structured Exception Handler Overwrite Protection","link":"https://csrc.nist.gov/glossary/term/structured_exception_handler_overwrite_protection","abbrSyn":[{"text":"SEHOP","link":"https://csrc.nist.gov/glossary/term/sehop"}],"definitions":null},{"term":"Structured Product Labeling","link":"https://csrc.nist.gov/glossary/term/structured_product_labeling","abbrSyn":[{"text":"SPL","link":"https://csrc.nist.gov/glossary/term/spl"}],"definitions":null},{"term":"Structured Query Language","link":"https://csrc.nist.gov/glossary/term/structured_query_language","abbrSyn":[{"text":"SQL","link":"https://csrc.nist.gov/glossary/term/sql"}],"definitions":null},{"term":"Structured Query Language Injection","link":"https://csrc.nist.gov/glossary/term/structured_query_language_injection","abbrSyn":[{"text":"SQLi","link":"https://csrc.nist.gov/glossary/term/sqli"}],"definitions":null},{"term":"Structured Threat Information eXpression","link":"https://csrc.nist.gov/glossary/term/structured_threat_information_expression","abbrSyn":[{"text":"STIX","link":"https://csrc.nist.gov/glossary/term/stix"}],"definitions":null},{"term":"STS","link":"https://csrc.nist.gov/glossary/term/sts","abbrSyn":[{"text":"Security Token Service","link":"https://csrc.nist.gov/glossary/term/security_token_service"}],"definitions":null},{"term":"STT","link":"https://csrc.nist.gov/glossary/term/stt","abbrSyn":[{"text":"Stateless Transport Tunneling","link":"https://csrc.nist.gov/glossary/term/stateless_transport_tunneling"}],"definitions":null},{"term":"STU","link":"https://csrc.nist.gov/glossary/term/stu","abbrSyn":[{"text":"Secure Telephone Unit","link":"https://csrc.nist.gov/glossary/term/secure_telephone_unit"}],"definitions":null},{"term":"STVMG","link":"https://csrc.nist.gov/glossary/term/stvmg","abbrSyn":[{"text":"Security Testing, Validation, and Measurement Group","link":"https://csrc.nist.gov/glossary/term/security_testing_validation_and_measurement_group"}],"definitions":null},{"term":"SU","link":"https://csrc.nist.gov/glossary/term/su","abbrSyn":[{"text":"System User"}],"definitions":null},{"term":"subaccount","link":"https://csrc.nist.gov/glossary/term/subaccount","definitions":[{"text":"A COMSEC account that only received key from, and only reports to, its parent account, never a Central Office of Record.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"subassembly","link":"https://csrc.nist.gov/glossary/term/subassembly","definitions":[{"text":"Two or more parts that form a portion of an assembly or a unit replaceable as a whole, but having a part or parts that are individually replaceable.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4033","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Sub-Capability","link":"https://csrc.nist.gov/glossary/term/sub_capability","definitions":[{"text":"A capability that supports the achievement of a larger capability. In this NISTIR, each defined capability is decomposed into the set of sub-capabilities that are necessary and sufficient to support the purpose of the larger capability.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Subcommittee","link":"https://csrc.nist.gov/glossary/term/subcommittee","abbrSyn":[{"text":"SC","link":"https://csrc.nist.gov/glossary/term/sc"}],"definitions":null},{"term":"Subdirectory","link":"https://csrc.nist.gov/glossary/term/subdirectory","definitions":[{"text":"A directory contained within another directory.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Sub-functions","link":"https://csrc.nist.gov/glossary/term/sub_functions","definitions":[{"text":"Sub-functions are the basic operations employed to provide the system services within each area of operations or line of business. The recommended information types provided in NIST SP 800-60 are established from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"sub-hand receipt","link":"https://csrc.nist.gov/glossary/term/sub_hand_receipt","definitions":[{"text":"The hand receipt of COMSEC material to authorized individuals by persons to whom the material has already been hand receipted.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"subject","link":"https://csrc.nist.gov/glossary/term/subject","abbrSyn":[{"text":"requestor"}],"definitions":[{"text":"The entity requesting to perform an operation upon the object.","sources":[{"text":"NIST SP 800-162","link":"https://doi.org/10.6028/NIST.SP.800-162"}]},{"text":"An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or changes the system state.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"A person, organization, device, hardware, network, software, or service.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Subject "}]},{"text":"Generally an individual, process, or device causing information to flow among objects or change to the system state. See object.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Subject "}]},{"text":"An individual, process, or device that causes information to flow among objects or change to the system state. Also see object.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"the set of active entities of the system, operating within roles on behalf of individual users.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under Subject "}]}],"seeAlso":[{"text":"object","link":"object"},{"text":"Object"}]},{"term":"Subject (in a certificate)","link":"https://csrc.nist.gov/glossary/term/subject_in_a_certificate","definitions":[{"text":"The entity authorized to use the private key associated with the public key in the certificate.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Subject Alternative Name","link":"https://csrc.nist.gov/glossary/term/subject_alternative_name","abbrSyn":[{"text":"SAN","link":"https://csrc.nist.gov/glossary/term/san"}],"definitions":[{"text":"A field in an X.509 certificate that identifies one or more fully qualified domain names, IP addresses, email addresses, URIs, or UPNs to be associated with the public key contained in a certificate.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"Subject Matter Expert","link":"https://csrc.nist.gov/glossary/term/subject_matter_expert","abbrSyn":[{"text":"SME","link":"https://csrc.nist.gov/glossary/term/sme"}],"definitions":null},{"term":"subjectAltName","link":"https://csrc.nist.gov/glossary/term/subjectaltname","abbrSyn":[{"text":"SAN","link":"https://csrc.nist.gov/glossary/term/san"}],"definitions":null},{"term":"SubjectPublicKeyInfo","link":"https://csrc.nist.gov/glossary/term/subjectpublickeyinfo","abbrSyn":[{"text":"SPKI","link":"https://csrc.nist.gov/glossary/term/spki"}],"definitions":null},{"term":"Subkey","link":"https://csrc.nist.gov/glossary/term/subkey","definitions":[{"text":"A secret string that is derived from the key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"Subkey Generation","link":"https://csrc.nist.gov/glossary/term/subkey_generation","definitions":[{"text":"An algorithm that derives subkeys from a key.","sources":[{"text":"NIST SP 800-38B","link":"https://doi.org/10.6028/NIST.SP.800-38B"}]}]},{"term":"subordinate certificate authority","link":"https://csrc.nist.gov/glossary/term/subordinate_certificate_authority","definitions":[{"text":"In a hierarchical public key infrastructure (PKI), a certificate authority (CA) whose certificate signing key is certified by another CA, and whose activities are constrained by that other CA. See superior certification authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"superior certification authority","link":"superior_certification_authority"}]},{"term":"subscriber","link":"https://csrc.nist.gov/glossary/term/subscriber","definitions":[{"text":"An entity that has applied for and received a certificate from a Certificate Authority.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Subscriber "}]},{"text":"An entity that (1) is the subject named or identified in a certificate issued to such an entity, and (2) holds a private key that corresponds to a public key listed in that certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The individual who is the subject named or identified in a Derived PIV Authentication certificate and who holds the token that contains the private key that corresponds to the public key in the certificate.","sources":[{"text":"NIST SP 1800-12b","link":"https://doi.org/10.6028/NIST.SP.1800-12"},{"text":"NIST SP 800-157","link":"https://doi.org/10.6028/NIST.SP.800-157","underTerm":" under Subscriber "}]},{"text":"A Subscriber is an entity that (1) is the subject named or identified in a certificate issued to that entity, (2) holds a private key that corresponds to the public key listed in the certificate, and (3) does not itself issue certificates to another party. This includes, but is not limited to, an individual or network device","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Subscriber "}]},{"text":"A party who has received a credential or authenticator from a CSP.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Subscriber "}]},{"text":"An individual applying for a Derived PIV Credential","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under Subscriber "}]},{"text":"A party who has received a credential or authenticator from a Credential Service Provider.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Subscriber "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Subscriber "}]},{"text":"A party who has received a credential or token from a CSP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Subscriber "}]}]},{"term":"Subscriber Identity Module (SIM)","link":"https://csrc.nist.gov/glossary/term/subscriber_identity_module","abbrSyn":[{"text":"SIM","link":"https://csrc.nist.gov/glossary/term/sim"}],"definitions":[{"text":"A smart card chip specialized for use in GSM equipment.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Subscriber Identity Module "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Subscriber Identity Module "}]}]},{"term":"Subset Fault Analysis","link":"https://csrc.nist.gov/glossary/term/subset_fault_analysis","abbrSyn":[{"text":"SSFA","link":"https://csrc.nist.gov/glossary/term/ssfa"}],"definitions":null},{"term":"Substation Serial Protection Protocol","link":"https://csrc.nist.gov/glossary/term/substation_serial_protection_protocol","abbrSyn":[{"text":"SSPP","link":"https://csrc.nist.gov/glossary/term/sspp"}],"definitions":null},{"term":"Substitution–Permutation Network","link":"https://csrc.nist.gov/glossary/term/substitution_permutation_network","abbrSyn":[{"text":"SPN","link":"https://csrc.nist.gov/glossary/term/spn"}],"definitions":null},{"term":"subsystem","link":"https://csrc.nist.gov/glossary/term/subsystem","definitions":[{"text":"A major subdivision or component of an information system consisting of information, information technology, and personnel that performs one or more specific functions.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Subsystem ","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Subsystem "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Subsystem "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Subsystem "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"A major subdivision of an information system consisting of information, information technology, and personnel that performs one or more specific functions.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Subsystem ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Subsystem "}]},{"text":"A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Subsystem "}]},{"text":"A major subdivision or element of an information system consisting of information, information technology, and personnel that performs one or more specific functions.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"Successor","link":"https://csrc.nist.gov/glossary/term/successor","definitions":[{"text":"In the RBG-based construction of IVs, the result of one or more applications of the appropriate incrementing function to a direct random string.","sources":[{"text":"NIST SP 800-38D","link":"https://doi.org/10.6028/NIST.SP.800-38D"}]}]},{"term":"SUF-CMA","link":"https://csrc.nist.gov/glossary/term/suf_cma","abbrSyn":[{"text":"Strong Existential Unforgeability under Chosen-Message Attack","link":"https://csrc.nist.gov/glossary/term/strong_existential_unforgeability_under_chosen_message_attack"}],"definitions":null},{"term":"SUID","link":"https://csrc.nist.gov/glossary/term/suid","abbrSyn":[{"text":"Set-User-ID","link":"https://csrc.nist.gov/glossary/term/set_user_id"},{"text":"SRx update ID","link":"https://csrc.nist.gov/glossary/term/srx_update_id"}],"definitions":null},{"term":"Suitability and Credentialing Executive Agent","link":"https://csrc.nist.gov/glossary/term/suitability_and_credentialing_executive_agent","definitions":[{"text":"Individual responsible for prescribing suitability standards and minimum standards of fitness for employment. With the issuance of Executive Order 13467, as amended, the Suitability and Credentialing Executive Agent is responsible for the development, implementation, and oversight of effective, efficient, and uniform policies and procedures governing the conduct of investigations and adjudications for Suitability, Fitness, and Credentialing determinations in the Federal Government. Pursuant to Sections 1103 and 1104 of Title 5, United States Code, and the Civil Service Rules, the director of the Office of Personnel Management (OPM) is the Suitability and Credentialing Executive Agent.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Suite A","link":"https://csrc.nist.gov/glossary/term/suite_a","definitions":[{"text":"A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission critical information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Suite B","link":"https://csrc.nist.gov/glossary/term/suite_b","definitions":[{"text":"A specific set of cryptographic algorithms suitable for protecting both classified and unclassified national security systems, classified national security information, and sensitive information throughout the U.S. government and to support interoperability with allies and coalition partners.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Suite B compatible","link":"https://csrc.nist.gov/glossary/term/suite_b_compatible","definitions":[{"text":"An information assurance (IA) or IA-enabled information technology (IT) product that: \na. Uses National Security Agency (NSA)-approved public standards-based security protocols. If none are available with the necessary functionality, then uses a NSA-approved security protocol; \nb. Includes (as selectable capabilities) all of the Suite B cryptographic algorithms that are functionally supported by the NSA-approved security protocol(s); and \nc. Has been evaluated or validated in accordance with NSTISSP 11.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 15","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Summer Undergraduate Research Fellowship","link":"https://csrc.nist.gov/glossary/term/summer_undergraduate_research_fellowship","abbrSyn":[{"text":"SURF","link":"https://csrc.nist.gov/glossary/term/surf"}],"definitions":null},{"term":"superencryption","link":"https://csrc.nist.gov/glossary/term/superencryption","definitions":[{"text":"2. An encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"IETF RFC 4949 Ver 2","link":"https://tools.ietf.org/html/rfc4949"}]}]},{"text":"1. The encrypting of already encrypted information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"superior certification authority","link":"https://csrc.nist.gov/glossary/term/superior_certification_authority","definitions":[{"text":"In a hierarchical public key infrastructure (PKI), a certification authority (CA) who has certified the certificate signature key of another CA, and who constrains the activities of that CA. See subordinate certification authority.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]}],"seeAlso":[{"text":"subordinate certificate authority","link":"subordinate_certificate_authority"},{"text":"subordinate certification authority"}]},{"term":"supersession","link":"https://csrc.nist.gov/glossary/term/supersession","definitions":[{"text":"The scheduled or unscheduled replacement of COMSEC material with a different edition.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"supersingular isogeny Diffie-Hellman","link":"https://csrc.nist.gov/glossary/term/supersingular_isogeny_diffie_hellman","abbrSyn":[{"text":"SIDH","link":"https://csrc.nist.gov/glossary/term/sidh"}],"definitions":null},{"term":"superuser","link":"https://csrc.nist.gov/glossary/term/superuser","abbrSyn":[{"text":"privileged user","link":"https://csrc.nist.gov/glossary/term/privileged_user"}],"definitions":[{"text":"A user who is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under privileged user "}]},{"text":"A user who is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under privileged user "}]},{"text":"A user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","underTerm":" under privileged user "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under privileged user ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under privileged user "},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","underTerm":" under privileged user "}]},{"text":"A user that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under privileged user "}]},{"text":"See privileged user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Supervised Remote Proofing","link":"https://csrc.nist.gov/glossary/term/supervised_remote_proofing","definitions":[{"text":"A remote identity proofing process that employs physical, technical and procedural measures that provide sufficient confidence that the remote session can be considered equivalent to a physical, in-person identity proofing process.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Supervisor Mode Access Prevention","link":"https://csrc.nist.gov/glossary/term/supervisor_mode_access_prevention","abbrSyn":[{"text":"SMAP","link":"https://csrc.nist.gov/glossary/term/smap"}],"definitions":null},{"term":"Supervisor Mode Execution Prevention","link":"https://csrc.nist.gov/glossary/term/supervisor_mode_execution_prevention","abbrSyn":[{"text":"SMEP","link":"https://csrc.nist.gov/glossary/term/smep"}],"definitions":null},{"term":"Supplicant Number once","link":"https://csrc.nist.gov/glossary/term/supplicant_number_once","abbrSyn":[{"text":"SNonce","link":"https://csrc.nist.gov/glossary/term/snonce"}],"definitions":null},{"term":"supplier","link":"https://csrc.nist.gov/glossary/term/supplier","definitions":[{"text":"Organization or individual that enters into an agreement with the acquirer or integrator for the supply of a product or service. This includes all suppliers in the supply chain, developers or manufacturers of systems, system components, or system services; systems integrators; suppliers; product resellers; and third-party partners.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html","note":" - adapted"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted from definition of \"developer\""}]}]},{"text":"Organization or individual that enters into an agreement with the acquirer or integrator for the supply of a product or service. This includes all suppliers in the supply chain. \nIncludes (i) developers or manufacturers of information systems, system components, or information system services; (ii) vendors; and (iii) product resellers.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Supplier ","refSources":[{"text":"ISO/IEC 15288","note":" - Adapted"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - adapted from “developer”"}]}]},{"text":"Organization or individual that enters into an agreement with the acquirer or integrator for the supply of a product or service. This includes all suppliers in the supply chain, developers or manufacturers of systems, system components, or system services; systems integrators; vendors; product resellers; and third party partners.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Organization or individual that enters into an agreement with the acquirer or integrator for the supply of a product or service. This includes all suppliers in the supply chain.","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Supplier ","refSources":[{"text":"ISO/IEC 15288","note":" - Adapted"}]}]},{"text":"Product and service providers used for an organization’s internal purposes (e.g., IT infrastructure) or integrated into the products of services provided to that organization’s Buyers.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018","underTerm":" under Supplier "}]},{"text":"Organization or an individual that enters into an agreement with the acquirer for the supply of a product or service.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"Supplier’s Declaration of Conformity","link":"https://csrc.nist.gov/glossary/term/supplier_declaration_of_conformity","abbrSyn":[{"text":"SDoC","link":"https://csrc.nist.gov/glossary/term/sdoc"}],"definitions":[{"text":"Declaration where the conformity assessment activity is performed by the person or organization that provides the ‘object’ (such as product, process, management system, person or body) and the supplier provides written confidence of conformity.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"supply chain","link":"https://csrc.nist.gov/glossary/term/supply_chain","definitions":[{"text":"Linked set of resources and processes between and among multiple levels of organizations, each of which is an acquirer, that begins with the sourcing of products and services and extends through their life cycle.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO 28001:2007","note":" - adapted"}]}]},{"text":"Linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Supply Chain ","refSources":[{"text":"ISO 28001","note":" - Adapted"}]}]},{"text":"A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The network of retailers, distributors, transporters, storage facilities, and suppliers that participate in the sale, delivery, and production of a particular product.101","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Supply Chain "}]},{"text":"Linked set of resources and processes between and among multiple tiers of organizations, each of which is an acquirer, that begins with the sourcing of products and services and extends through their life cycle.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"supply chain assurance","link":"https://csrc.nist.gov/glossary/term/supply_chain_assurance","abbrSyn":[{"text":"SCA","link":"https://csrc.nist.gov/glossary/term/sca"}],"definitions":[{"text":"Confidence that the supply chain will produce and deliver elements, processes, and information that function as expected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Supply Chain Assurance ","refSources":[{"text":"DoD Key Practices and Implementation Guide","note":" - Adapted"}]}]}]},{"term":"supply chain attack","link":"https://csrc.nist.gov/glossary/term/supply_chain_attack","definitions":[{"text":"Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"supply chain element","link":"https://csrc.nist.gov/glossary/term/supply_chain_element","abbrSyn":[{"text":"element","link":"https://csrc.nist.gov/glossary/term/element"}],"definitions":[{"text":"Organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and/or disposal of systems and system components.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"An information technology product or product component that contains programmable logic and that is critically important to the functioning of an information system.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Supply Chain Element "}]},{"text":"A statement about an ISCM concept that is true for a well-implemented ISCM program.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under element "},{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212","underTerm":" under element "}]},{"text":"Organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of systems and system components.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"Organizations, departments, facilities, or personnel responsible for a particular systems security engineering activity conducted within an engineering process (e.g., operations elements, logistics elements, maintenance elements, and training elements).","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under element "}]}]},{"term":"supply chain risk","link":"https://csrc.nist.gov/glossary/term/supply_chain_risk","definitions":[{"text":"The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of an item of supply or a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of a system (Ref: The Ike Skelton National Defense Authorization Act for Fiscal Year 2011).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 505","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"Risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The potential for harm or compromise that arises as a result of security risks from suppliers, their supply chains, and their products or services. Supply chain risks include exposures, threats, and vulnerabilities associated with the products and services traversing the supply chain as well as the exposures, threats, and vulnerabilities to the supply chain.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"supply chain risk assessment","link":"https://csrc.nist.gov/glossary/term/supply_chain_risk_assessment","definitions":[{"text":"A systematic examination of supply chain risks, likelihoods of their occurrence, and potential impacts.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"supply chain risk information","link":"https://csrc.nist.gov/glossary/term/supply_chain_risk_information","definitions":[{"text":"Includes, but is not limited to, information that describes or identifies: (1) Functionality of covered articles, including access to data and information system privileges; (2) Information on the user environment where a covered article is used or installed; (3) The ability of the source to produce and deliver covered articles as expected (i.e., supply chain assurance); (4) Foreign control of, or influence over, the source (e.g., foreign ownership, personal and professional ties between the source and any foreign entity, legal regime of any foreign country in which the source is headquartered or conducts operations); (5) Implications to national security, homeland security, and/or national critical functions associated with use of the covered source; (6) Vulnerability of federal systems, programs, or facilities; (7) Market alternatives to the covered source; (8) Potential impact or harm caused by the possible loss, damage, or compromise of a product, material, or service to an organization’s operations or mission; (9) Likelihood of a potential impact or harm, or the exploitability of a system; (10) Security, authenticity, and integrity of covered articles and their supply and compilation chain; (11) Capacity to mitigate risks identified; (12) Credibility of and confidence in other supply chain risk information; (13) Any other information that would factor into an analysis of the security, integrity, resilience, quality, trustworthiness, or authenticity of covered articles or sources; (14) A summary of the above information and, any other information determined to be relevant to the determination of supply chain risk.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"FASCA","link":"https://www.congress.gov/115/plaws/publ390/PLAW-115publ390.pdf"}]}]}]},{"term":"supply chain risk management (SCRM)","link":"https://csrc.nist.gov/glossary/term/supply_chain_risk_management","abbrSyn":[{"text":"SCRM","link":"https://csrc.nist.gov/glossary/term/scrm"}],"definitions":[{"text":"A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 505","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of information and communications technology product and service supply chains.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under supply chain risk management ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A systematic process for managing cyber supply chain risk exposures, threats, and vulnerabilities throughout the supply chain and developing risk response strategies to the risks presented by the supplier, the supplied products and services, or the supply chain.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under supply chain risk management "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under supply chain risk management "}]},{"text":"the implementation of processes, tools or techniques to minimize the adverse impact of attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Supply Chain Risk Management "}]}]},{"term":"Support","link":"https://csrc.nist.gov/glossary/term/support","definitions":[{"text":"To be capable of providing a service or perform a function that is required or desired; to agree with a policy or position; to fulfill requirements.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Support a security strength","link":"https://csrc.nist.gov/glossary/term/support_a_security_strength","definitions":[{"text":"

A security strength of s bits is said to be supported by a particular choice of algorithm, primitive, auxiliary function, or parameters for use in the implementation of a cryptographic mechanism if that choice will not prevent the resulting implementation from attaining a security strength of at least s bits.

In this Recommendation, it is assumed that implementation choices are intended to support a security strength of 112 bits or more (see [SP 800-57] and [SP 800-131A]).

","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Support (a security strength) "}]},{"text":"A term applied to a method (e.g., an RBG, or a key with its associated cryptographic algorithm) that is capable of providing (at a minimum) the security strength required or desired for protecting data.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"}]},{"text":"A security strength of s bits is said to be supported by a particular choice of algorithm, primitive, auxiliary function, parameters (etc.) for use in the implementation of a cryptographic mechanism if that choice will not prevent the resulting implementation from attaining a security strength of at least s bits. In this Recommendation, it is assume that implementation choices are intended to support a security strenght of 112 bits or more (see [NIST SP 800-57] and [NIST SP 800-131A])","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Support (a security strength) "}]},{"text":"A term applied to a method (e.g., an RBG or a key with its associated cryptographic algorithm) that is capable of providing (at a minimum) the security strength required or desired for protecting data.\nA security strength of s bits is said to be supported by a particular choice of keying material, algorithm, primitive, auxiliary function, parameters (etc.) for use in the implementation of a cryptographic mechanism if that choice will not prevent the resulting implementation from attaining a security strength of at least s bits.","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"Support Vector Machines","link":"https://csrc.nist.gov/glossary/term/support_vector_machines","abbrSyn":[{"text":"SVM","link":"https://csrc.nist.gov/glossary/term/svm"}],"definitions":null},{"term":"Supporting Capabilities","link":"https://csrc.nist.gov/glossary/term/supporting_capabilities","definitions":[{"text":"Capabilities that provide functionality that supports the other IoT capabilities. Examples of supporting capabilities are device management, cybersecurity, and privacy capabilities.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"Supporting Parties","link":"https://csrc.nist.gov/glossary/term/supporting_parties","definitions":[{"text":"Providers of external system services to the manufacturer through a variety of consumer-producer relationships including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges. Supporting services include, for example, Telecommunications, engineering services, power, water, software, tech support, and security.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"}]}]},{"term":"Supporting Services","link":"https://csrc.nist.gov/glossary/term/supporting_services","definitions":[{"text":"Providers of external system services to the manufacturer through a variety of consumer-producer relationships including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges. Supporting services include, for example, Telecommunications, engineering services, power, water, software, tech support, and security.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]}]},{"term":"supportive relationship mapping","link":"https://csrc.nist.gov/glossary/term/supportive_relationship_mapping","definitions":[{"text":"A concept relationship style that identifies how one concept can or does help achieve another concept.","sources":[{"text":"NIST IR 8477","link":"https://doi.org/10.6028/NIST.IR.8477"}]},{"text":"An OLIR that indicates how a supporting concept can or does help achieve a supported concept, with one of the concepts being a Focal Document Element and the other a Reference Document Element.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under Supportive Relationship Mapping OLIR "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under Supportive Relationship Mapping OLIR "}]}]},{"term":"suppression measure","link":"https://csrc.nist.gov/glossary/term/suppression_measure","definitions":[{"text":"Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"SURF","link":"https://csrc.nist.gov/glossary/term/surf","abbrSyn":[{"text":"Summer Undergraduate Research Fellowship","link":"https://csrc.nist.gov/glossary/term/summer_undergraduate_research_fellowship"}],"definitions":null},{"term":"Surge Protector","link":"https://csrc.nist.gov/glossary/term/surge_protector","definitions":[{"text":"A device designed to protect electrical devices from voltage spikes or dips.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1"}]}]},{"term":"survivability","link":"https://csrc.nist.gov/glossary/term/survivability","definitions":[{"text":"The ability of a system to minimize the impact of a finite- duration disturbance on value delivery (i.e., stakeholder benefit at cost), achieved through the reduction of the likelihood or magnitude of a disturbance; the satisfaction of a minimally acceptable level of value delivery during and after a disturbance; and/or a timely recovery.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"Richards et al","link":"https://pdfs.semanticscholar.org/3734/7b58123c16e84e2f51a4e172ddee0a8755c0.pdf"}]}]},{"text":"The ability of a system to minimize the impact of a finite-duration disturbance on value delivery (i.e., stakeholder benefit at cost), achieved through the reduction of the likelihood or magnitude of a disturbance; the satisfaction of a minimally acceptable level of value delivery during and after a disturbance; and/or a timely recovery.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"Richards et al","link":"https://pdfs.semanticscholar.org/3734/7b58123c16e84e2f51a4e172ddee0a8755c0.pdf"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"Richards et al","link":"https://pdfs.semanticscholar.org/3734/7b58123c16e84e2f51a4e172ddee0a8755c0.pdf"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"Richards et al","link":"https://pdfs.semanticscholar.org/3734/7b58123c16e84e2f51a4e172ddee0a8755c0.pdf"}]}]}]},{"term":"susceptibility","link":"https://csrc.nist.gov/glossary/term/susceptibility","definitions":[{"text":"The inability to avoid adversity.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"Suspended state","link":"https://csrc.nist.gov/glossary/term/suspended_state","definitions":[{"text":"A lifecycle state of a key whereby the use of the key for applying cryptographic protection has been temporarily suspended.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"A key state in which the use of a key or key pair may be suspended for a period of time.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"suspension","link":"https://csrc.nist.gov/glossary/term/suspension","definitions":[{"text":"The process of changing the status of a valid certificate to suspended (i.e., temporarily invalid).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"The process of temporarily changing the status of a key or certificate to invalid (e.g., in order to determine if it has been compromised). The certificate may subsequently be revoked or reactivated.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Suspension "}]}]},{"term":"SVID","link":"https://csrc.nist.gov/glossary/term/svid","abbrSyn":[{"text":"SPIFFE Verifiable Identity Document","link":"https://csrc.nist.gov/glossary/term/spiffe_verifiable_identity_document"}],"definitions":null},{"term":"SVM","link":"https://csrc.nist.gov/glossary/term/svm","abbrSyn":[{"text":"Secure Virtual Machine","link":"https://csrc.nist.gov/glossary/term/secure_virtual_machine"},{"text":"Support Vector Machines","link":"https://csrc.nist.gov/glossary/term/support_vector_machines"}],"definitions":null},{"term":"SVP","link":"https://csrc.nist.gov/glossary/term/svp","abbrSyn":[{"text":"Shortest Vector Problem","link":"https://csrc.nist.gov/glossary/term/shortest_vector_problem"}],"definitions":null},{"term":"SW","link":"https://csrc.nist.gov/glossary/term/sw","abbrSyn":[{"text":"Secure World","link":"https://csrc.nist.gov/glossary/term/secure_world"}],"definitions":null},{"term":"SW1","link":"https://csrc.nist.gov/glossary/term/sw1","abbrSyn":[{"text":"First byte of a two-byte status word","link":"https://csrc.nist.gov/glossary/term/first_byte_of_a_two_byte_status_word"}],"definitions":null},{"term":"SW2","link":"https://csrc.nist.gov/glossary/term/sw2","abbrSyn":[{"text":"Second byte of a two-byte status word","link":"https://csrc.nist.gov/glossary/term/second_byte_of_a_two_byte_status_word"}],"definitions":null},{"term":"SwA","link":"https://csrc.nist.gov/glossary/term/swa","abbrSyn":[{"text":"Software Assurance"}],"definitions":[{"text":"The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions as intended by the purchaser or user.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2","underTerm":" under Software Assurance "}]},{"text":"The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle and that the software functions in the intended manner.","sources":[{"text":"NIST SP 800-163","link":"https://doi.org/10.6028/NIST.SP.800-163","note":" [Superseded]","underTerm":" under Software Assurance "}]}]},{"term":"SwAAP","link":"https://csrc.nist.gov/glossary/term/swaap","abbrSyn":[{"text":"Software Assurance Automation Protocol","link":"https://csrc.nist.gov/glossary/term/software_assurance_automation_protocol"}],"definitions":null},{"term":"SWAM","link":"https://csrc.nist.gov/glossary/term/swam","abbrSyn":[{"text":"Software Asset Management","link":"https://csrc.nist.gov/glossary/term/software_asset_management"}],"definitions":[{"text":"See Capability, Software Asset Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Software Asset Management "}]}]},{"term":"SWaP","link":"https://csrc.nist.gov/glossary/term/swap","abbrSyn":[{"text":"Size, Weight, and Power","link":"https://csrc.nist.gov/glossary/term/size_weight_and_power"}],"definitions":null},{"term":"SWG","link":"https://csrc.nist.gov/glossary/term/swg","abbrSyn":[{"text":"secure web gateway","link":"https://csrc.nist.gov/glossary/term/secure_web_gateway"}],"definitions":null},{"term":"SWID","link":"https://csrc.nist.gov/glossary/term/swid","abbrSyn":[{"text":"Software Identification","link":"https://csrc.nist.gov/glossary/term/software_identification"}],"definitions":null},{"term":"SWID Tag","link":"https://csrc.nist.gov/glossary/term/swid_tag","abbrSyn":[{"text":"Software Identification","link":"https://csrc.nist.gov/glossary/term/software_identification"}],"definitions":[{"text":"A SWID tag is an ISO 19770-2 compliant XML file describing a software product. It is typically digitally signed by the software manufacturer to verify its validity. Ideally, for purposes of software asset management, the SWID tag will contain the digests (digital fingerprints) of each software file installed or placed on the device with the product.","sources":[{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3"}]}]},{"term":"SWIMA","link":"https://csrc.nist.gov/glossary/term/swima","abbrSyn":[{"text":"Software Inventory Message and Attributes","link":"https://csrc.nist.gov/glossary/term/software_inventory_message_and_attributes"}],"definitions":null},{"term":"Switch","link":"https://csrc.nist.gov/glossary/term/switch","definitions":[{"text":"A network device that filters and forwards packets between LAN segments.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]"}]},{"text":"A device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]}]},{"text":"A device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination. ","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"whatis.com","link":"https://whatis.techtarget.com/"}]}]}]},{"term":"Switched Port Analyzer","link":"https://csrc.nist.gov/glossary/term/switched_port_analyzer","abbrSyn":[{"text":"SPAN","link":"https://csrc.nist.gov/glossary/term/span"}],"definitions":null},{"term":"SwMM-RSV","link":"https://csrc.nist.gov/glossary/term/swmm_rsv","abbrSyn":[{"text":"Software Measures and Metrics to Reduce Security Vulnerabilities","link":"https://csrc.nist.gov/glossary/term/software_measures_and_metrics_to_reduce_security_vulnerabilities"}],"definitions":null},{"term":"SWOT","link":"https://csrc.nist.gov/glossary/term/swot","abbrSyn":[{"text":"Strength, Weakness, Opportunity, and Threat Analysis","link":"https://csrc.nist.gov/glossary/term/strength_weakness_opportunity_threat_analysis"},{"text":"Strengths, Weaknesses, Opportunities, Threats","link":"https://csrc.nist.gov/glossary/term/strengths_weaknesses_opportunities_threats"}],"definitions":null},{"term":"SWSA","link":"https://csrc.nist.gov/glossary/term/swsa","abbrSyn":[{"text":"Semantic Web Services Architecture","link":"https://csrc.nist.gov/glossary/term/semantic_web_services_architecture"}],"definitions":null},{"term":"Sybil Attack","link":"https://csrc.nist.gov/glossary/term/sybil_attack","definitions":[{"text":"A cybersecurity attack wherein an attacker creates multiple accounts and pretends to be many persons at once.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"syllabary","link":"https://csrc.nist.gov/glossary/term/syllabary","note":"(C.F.D.)","definitions":[{"text":"List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. A syllabary may also be a spelling table.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Symantec Endpoint Protection","link":"https://csrc.nist.gov/glossary/term/symantec_endpoint_protection","abbrSyn":[{"text":"SEP","link":"https://csrc.nist.gov/glossary/term/sep"}],"definitions":null},{"term":"Symantec Endpoint Protection Manager","link":"https://csrc.nist.gov/glossary/term/symantec_endpoint_protection_manager","abbrSyn":[{"text":"SEPM","link":"https://csrc.nist.gov/glossary/term/sepm"}],"definitions":null},{"term":"Symmetric Card Authentication Key Authentication (SYM-CAK)","link":"https://csrc.nist.gov/glossary/term/symmetric_card_authentication_key_authentication_sym_cak","definitions":[{"text":"An authentication mechanism where the PIV Card is identified using the CHUID or another data element, and then the card responds to a challenge by signing the challenge value with the symmetric card authentication key. This mechanism is deprecated.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3"}]}]},{"term":"Symmetric Cryptography","link":"https://csrc.nist.gov/glossary/term/symmetric_cryptography","definitions":[{"text":"Cryptography that uses the same key for both encryption and decryption.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"A cryptographic algorithm that uses the same secret key for its operation and, if applicable, for reversing the effects of the operation (e.g., an AES key for encryption and decryption).","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"symmetric encryption algorithm","link":"https://csrc.nist.gov/glossary/term/symmetric_encryption_algorithm","definitions":[{"text":"Encryption algorithms using the same secret key for encryption and decryption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-49","link":"https://doi.org/10.6028/NIST.SP.800-49"}]}]}]},{"term":"symmetric key","link":"https://csrc.nist.gov/glossary/term/symmetric_key","abbrSyn":[{"text":"Secret key"}],"definitions":[{"text":"A cryptographic key that is used to perform both the cryptographic operation and its inverse (e.g., to encrypt, decrypt, create a message authentication code, or verify a message authentication code).","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Symmetric Key "}]},{"text":"A single cryptographic key that is used with a symmetric-key algorithm; also called a secret key. A symmetric-key algorithm is a cryptographic algorithm that uses the same secret key for an operation and its complement (e.g., encryption and decryption).","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code and to verify the code.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Symmetric Key "}]},{"text":"A cryptographic key used by one or more (authorized) entities in a symmetric-key cryptographic algorithm; the key is not made public.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Secret key "}]},{"text":"See Secret key.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Symmetric key "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key used by a secret-key (symmetric) cryptographic algorithm and that is not made public.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a secret (symmetric) key algorithm.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Symmetric key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Secret key "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Secret key "}]},{"text":"A cryptographic key that is used with a secret key (also known as a symmetric key) cryptographic algorithm that is uniquely associated with one or more entities and shall not be made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is shared by both originator and recipient (see symmetric key algorithm)","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Symmetric key "}]},{"text":"A cryptographic key used to perform both the cryptographic operation and its inverse. For example, to encrypt and decrypt or create a message authentication code and to verify the code.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Symmetric Key "}]},{"text":"A cryptographic key that is shared between two or more entities and used with a cryptographic application to process information.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used by one or more entities with a symmetric key algorithm.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used with a symmetric (secret key) cryptographic algorithm and is not made public (i.e., the key is kept secret). A secret key is also called a symmetric key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"Compare with a private key, which is used with a public-key (asymmetric-key) algorithm.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a symmetric (secret key) algorithm, is uniquely associated with one or more entities, and is not made public (i.e., the key is kept secret); a symmetric key is often called a secret key.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Symmetric key "}]},{"text":"A single cryptographic key that is used with a symmetric-key cryptographic algorithm, is uniquely associated with one or more entities and is not made public (i.e., the key is kept secret). A secret key is also called a Symmetric key. The use of the term “secret” in this context does not imply a classification level but rather implies the need to protect the key from disclosure.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Secret key "}]},{"text":"A single cryptographic key that is used with a symmetric-key cryptographic algorithm, is uniquely associated with one or more entities, and is not made public (i.e., the key is kept secret). A symmetric key is often called a secret key. See Secret key.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Symmetric key "}]}],"seeAlso":[{"text":"Cryptographic Key"},{"text":"symmetric key algorithm","link":"symmetric_key_algorithm"}]},{"term":"sync fabric","link":"https://csrc.nist.gov/glossary/term/sync_fabric","definitions":[{"text":"Any on-premises, cloud-based, or hybrid service used to store, transmit, or manage authentication keys generated by syncable authenticators that are not local to the user’s device.","sources":[{"text":"NIST SP 800-63Bsup1","link":"https://doi.org/10.6028/NIST.SP.800-63Bsup1","note":" [Supplement to NIST SP 800-63B. Will be withdrawn when NIST SP 800-63B-4 is published]"}]}]},{"term":"syncable authenticators","link":"https://csrc.nist.gov/glossary/term/syncable_authenticators","definitions":[{"text":"Software or hardware cryptographic authenticators that allow authentication keys to be cloned and exported to other storage in order to sync those keys to other authenticators (i.e., devices).","sources":[{"text":"NIST SP 800-63Bsup1","link":"https://doi.org/10.6028/NIST.SP.800-63Bsup1","note":" [Supplement to NIST SP 800-63B. Will be withdrawn when NIST SP 800-63B-4 is published]"}]}]},{"term":"synchronization","link":"https://csrc.nist.gov/glossary/term/synchronization","definitions":[{"text":"The process of setting two or more clocks to the same time.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Synchronization Protocols","link":"https://csrc.nist.gov/glossary/term/synchronization_protocols","definitions":[{"text":"Protocols that allow users to view, modify, and transfer/update data between a cell phone and personal computer.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"Protocols that allow users to view, modify, and transfer/update PDA data from the PC or vice-versa. The two most common synchronization protocols are: Microsoft’s ActiveSync and Palm’s HotSync.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"synchronous crypto-operation","link":"https://csrc.nist.gov/glossary/term/synchronous_crypto_operation","definitions":[{"text":"Method of on-line cryptographic operation in which cryptographic equipment and associated terminals have timing systems to keep them in step.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Synchronous Optical Network","link":"https://csrc.nist.gov/glossary/term/synchronous_optical_network","abbrSyn":[{"text":"SONET","link":"https://csrc.nist.gov/glossary/term/sonet"}],"definitions":null},{"term":"Syntactic matching","link":"https://csrc.nist.gov/glossary/term/syntactic_matching","definitions":[{"text":"uses internal structures present in digital objects. For example, the structure of a TCP network packet is defined by an international standard and matching tools can make use of this structure during network packet analysis to match the source, destination or content of the packet. Syntax-sensitive similarity measurements are specific to a particular class of objects that share an encoding but require no interpretation of the content to produce meaningful results.","sources":[{"text":"NIST SP 800-168","link":"https://doi.org/10.6028/NIST.SP.800-168"}]}]},{"term":"Syntax","link":"https://csrc.nist.gov/glossary/term/syntax","definitions":[{"text":"The rules for constructing or recognizing the acceptable sentences of a language.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"synthetic data generation","link":"https://csrc.nist.gov/glossary/term/synthetic_data_generation","definitions":[{"text":"A process in which seed data are used to create artificial data that have some of the statistical characteristics of the seed data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]},{"text":"a process in which seed data is used to create artificial data that has some of the statistical characteristics as the seed data","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Synthetic Identifier","link":"https://csrc.nist.gov/glossary/term/synthetic_identifier","definitions":[{"text":"An identifier that is assigned to an asset in the context of some management domain.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"syntonization","link":"https://csrc.nist.gov/glossary/term/syntonization","definitions":[{"text":"The process of setting two or more oscillators to the same frequency.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"SysAdmin, Audit, Network, Security","link":"https://csrc.nist.gov/glossary/term/sysadmin_audit_network_security","abbrSyn":[{"text":"SANS","link":"https://csrc.nist.gov/glossary/term/sans"}],"definitions":null},{"term":"Syslog","link":"https://csrc.nist.gov/glossary/term/syslog","definitions":[{"text":"A protocol that specifies a general log entry format and a log entry transport mechanism.","sources":[{"text":"NIST SP 800-92","link":"https://doi.org/10.6028/NIST.SP.800-92"}]}]},{"term":"system administrator (SA)","link":"https://csrc.nist.gov/glossary/term/system_administrator","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":[{"text":"Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under System Administrator ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An FCKMS role that is responsible for the personnel, daily operation, training, maintenance, and related management of an FCKMS other than its keys. The system administrator is responsible for initially verifying individual identities, and then establishing appropriate identifiers for all personnel involved in the operation and use of the FCKMS.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under System administrator "}]},{"text":"A person who manages a computer system, including its operating system and applications. A system administrator’s responsibilities are similar to that of a network administrator.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2","underTerm":" under System Administrator "}]},{"text":"A person who manages a computer system, including its operating system and applications. Responsibilities are similar to that of a network administrator.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2","underTerm":" under System Administrator "}]},{"text":"An individual, group, or organization responsible for setting up and maintaining a system or specific system elements, implements approved secure baseline configurations, incorporates secure configuration settings for IT products, and conducts/assists with configuration monitoring activities as needed.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under system administrator ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Individual or group responsible for overseeing the day-to-day operability of a computer system or network. This position normally carries special privileges including access to the protection state and software of a system.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under System Administrator "},{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under System Administrator "}]}]},{"term":"System and Communications Protection","link":"https://csrc.nist.gov/glossary/term/system_and_communications_protection","abbrSyn":[{"text":"SC","link":"https://csrc.nist.gov/glossary/term/sc"}],"definitions":null},{"term":"System and Information Integrity","link":"https://csrc.nist.gov/glossary/term/system_and_information_integrity","abbrSyn":[{"text":"SI","link":"https://csrc.nist.gov/glossary/term/si"}],"definitions":null},{"term":"System and Information Protection","link":"https://csrc.nist.gov/glossary/term/system_and_information_protection","abbrSyn":[{"text":"SI","link":"https://csrc.nist.gov/glossary/term/si"}],"definitions":null},{"term":"System and Services Acquisition","link":"https://csrc.nist.gov/glossary/term/system_and_services_acquisition","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":null},{"term":"System Assurance","link":"https://csrc.nist.gov/glossary/term/system_assurance","definitions":[{"text":"The justified confidence that the system functions as intended and is free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system at any time during the life cycle.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"NDIA","link":"https://www.ndia.org/-/media/sites/ndia/meetings-and-events/divisions/systems-engineering/sse-committee/systems-assurance-guidebook.ashx?la=en"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"NDIA-2008"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NDIA","link":"https://www.ndia.org/-/media/sites/ndia/meetings-and-events/divisions/systems-engineering/sse-committee/systems-assurance-guidebook.ashx?la=en"}]}]}]},{"term":"System authority","link":"https://csrc.nist.gov/glossary/term/system_authority","definitions":[{"text":"An FCKMS role that is responsible to executive-level management (e.g., the Chief Information Officer) for the overall operation and security of an FCKMS. A system authority manages all operational FCKMS roles.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"system boundary","link":"https://csrc.nist.gov/glossary/term/system_boundary","abbrSyn":[{"text":"authorization boundary","link":"https://csrc.nist.gov/glossary/term/authorization_boundary"}],"definitions":[{"text":"All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authorization boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"},{"text":"NIST SP 800-53A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-53Ar1"},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"All components of an information system to be authorized for operation by an authorizing official. This excludes separately authorized systems to which the information system is connected.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under authorization boundary ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under authorization boundary ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"See Authorization Boundary.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"System Categorization","link":"https://csrc.nist.gov/glossary/term/system_categorization","definitions":[{"text":"The characterization of a manufacturing system, its components, and operations, based on an assessment of the potential impact that a loss of availability, integrity, or confidentiality would have on organizational operations, organizational assets, or individuals.","sources":[{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"FIPS 199","link":"https://doi.org/10.6028/NIST.FIPS.199"}]}]}]},{"term":"System Center Configuration Manager","link":"https://csrc.nist.gov/glossary/term/system_center_configuration_manager","note":"(Microsoft)","abbrSyn":[{"text":"SCCM","link":"https://csrc.nist.gov/glossary/term/sccm"}],"definitions":null},{"term":"system component","link":"https://csrc.nist.gov/glossary/term/system_component","abbrSyn":[{"text":"component","link":"https://csrc.nist.gov/glossary/term/component"},{"text":"information technology product","link":"https://csrc.nist.gov/glossary/term/information_technology_product"},{"text":"SC","link":"https://csrc.nist.gov/glossary/term/sc"}],"definitions":[{"text":"A discrete identifiable information or operational technology asset that represents a building block of a system and may include hardware, software, and firmware.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"A hardware, software, or firmware part or element of a larger system with well-defined inputs and outputs and a specific function.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under component ","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf","note":" - adapted"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under component ","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf","note":" - Adapted"}]}]},{"text":"A hardware, software, firmware part or element of a larger PNT system with well-defined inputs and outputs and a specific function.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under component ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - adapted"},{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf","note":" - adapted"}]}]},{"text":"Smallest selectable set of elements on which requirements may be based."},{"text":"A discrete identifiable information technology asset that represents a building block of a system and may include hardware, software, and firmware.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"See system component.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under component "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under component "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under component "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under component "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under information technology product "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information technology product "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under information technology product "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under component "}]},{"text":"See information system component.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information technology product "}]},{"text":"Discrete identifiable information technology assets that represent a building block of a system and include hardware, software, firmware, and virtual machines.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"A discrete, identifiable information technology asset (hardware, software, firmware) that represents a building block of a system. System components include commercial information technology products.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","note":" - Adapted"}]}]},{"text":"See system element.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under component "}]}]},{"term":"system context","link":"https://csrc.nist.gov/glossary/term/system_context","definitions":[{"text":"The specific system elements, boundaries, interconnections, interactions, and operational environment that define a system.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"The specific system elements, boundaries, interconnections, interactions, and environment of operation that define a system.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"System Contingency Plan","link":"https://csrc.nist.gov/glossary/term/system_contingency_plan","abbrSyn":[{"text":"SCP","link":"https://csrc.nist.gov/glossary/term/scp"}],"definitions":null},{"term":"System Design Review","link":"https://csrc.nist.gov/glossary/term/system_design_review","abbrSyn":[{"text":"SDR","link":"https://csrc.nist.gov/glossary/term/sdr"}],"definitions":null},{"term":"System Developer","link":"https://csrc.nist.gov/glossary/term/system_developer","definitions":[{"text":"An individual group, or organization that develops hardware/software for distribution or sale.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"System Development Life Cycle (SDLC)","link":"https://csrc.nist.gov/glossary/term/system_development_life_cycle","abbrSyn":[{"text":"SDLC","link":"https://csrc.nist.gov/glossary/term/sdlc"}],"definitions":[{"text":"The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under system development life cycle ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","note":" - adapted"}]}]},{"text":"The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under system development life cycle "},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System Development Life Cycle ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-34","link":"https://doi.org/10.6028/NIST.SP.800-34"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under system development life cycle ","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]}]}]},{"term":"System Development Lifecycle","link":"https://csrc.nist.gov/glossary/term/system_development_lifecycle","abbrSyn":[{"text":"SDLC","link":"https://csrc.nist.gov/glossary/term/sdlc"}],"definitions":null},{"term":"System Development Platform","link":"https://csrc.nist.gov/glossary/term/system_development_platform","abbrSyn":[{"text":"SDP","link":"https://csrc.nist.gov/glossary/term/sdp"}],"definitions":null},{"term":"system element","link":"https://csrc.nist.gov/glossary/term/system_element","abbrSyn":[{"text":"component","link":"https://csrc.nist.gov/glossary/term/component"}],"definitions":[{"text":"A hardware, software, or firmware part or element of a larger system with well-defined inputs and outputs and a specific function.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","underTerm":" under component ","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf","note":" - adapted"}]},{"text":"NIST IR 8441","link":"https://doi.org/10.6028/NIST.IR.8441","underTerm":" under component ","refSources":[{"text":"DHS RCF","link":"https://www.dhs.gov/sites/default/files/publications/2020_12_resilient_pnt_conformance_framework.pdf","note":" - Adapted"}]}]},{"text":"A hardware, software, firmware part or element of a larger PNT system with well-defined inputs and outputs and a specific function.","sources":[{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under component ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - adapted"},{"text":"DHS RCF v2.0","link":"https://www.dhs.gov/sites/default/files/2022-05/22_0531_st_resilient_pnt_conformance_framework_v2.0.pdf","note":" - adapted"}]}]},{"text":"Smallest selectable set of elements on which requirements may be based."},{"text":"See system component.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under component "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under component "},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under component "},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","underTerm":" under component "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under component "}]},{"text":"Member of a set of elements that constitute a system.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"Member of a set of elements that constitute a system. \nNote 1: A system element can be a discrete component, product, service, subsystem, system, infrastructure, or enterprise. \nNote 2: Each element of the system is implemented to fulfill specified requirements. \nNote 3: The recursive nature of the term allows the term system to apply equally when referring to a discrete component or to a large, complex, geographically distributed system-of-systems. \nNote 4: System elements are implemented by: hardware, software, and firmware that perform operations on data/information; physical structures, devices, and components in the environment of operation; and the people, processes, and procedures for operating, sustaining, and supporting the system elements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]},{"text":"See system element.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under component "}]},{"text":"Member of a set of elements that constitute a system.\nNote 1: A system element can be a discrete component, product, service, subsystem, system, infrastructure, or enterprise.\nNote 2: Each element of the system is implemented to fulfill specified requirements.\nNote 3: The recursive nature of the term allows the term system to apply equally when referring to a discrete component or to a large, complex, geographically distributed system-of-systems.\nNote 4: System elements are implemented by: hardware, software, and firmware that perform operations on data/information; physical structures, devices, and components in the environment of operation; and the people, processes, and procedures for operating, sustaining, and supporting the system elements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"System Environment","link":"https://csrc.nist.gov/glossary/term/system_environment","definitions":[{"text":"the unique technical and operating characteristics of an IT systemand its associated environment, including the hardware, software, firmware, communications capability, organization, and physical location.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"System Flash Memory","link":"https://csrc.nist.gov/glossary/term/system_flash_memory","definitions":[{"text":"The non-volatile storage location of system BIOS, typically in electronically erasable programmable read-only memory (EEPROM) flash memory on the motherboard. While system flash memory is a technology-specific term, guidelines in this document referring to the system flash memory are intended to apply to any non-volatile storage medium containing the system BIOS.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"system high","link":"https://csrc.nist.gov/glossary/term/system_high","definitions":[{"text":"Highest security level supported by an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"security range","link":"security_range"}]},{"term":"system high mode","link":"https://csrc.nist.gov/glossary/term/system_high_mode","note":"(C.F.D.)","definitions":[{"text":"Information systems security mode of operation wherein each user, with direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of the following: 1) valid security clearance for all information within an information system; 2) formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, sub compartments and/or special access programs); and 3) valid need-to- know for some of the information contained within the information system. \nRationale: system high, along with other related terms, has been listed for deletion.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"System Identifier","link":"https://csrc.nist.gov/glossary/term/system_identifier","abbrSyn":[{"text":"SID","link":"https://csrc.nist.gov/glossary/term/sid"}],"definitions":null},{"term":"system indicator","link":"https://csrc.nist.gov/glossary/term/system_indicator","definitions":[{"text":"Symbol or group of symbols in an off-line encrypted message identifying the specific cryptosystem or key used in the encryption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"System initialization","link":"https://csrc.nist.gov/glossary/term/system_initialization","definitions":[{"text":"A function in the lifecycle of keying material; setting up and configuring a system for secure operation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"A function in the lifecycle of a cryptographic key; setting up and configuring a system for secure operation.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"}]}]},{"term":"System Integrator","link":"https://csrc.nist.gov/glossary/term/system_integrator","definitions":[{"text":"Those organizations that provide customized services to the acquirer including for example, custom development, test, operations, and maintenance.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]},{"text":"An organization that customizes (e.g., combines, adds, optimizes) components, systems, and corresponding processes. The integrator function can also be performed by acquirer.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","note":" - Adapted"}]}]},{"text":"Those organizations that provide customized services to the acquirer including custom development, test, operations, and maintenance.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]"}]}]},{"term":"system integrity","link":"https://csrc.nist.gov/glossary/term/system_integrity","definitions":[{"text":"The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA"}]},{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under System Integrity ","refSources":[{"text":"NIST SP 800-27","link":"https://doi.org/10.6028/NIST.SP.800-27"}]},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]}]},{"term":"system interconnection","link":"https://csrc.nist.gov/glossary/term/system_interconnection","definitions":[{"text":"The direct connection of two or more information systems for the purpose of sharing data and other information resources.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47"}]}]},{"text":"the requirements for communication or interconnection by an ITsystem with one or more other IT systems or networks, to share processing capability or pass data and information in support of multi-organizational or public programs.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16","underTerm":" under System Interconnection "}]},{"text":"The direct connection of two or more IT systems for the purpose of sharing data and other information resources.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under System Interconnection "}]},{"text":"A direct connection between two or more systems in different authorization boundaries for the purpose of exchanging information and/or allowing access to information, information services, and resources.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"system life cycle","link":"https://csrc.nist.gov/glossary/term/system_life_cycle","abbrSyn":[{"text":"life cycle stages","link":"https://csrc.nist.gov/glossary/term/life_cycle_stages"}],"definitions":[{"text":"Period that begins when a system is conceived and ends when the system is no longer available for use.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"The period of time that begins when a system is conceived and ends when the system is no longer available for use. \nRefer to life cycle stages.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]},{"text":"The period of time that begins when a system is conceived and ends when the system is no longer available for use.\nRefer to life cycle stages.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]}]},{"term":"system low","link":"https://csrc.nist.gov/glossary/term/system_low","definitions":[{"text":"Lowest security level supported by an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"security range","link":"security_range"}]},{"term":"System Management BIOS","link":"https://csrc.nist.gov/glossary/term/system_management_bios","abbrSyn":[{"text":"SMBIOS","link":"https://csrc.nist.gov/glossary/term/smbios"}],"definitions":null},{"term":"System Management Bus","link":"https://csrc.nist.gov/glossary/term/system_management_bus","abbrSyn":[{"text":"SMBus","link":"https://csrc.nist.gov/glossary/term/smbus"}],"definitions":null},{"term":"System Management Interrupt","link":"https://csrc.nist.gov/glossary/term/system_management_interrupt","abbrSyn":[{"text":"SMI","link":"https://csrc.nist.gov/glossary/term/smi"}],"definitions":null},{"term":"System Management Mode (SMM)","link":"https://csrc.nist.gov/glossary/term/system_management_mode","abbrSyn":[{"text":"SMM","link":"https://csrc.nist.gov/glossary/term/smm"}],"definitions":[{"text":"A high-privilege operating mode found in x86-compatible processors used for low-level system management functions. System Management Mode is only entered after the system generates a System Management Interrupt and only executes code from a segregated block of memory.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"System Management Tools","link":"https://csrc.nist.gov/glossary/term/system_management_tools","abbrSyn":[{"text":"SMT","link":"https://csrc.nist.gov/glossary/term/smt"}],"definitions":null},{"term":"system of records","link":"https://csrc.nist.gov/glossary/term/system_of_records","definitions":[{"text":"“A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122","underTerm":" under System of Records ","refSources":[{"text":"The Privacy Act of 1974, 5 U.S.C. § 552a(a)(5)","link":"https://www.govinfo.gov/content/pkg/STATUTE-88/pdf/STATUTE-88-Pg1896.pdf"}]}]},{"text":"A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"5 U.S.C., Sec. 552a(a)(5)","link":"https://www.govinfo.gov/app/details/USCODE-2010-title5/USCODE-2010-title5-partI-chap5-subchapII-sec552a"}]}]}]},{"term":"system of records notice","link":"https://csrc.nist.gov/glossary/term/system_of_records_notice","abbrSyn":[{"text":"SORN","link":"https://csrc.nist.gov/glossary/term/sorn"}],"definitions":[{"text":"The Privacy Act requires each agency to publish a notice of its systems of records in the Federal Register. This is called a System of Record Notice (SORN).","sources":[{"text":"NIST SP 800-79-2","link":"https://doi.org/10.6028/NIST.SP.800-79-2","underTerm":" under SORN "}]},{"text":"An official public notice of an organization’s system(s) of records, as required by the Privacy Act of 1974, that identifies: (i) the purpose for the system of records; (ii) the individuals covered by information in the system of records; (iii) the categories of records maintained about individuals; and (iv) the ways in which the information is shared.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System of Records Notice "}]},{"text":"The notice(s) published by an agency in the Federal Register upon the establishment and/or modification of a system of records describing the existence and character of the system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-108","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf"}]}]}]},{"term":"system of systems","link":"https://csrc.nist.gov/glossary/term/system_of_systems","abbrSyn":[{"text":"SoS","link":"https://csrc.nist.gov/glossary/term/sos"}],"definitions":[{"text":"System of interest whose system elements are themselves systems; typically, these entail large-scale interdisciplinary problems with multiple heterogeneous distributed systems.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under system-of-systems ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"System Engineering Handbook","link":"https://www.incose.org/products-and-publications/se-handbook"}]}]},{"text":"System of interest whose system elements are themselves systems; typically, these entail large-scale interdisciplinary problems with multiple, heterogeneous, distributed systems.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"System Engineering Handbook","link":"https://www.incose.org/products-and-publications/se-handbook"}]}]},{"text":"Set of systems or system elements that interact to provide a unique capability that none of the constituent systems can accomplish on its own.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 21839:2019","link":"https://www.iso.org/standard/71955.html"}]}]},{"text":"System-of-interest whose system elements are themselves systems; typically, these entail large-scale interdisciplinary problems with multiple heterogeneous distributed systems. Note: In the system-of-systems environment, constituent systems may not have a single owner, may not be under a single authority, or may not operate within a single set of priorities.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under system-of-systems ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"System-of-interest whose system elements are themselves systems; typically, these entail large-scale interdisciplinary problems with multiple, heterogeneous, distributed systems.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system-of-systems ","refSources":[{"text":"INCOSE14"}]}]}]},{"term":"System on Chip","link":"https://csrc.nist.gov/glossary/term/system_on_chip","abbrSyn":[{"text":"SoC"}],"definitions":null},{"term":"system or device certificate","link":"https://csrc.nist.gov/glossary/term/system_or_device_certificate","definitions":[{"text":"The system or device whose name appears as the subject in a certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"system owner","link":"https://csrc.nist.gov/glossary/term/system_owner","abbrSyn":[{"text":"program manager","link":"https://csrc.nist.gov/glossary/term/program_manager"},{"text":"SO","link":"https://csrc.nist.gov/glossary/term/so"}],"definitions":[{"text":"Person or organization having responsibility for the development, procurement, integration, modification, operation, and maintenance, and/or final disposition of an information system.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under System Owner ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under System Owner ","refSources":[{"text":"CNSSI 4009-2010"}]},{"text":"NISTIR 8286B","link":"https://doi.org/10.6028/NIST.IR.8286B"},{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"system owner (or program manager)","link":"https://csrc.nist.gov/glossary/term/system_owner_or_program_manager","definitions":[{"text":"Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of a system.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"An organizational official responsible for the procurement, development, integration, modification, operation, maintenance, and disposal of a system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"Official responsible for the overall procurement, development, integration, modification, operation, and maintenance of a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Official responsible for the procurement, development, integration, modification, operation, and maintenance of a system.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"term":"system privacy officer","link":"https://csrc.nist.gov/glossary/term/system_privacy_officer","definitions":[{"text":"Individual with assigned responsibility for maintaining the appropriate operational privacy posture for a system or program.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"System privacy requirement","link":"https://csrc.nist.gov/glossary/term/system_privacy_requirement","definitions":[{"text":"System requirements that have privacy relevance. System privacy requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied.  Note: Each system privacy requirement is expressed in a manner that makes verification possible via analysis, observation, test, inspection, measurement, or other defined and achievable means.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - adapted"}]}]},{"text":"System requirements that have privacy relevance. System privacy requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied.\nNote Each system privacy requirement is expressed in a manner that makes verification possible via analysis, observation, test, inspection, measurement, or other defined and achievable means.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - Adapted"}]}]}]},{"term":"System Security Authorization Agreement","link":"https://csrc.nist.gov/glossary/term/system_security_authorization_agreement","abbrSyn":[{"text":"SSAA","link":"https://csrc.nist.gov/glossary/term/ssaa"}],"definitions":null},{"term":"System Security Engineer","link":"https://csrc.nist.gov/glossary/term/system_security_engineer","abbrSyn":[{"text":"SSE","link":"https://csrc.nist.gov/glossary/term/sse"}],"definitions":null},{"term":"system security officer","link":"https://csrc.nist.gov/glossary/term/system_security_officer","abbrSyn":[{"text":"information system security officer","link":"https://csrc.nist.gov/glossary/term/information_system_security_officer"},{"text":"Information System Security Officer (ISSO)"},{"text":"SSO","link":"https://csrc.nist.gov/glossary/term/sso"}],"definitions":[{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information system security officer ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Information System Security Officer (ISSO) ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Person responsible to the designated approving authority for ensuring the security of an information system throughout its lifecycle, from design through disposal.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Information System Security Officer (ISSO) ","refSources":[{"text":"NSTISSI 4009"}]}]},{"text":"See system security officer (SSO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under information system security officer ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","underTerm":" under System Security Officer (SSO) ","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"text":"Individual with assigned responsibility for maintaining the appropriate operational security posture for a system or program.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]}]},{"term":"system security plan","link":"https://csrc.nist.gov/glossary/term/system_security_plan","abbrSyn":[{"text":"information system security plan","link":"https://csrc.nist.gov/glossary/term/information_system_security_plan"},{"text":"Security Plan"},{"text":"SECURITY PLAN"},{"text":"SSP","link":"https://csrc.nist.gov/glossary/term/ssp"}],"definitions":[{"text":"A document that describes how an organization meets or plans to meet the security requirements for a system. In particular, the system security plan describes the system boundary, the environment in which the system operates, how security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"}]},{"text":"A document that describes how an organization meets or plans to meet the security requirements for a system. In particular, the system security plan describes the system boundary, the environment in which the system operates, how the security requirements are satisfied, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-171Ar3","link":"https://doi.org/10.6028/NIST.SP.800-171Ar3"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SYSTEM SECURITY PLAN ","refSources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]},{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under system security plan (SSP) ","refSources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under System Security Plan ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"See System Security Plan.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under SECURITY PLAN "},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Security Plan "}]},{"text":"Formal document that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]},{"text":"Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Security Plan ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"Formal document that provides an overview of the security requirements for a system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under System Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18","note":" - Adapted"}]}]},{"text":"A formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under information system security plan ","refSources":[{"text":"OMB Circular A-130","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under information system security plan ","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"A system document that provides an overview of the security requirements of a system and describes the controls in place to meet those requirements.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under System security plan (SSP) "}]},{"text":"See information system security plan.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. \nSee System Security Plan or Information Security Program Plan.","sources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Security Plan "},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Plan "}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.\nSee System Security Plan or Information Security Program Plan.","sources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Security Plan "}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. See System Security Plan or Information Security Program Plan.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Security Plan ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary; the environment in which the system operates; how the security requirements are implemented; and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"See security plan.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"A document that describes how an organization meets the security requirements for a system or how an organization plans to meet the requirements. In particular, the system security plan describes the system boundary, the environment in which the system operates, how security requirements are implemented, and the relationships with or connections to other systems.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]},{"text":"Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. \nSee System Security Plan.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Security Plan ","refSources":[{"text":"NIST SP 800-18","link":"https://doi.org/10.6028/NIST.SP.800-18"}]}]}],"seeAlso":[{"text":"security plan","link":"security_plan"}]},{"term":"system security requirement","link":"https://csrc.nist.gov/glossary/term/system_security_requirement","definitions":[{"text":"System requirement that has security relevance. System security requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system security requirements have been satisfied.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"System requirements that have security relevance. System security requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system security requirements have been satisfied. \nNote: Each system security requirement is expressed in a manner that makes verification possible via analysis, observation, test, inspection, measurement, or other defined and achievable means.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system security requirements "}]},{"text":"System requirements that have security relevance. System security requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system security requirements have been satisfied.\nNote: Each system security requirement is expressed in a manner that makes verification possible via analysis, observation, test, inspection, measurement, or other defined and achievable means.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under system security requirements "}]}]},{"term":"system service","link":"https://csrc.nist.gov/glossary/term/system_service","definitions":[{"text":"A capability provided by a system that facilitates information processing, storage, or transmission.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A"},{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]}]},{"term":"System Test","link":"https://csrc.nist.gov/glossary/term/system_test","definitions":[{"text":"A test performed on a complete system to evaluate its compliance with specified requirements.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"system user","link":"https://csrc.nist.gov/glossary/term/systemuser","abbrSyn":[{"text":"SU","link":"https://csrc.nist.gov/glossary/term/su"}],"definitions":[{"text":"An individual or (system) process acting on behalf of an individual that is authorized to access a system.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3"}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access a system.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"An individual or (system) process acting on behalf of an individual that is authorized to access information and information systems to perform assigned duties. \nNote: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]}]},{"term":"system-related privacy risk","link":"https://csrc.nist.gov/glossary/term/system_related_privacy_risk","definitions":[{"text":"Those risks that arise from the likelihood that a given operation the system is taking when processing PII could create an adverse effect on individuals—and the potential impact on individuals.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","note":" - Adapted"}]}]},{"text":"Risk to an individual or individuals associated with the agency’s creation, collection, use, processing, storage, maintenance, dissemination, disclosure, and disposal of their PII. See risk.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}],"seeAlso":[{"text":"risk","link":"risk"}]},{"term":"system-related security risk","link":"https://csrc.nist.gov/glossary/term/system_related_security_risk","definitions":[{"text":"Risk that arises through the loss of confidentiality, integrity, or availability of information or systems and that considers impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See risk.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]}],"seeAlso":[{"text":"risk","link":"risk"}]},{"term":"Systems and Services Acquisition","link":"https://csrc.nist.gov/glossary/term/systems_and_services_acquisition","abbrSyn":[{"text":"SA","link":"https://csrc.nist.gov/glossary/term/sa"}],"definitions":null},{"term":"systems engineering","link":"https://csrc.nist.gov/glossary/term/systems_engineering","definitions":[{"text":"A transdisciplinary and integrative approach to enable the successful realization, use, and retirement of engineered systems, using systems principles and concepts, and scientific, technological, and management methods.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Systems Engineering and System Definitions","link":"https://www.incose.org/docs/default-source/default-document-library/incose-se-definitions-tp-2020-002-06.pdf"}]}]},{"text":"An engineering discipline whose responsibility is creating and executing an interdisciplinary process to ensure that the customer and all other stakeholder needs are satisfied in a high-quality, trustworthy, cost-efficient, and schedule-compliant manner throughout a system’s entire life cycle.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","refSources":[{"text":"What Is Systems Engineering","link":"https://www.incose.org/"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Systems Engineering ","refSources":[{"text":"What Is Systems Engineering","link":"https://www.incose.org/"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"INCOSE"}]}]},{"text":"Interdisciplinary approach governing the total technical and managerial effort required to transform a set of stakeholder needs, expectations, and constraints into a solution and to support that solution throughout its life.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","refSources":[{"text":"ISO/IEC/IEEE 24765"}]},{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Systems Engineering ","refSources":[{"text":"ISO/IEC/IEEE 24765"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 24765"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]}]},{"term":"Systems Engineering Body of Knowledge","link":"https://csrc.nist.gov/glossary/term/systems_engineering_body_of_knowledge","abbrSyn":[{"text":"SEBoK","link":"https://csrc.nist.gov/glossary/term/sebok"}],"definitions":null},{"term":"Systems Management Server","link":"https://csrc.nist.gov/glossary/term/systems_management_server","abbrSyn":[{"text":"SMS","link":"https://csrc.nist.gov/glossary/term/sms"}],"definitions":null},{"term":"systems privacy engineer","link":"https://csrc.nist.gov/glossary/term/systems_privacy_engineer","definitions":[{"text":"Individual assigned responsibility for conducting systems privacy engineering activities.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"systems privacy engineering","link":"https://csrc.nist.gov/glossary/term/systems_privacy_engineering","definitions":[{"text":"Process that captures and refines privacy requirements and ensures their integration into information technology component products and information systems through purposeful privacy design or configuration.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]}]},{"term":"systems security engineer","link":"https://csrc.nist.gov/glossary/term/systems_security_engineer","definitions":[{"text":"Individual who practices the discipline of systems security engineering, regardless of their formal title. Additionally, the term systems security engineer refers to multiple individuals who operate on the same team or cooperating teams.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Individual assigned responsibility for conducting systems security engineering activities.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"Individual that performs any or all of the activities defined by the systems security engineering process, regardless of their formal title. Additionally, the term systems security engineer refers to multiple individuals operating on the same team or cooperating teams.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"systems security engineering","link":"https://csrc.nist.gov/glossary/term/systems_security_engineering","abbrSyn":[{"text":"SSE","link":"https://csrc.nist.gov/glossary/term/sse"}],"definitions":[{"text":"A transdisciplinary and integrative approach to enable the successful secure realization, use, and retirement of engineered systems using systems, security, and other principles and concepts, as well as scientific, technological, and management methods. Systems security engineering is a subdiscipline of systems engineering.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Systems security engineering is a specialty engineering field strongly related to systems engineering. It applies scientific, engineering, and information assurance principles to deliver trustworthy systems that satisfy stakeholder requirements within their established risk tolerance. \nSee also information systems security engineering (ISSE).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - (draft)"}]}]},{"text":"Process that captures and refines security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"A specialty engineering field strongly related to systems engineering. It applies scientific, engineering, and information assurance principles to deliver trustworthy systems that satisfy stakeholder requirements within their established risk tolerance.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Systems security engineering is a specialty engineering discipline of systems engineering that applies scientific, mathematical, engineering, and measurement principles, concepts, and methods to coordinate, orchestrate, and direct the activities of various security engineering specialties and other contributing engineering specialties to provide a fully integrated, system-level perspective of system security.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}],"seeAlso":[{"text":"information systems security engineering (ISSE)"}]},{"term":"Systems Security Engineering - Capability Maturity Model","link":"https://csrc.nist.gov/glossary/term/systems_security_engineering_capability_maturity_model","abbrSyn":[{"text":"SSE-CMM","link":"https://csrc.nist.gov/glossary/term/sse_cmm"}],"definitions":null},{"term":"systems security officer (SSO)","link":"https://csrc.nist.gov/glossary/term/systems_security_officer","abbrSyn":[{"text":"information systems security officer (ISSO)"},{"text":"SSO","link":"https://csrc.nist.gov/glossary/term/sso"}],"definitions":[{"text":"See information systems security officer (ISSO).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]}]},{"term":"system-specific control","link":"https://csrc.nist.gov/glossary/term/system_specific_control","definitions":[{"text":"A security or privacy control for an information system that is implemented at the system level and is not inherited by any other information system.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"system-specific security control","link":"https://csrc.nist.gov/glossary/term/system_specific_security_control","definitions":[{"text":"A security control for an information system that has not been designated as a common security control or the portion of a hybrid control that is to be implemented within an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under System-Specific Security Control ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under System-Specific Security Control "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under System-Specific Security Control "}]},{"text":"A security control for an information system that has not been designated as a common security control.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under System-specific Security Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A security control for an information system that has not been designated as a common control or the portion of a hybrid control that is to be implemented within an information system.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under System-Specific Security Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under System-Specific Security Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under System-Specific Security Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]}]},{"text":"A security control or privacy control for an information system that has not been designated as a common control or the portion of a hybrid control that is to be implemented within an information system.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under System-Specific Control ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37","note":" - Adapted"}]}]}],"seeAlso":[{"text":"Hybrid Control"},{"text":"hybrid security control","link":"hybrid_security_control"},{"text":"Hybrid Security Control"}]},{"term":"Systems-Theoretic Accident Model and Processes","link":"https://csrc.nist.gov/glossary/term/systems_theoretic_accident_model_and_processes","abbrSyn":[{"text":"STAMP","link":"https://csrc.nist.gov/glossary/term/stamp"}],"definitions":null},{"term":"System-Theoretic Process Analysis","link":"https://csrc.nist.gov/glossary/term/system_theoretic_process_analysis","abbrSyn":[{"text":"STPA","link":"https://csrc.nist.gov/glossary/term/stpa"}],"definitions":null},{"term":"T(x, l)","link":"https://csrc.nist.gov/glossary/term/tx_l","definitions":[{"text":"Truncation of the bit string x to the leftmost l bits of x, where l ≤ the length of x in bits","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]}]},{"term":"TA","link":"https://csrc.nist.gov/glossary/term/ta","abbrSyn":[{"text":"Template Attack","link":"https://csrc.nist.gov/glossary/term/template_attack"},{"text":"Traffic Analysis"},{"text":"Transmitter Address","link":"https://csrc.nist.gov/glossary/term/transmitter_address"},{"text":"Trust Agent","link":"https://csrc.nist.gov/glossary/term/trust_agent"},{"text":"Trust Anchor"},{"text":"Trusted Agent"},{"text":"Trusted Application","link":"https://csrc.nist.gov/glossary/term/trusted_application"}],"definitions":[{"text":"Entity authorized to act as a representative of an Agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trusted Agent "}]},{"text":"A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate). A trust anchor may have name or policy constraints limiting its scope.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Trust Anchor "}]},{"text":"A configured DNSKEY RR or DS RR hash of a DNSKEY RR. A validating DNSSEC-aware resolver uses this public key or hash as a starting point for building the authentication chain to a signed DNS response. In general, a validating resolver will need to obtain the initial values of its trust anchors via some secure or trusted means outside the DNS protocol. The presence of a trust anchor also implies that the resolver should expect the zone to which the trust anchor points to be signed. This is sometimes referred to as a “secure entry point.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2","underTerm":" under Trust Anchor "}]},{"text":"The analysis of patterns in communications for the purpose of gaining intelligence about a system or its users. Traffic analysis does not require examination of the content of the communications, which may or may not be decipherable. For example, an adversary may be able to detect a signal from a reader that could enable it to infer that a particular activity is occurring (e.g., a shipment has arrived, someone is entering a facility) without necessarily learning an identifier or associated data.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Traffic Analysis "}]},{"text":"A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate).","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Trust Anchor "}]}]},{"term":"Tabletop Exercise","link":"https://csrc.nist.gov/glossary/term/tabletop_exercise","abbrSyn":[{"text":"TTX","link":"https://csrc.nist.gov/glossary/term/ttx"}],"definitions":[{"text":"A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation. A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"TACACS","link":"https://csrc.nist.gov/glossary/term/tacacs","abbrSyn":[{"text":"Terminal Access Controller Access Control System","link":"https://csrc.nist.gov/glossary/term/terminal_access_controller_access_control_system"}],"definitions":null},{"term":"Tactic Technique Procedure","link":"https://csrc.nist.gov/glossary/term/tactic_technique_procedure","abbrSyn":[{"text":"TTP","link":"https://csrc.nist.gov/glossary/term/ttp"}],"definitions":null},{"term":"tactical data","link":"https://csrc.nist.gov/glossary/term/tactical_data","definitions":[{"text":"Information that requires protection from disclosure and modification for a limited duration as determined by the originator or information owner.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"tactical edge","link":"https://csrc.nist.gov/glossary/term/tactical_edge","definitions":[{"text":"The platforms, sites, and personnel (U. S. military, allied, coalition partners, first responders) operating at lethal risk in a battle space or crisis environment characterized by 1) a dependence on information systems and connectivity for survival and mission success, 2) high threats to the operational readiness of both information systems and connectivity, and 3) users are fully engaged, highly stressed, and dependent on the availability, integrity, and transparency of their information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"tactics, techniques, and procedures (TTP)","link":"https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures","abbrSyn":[{"text":"TTP","link":"https://csrc.nist.gov/glossary/term/ttp"}],"definitions":[{"text":"The behavior of an actor. A tactic is the highest-level description of the behavior; techniques provide a more detailed description of the behavior in the context of a tactic; and procedures provide a lower-level, highly detailed description of the behavior in the context of a technique.","sources":[{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","underTerm":" under tactics, techniques, and procedures ","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"text":"The behavior of an actor. A tactic is the highest-level description of this behavior, while techniques give a more detailed description of behavior in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Tactics, Techniques, and Procedures (TTPs) "}]},{"text":"The behavior of an actor. A tactic is the highest-level description of the behavior; techniques provide a more detailed description of the behavior in the context of a tactic; and procedures provide a lower-level, highly detailed description of the behavior in the context of a technique.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]}]},{"term":"Tag","link":"https://csrc.nist.gov/glossary/term/tag","abbrSyn":[{"text":"TEMPEST Advisory Group","link":"https://csrc.nist.gov/glossary/term/tempest_advisory_group"},{"text":"Transponder","link":"https://csrc.nist.gov/glossary/term/transponder"}],"definitions":[{"text":"An electronic device that communicates with RFID readers. A tag can function as a beacon or it can be used to convey information such as an identifier.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]},{"text":"See Tag","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Transponder "}]}]},{"term":"Tag Identifier","link":"https://csrc.nist.gov/glossary/term/tag_identifier","abbrSyn":[{"text":"TID","link":"https://csrc.nist.gov/glossary/term/tid"}],"definitions":null},{"term":"Tag Talks First","link":"https://csrc.nist.gov/glossary/term/tag_talks_first","abbrSyn":[{"text":"TTF","link":"https://csrc.nist.gov/glossary/term/ttf"}],"definitions":[{"text":"An RF transaction in which the tag communicates its presence to a reader. The reader may then send commands to the tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Tag-Length-Value","link":"https://csrc.nist.gov/glossary/term/tag_length_value","abbrSyn":[{"text":"TLV","link":"https://csrc.nist.gov/glossary/term/tlv"}],"definitions":null},{"term":"TAI","link":"https://csrc.nist.gov/glossary/term/tai","abbrSyn":[{"text":"International Atomic Time","link":"https://csrc.nist.gov/glossary/term/international_atomic_time"}],"definitions":null},{"term":"tailored control baseline","link":"https://csrc.nist.gov/glossary/term/tailored_control_baseline","definitions":[{"text":"A set of controls resulting from the application of tailoring guidance to a control baseline. See tailoring.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"},{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"A set of controls that result from the application of tailoring guidance to a control baseline. See tailoring.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"Tailored Security Control Baseline","link":"https://csrc.nist.gov/glossary/term/tailored_security_control_baseline","definitions":[{"text":"A set of security controls resulting from the application of tailoring guidance to the security control baseline. See Tailoring.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","refSources":[{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]"},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]},{"text":"A set of security controls resulting from the application of tailoring guidance to a security control baseline. See Tailoring.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]"}]}],"seeAlso":[{"text":"Tailoring"}]},{"term":"tailoring","link":"https://csrc.nist.gov/glossary/term/tailoring","definitions":[{"text":"The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Tailoring ","refSources":[{"text":"NIST SP 800-37","link":"https://doi.org/10.6028/NIST.SP.800-37"}]},{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Tailoring ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Tailoring ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Tailoring "},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Tailoring ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"CNSSI 4009"}]}]},{"text":"The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Tailoring "}]},{"text":"The process by which security control baselines are modified by identifying and designating common controls; applying scoping considerations; selecting compensating controls; assigning specific values to agency-defined control parameters; supplementing baselines with additional controls or control enhancements; and providing additional specification information for control implementation. The tailoring process may also be applied to privacy controls.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]},{"text":"The process by which security control baselines are modified by: (i) identifying and designating common controls; (ii) applying scoping considerations on the applicability and implementation of baseline controls; (iii) selecting compensating security controls; (iv) assigning specific values to organization-defined security control parameters; (v) supplementing baselines with additional security controls or control enhancements; and (vi) providing additional specification information for control implementation. \n[Note: Certain tailoring activities can also be applied to privacy controls.]","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Tailoring ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"}]}]},{"text":"The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]},{"text":"The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Tailoring (Assessment Procedures) "}]},{"text":"Similar in concept to tailoring baselines as described in SP 800-53, a cooperative process that modifies part of a set of assessment elements by: (i) changing the scope of the assessment or risk management level, (ii) adding or eliminating assessment elements, or (iii) modifying the attributes of an assessment element.","sources":[{"text":"NIST SP 800-137A","link":"https://doi.org/10.6028/NIST.SP.800-137A","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" - Adapted"}]}]},{"text":"The process by which security control baselines are modified by: identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating security controls, assigning specific values to organization-defined security control parameters, supplementing baselines with additional security controls or control enhancements, and providing additional specification information for control implementation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]}]},{"text":"The process by which security and privacy control baselines are modified by identifying and designating common controls, applying scoping considerations on the applicability and implementation of baseline controls, selecting compensating controls, assigning specific values to organization-defined control parameters, supplementing baselines with additional controls or control enhancements, and providing additional specification information for control implementation.","sources":[{"text":"NIST SP 800-53B","link":"https://doi.org/10.6028/NIST.SP.800-53B"}]},{"text":"An element that specifies profiles to modify the behavior of a benchmark; the top-level element of a tailoring document.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final","underTerm":" under Tailoring "}]},{"text":"The process by which a security control baseline is modified based on: \n(i) the application of scoping guidance; \n(ii) the specification of compensating security controls, if needed; and \n(iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.","sources":[{"text":"NISTIR 8170","link":"https://doi.org/10.6028/NIST.IR.8170-upd","underTerm":" under Tailoring ","refSources":[{"text":"NIST SP 800-53","link":"https://doi.org/10.6028/NIST.SP.800-53"},{"text":"CNSSI 4009"}]}]}],"seeAlso":[{"text":"Tailored Security Control Baseline","link":"tailored_security_control_baseline"}]},{"term":"tailoring assessment procedures","link":"https://csrc.nist.gov/glossary/term/tailoring_assessment_procedures","definitions":[{"text":"The process by which assessment procedures defined in SP 800-53A are adjusted or scoped to match the characteristics of a system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and avoid overly constrained assessment approaches.","sources":[{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"tainting","link":"https://csrc.nist.gov/glossary/term/tainting","definitions":[{"text":"The process of embedding covert capabilities in information, systems, or system components to allow organizations to be alerted to the exfiltration of information.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2"}]}]},{"term":"TAL","link":"https://csrc.nist.gov/glossary/term/tal","abbrSyn":[{"text":"Trust Anchor Locator","link":"https://csrc.nist.gov/glossary/term/trust_anchor_locator"}],"definitions":null},{"term":"Tamper evident","link":"https://csrc.nist.gov/glossary/term/tamper_evident","definitions":[{"text":"A process which makes alterations to the data easily detectable.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Tamper resistant","link":"https://csrc.nist.gov/glossary/term/tamper_resistant","definitions":[{"text":"A process which makes alterations to the data difficult (hard to perform), costly (expensive to perform), or both.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"tampering","link":"https://csrc.nist.gov/glossary/term/tampering","definitions":[{"text":"An intentional but unauthorized act resulting in the modification of a system, components of systems, its intended behavior, or data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DHS Information Technology Sector Baseline Risk Assessment","link":"https://www.dhs.gov/news/2009/08/25/dhs-it-sector-coordinating-council-release-information-technology-sector-baseline","note":" - Adapted"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}],"seeAlso":[{"text":"anti-tamper","link":"anti_tamper"}]},{"term":"TAP","link":"https://csrc.nist.gov/glossary/term/tap","abbrSyn":[{"text":"Test Access Points","link":"https://csrc.nist.gov/glossary/term/test_access_points"}],"definitions":null},{"term":"TAPS","link":"https://csrc.nist.gov/glossary/term/taps","abbrSyn":[{"text":"Test Access Port","link":"https://csrc.nist.gov/glossary/term/test_access_port"}],"definitions":null},{"term":"Target","link":"https://csrc.nist.gov/glossary/term/target","definitions":[{"text":"The set of specific IT systems or applications for which a checklist has been created.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Target Data","link":"https://csrc.nist.gov/glossary/term/target_data","definitions":[{"text":"The data that is ultimately to be protected (e.g., a key or other sensitive data).","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Target data "}]},{"text":"The information subject to a given process, typically including most or all information on a piece of storage media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]},{"text":"The data that is to be protected (e.g., a key or other sensitive data).","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Target data "},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Target data "}]}]},{"term":"Target Identification and Analysis Techniques","link":"https://csrc.nist.gov/glossary/term/target_identification_and_analysis_techniques","definitions":[{"text":"Information security testing techniques, mostly active and generally conducted using automated tools, that are used to identify systems, ports, services, and potential vulnerabilities. Target identification and analysis techniques include network discovery, network port and service identification, vulnerability scanning, wireless scanning, and application security testing.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Target Name","link":"https://csrc.nist.gov/glossary/term/target_name","definitions":[{"text":"A single WFN that is the target of a matching process. A matching engine compares a source WFN to a target WFN to determine whether or not there is a source-to-target match. In CPE 2.2 terms a target name is a single item in the list of known values (each N of K) and is equivalent to the N value in the CPE 2.2 Matching algorithm.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"target of evaluation (TOE)","link":"https://csrc.nist.gov/glossary/term/target_of_evaluation","abbrSyn":[{"text":"TOE","link":"https://csrc.nist.gov/glossary/term/toe"}],"definitions":[{"text":"In accordance with Common Criteria, an information system, part of a system or product, and all associated documentation, that is the subject of a security evaluation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Target Operational Environment","link":"https://csrc.nist.gov/glossary/term/target_operational_environment","definitions":[{"text":"The IT product’s operational environment, such as Standalone, Managed, or Custom (with description, such as Specialized Security-Limited Functionality, Legacy, or United States Government). Generally only applicable for security compliance/vulnerability checklists.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"}]}]},{"term":"Target Platform","link":"https://csrc.nist.gov/glossary/term/target_platform","definitions":[{"text":"The target operating system or application on which a vendor product will be evaluated using a platform-specific validation lab test suite. These platform-specific test suites consist of specialized SCAP content used to perform the test procedures defined in this document.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Target Profile","link":"https://csrc.nist.gov/glossary/term/target_profile","definitions":[{"text":"the desired outcome or ‘to be’ state of cybersecurity implementation","sources":[{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"text":"The desired outcome or ‘to be’ state of cybersecurity implementation.","sources":[{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"},{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Target Residual Risk","link":"https://csrc.nist.gov/glossary/term/target_residual_risk","definitions":[{"text":"The amount of risk that an entity prefers to assume in the pursuit of its strategy and business objectives, knowing that management will implement, or has implemented, direct or focused actions to alter the severity of the risk.","sources":[{"text":"NISTIR 8286","link":"https://doi.org/10.6028/NIST.IR.8286","refSources":[{"text":"COSO Enterprise Risk Management","link":"https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf"}]}]}]},{"term":"Target Value","link":"https://csrc.nist.gov/glossary/term/target_value","definitions":[{"text":"A single value that is the target of a matching process. A matching engine compares a source value to a target value to determine whether or not there is a source-to-target match. Source values include AV pairs or set relation values (e.g., superset or subset).","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"Target Vulnerability Validation Techniques","link":"https://csrc.nist.gov/glossary/term/target_vulnerability_validation_techniques","definitions":[{"text":"Active information security testing techniques that corroborate the existence of vulnerabilities. They include password cracking, remote access testing, penetration testing, social engineering, and physical security testing.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Targeted security strength","link":"https://csrc.nist.gov/glossary/term/targeted_security_strength","definitions":[{"text":"The security strength that is intended to be supported by one or more implementation-related choices (such as algorithms, primitives, auxiliary functions, parameter sizes, and/or actual parameters) for the purpose of implementing a cryptographic mechanism.","sources":[{"text":"NIST SP 800-56C Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Cr2"}]},{"text":"The security strength that is intended to be supported by one or more implementation-related choices (such as algorithms, primitives, auxiliary functions, parameter sizes and/or actual parameters) for the purpose of instantiating a cryptographic mechanism.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]},{"text":"The desired security strength for a cryptographic application. The target security strength is selected based upon the amount of security desired for the information protected by the keying material established using this Recommendation.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Target security strength "}]}]},{"term":"task","link":"https://csrc.nist.gov/glossary/term/task","definitions":[{"text":"An activity that is directed toward the achievement of organizational objectives.","sources":[{"text":"NIST SP 800-181 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-181r1","underTerm":" under Task "}]},{"text":"Required, recommended, or permissible action intended to contribute to the achievement of one or more outcomes of a process.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]},{"text":"An activity that is directed toward the achievement of organizational objectives.","sources":[{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]},{"text":"A Task is a specific defined piece of work that, combined with other identified Tasks, composes the work in a specific specialty area or work role.","sources":[{"text":"NIST SP 800-181","link":"https://doi.org/10.6028/NIST.SP.800-181","note":" [Superseded]","underTerm":" under Tasks "}]},{"text":"Activities required to achieve a goal. Note that activities can be physical or cognitive.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under Task ","refSources":[{"text":"ISO 9241-11:1998"}]}]},{"text":"Required, recommended, or permissible action, intended to contribute to the achievement of one or more outcomes of a process.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]}]}]},{"term":"Task, Knowledge, and Skill statements","link":"https://csrc.nist.gov/glossary/term/task_knowledge_and_skill_statements","abbrSyn":[{"text":"TKS","link":"https://csrc.nist.gov/glossary/term/tks"}],"definitions":null},{"term":"TAXII","link":"https://csrc.nist.gov/glossary/term/taxii","abbrSyn":[{"text":"OASIS Trusted Automated Exchange of Indicator Information","link":"https://csrc.nist.gov/glossary/term/oasis_trusted_automated_exchange_of_indicator_information"},{"text":"Trusted Automated eXchange of Indicator Information","link":"https://csrc.nist.gov/glossary/term/trusted_automated_exchange_of_indicator_information"}],"definitions":null},{"term":"Taxonomy","link":"https://csrc.nist.gov/glossary/term/taxonomy","definitions":[{"text":"A scheme of classification.","sources":[{"text":"NIST Cybersecurity Framework Version 1.1","link":"https://doi.org/10.6028/NIST.CSWP.04162018"}]}]},{"term":"TB","link":"https://csrc.nist.gov/glossary/term/tb","abbrSyn":[{"text":"Terabyte"},{"text":"Terabytes","link":"https://csrc.nist.gov/glossary/term/terabytes"}],"definitions":null},{"term":"TBC","link":"https://csrc.nist.gov/glossary/term/tbc","abbrSyn":[{"text":"Tweakable Block Cipher","link":"https://csrc.nist.gov/glossary/term/tweakable_block_cipher"}],"definitions":null},{"term":"TBS","link":"https://csrc.nist.gov/glossary/term/tbs","abbrSyn":[{"text":"Terrestrial Beacon System","link":"https://csrc.nist.gov/glossary/term/terrestrial_beacon_system"}],"definitions":null},{"term":"TC","link":"https://csrc.nist.gov/glossary/term/tc","abbrSyn":[{"text":"Technical Committee"}],"definitions":null},{"term":"TCB","link":"https://csrc.nist.gov/glossary/term/tcb","abbrSyn":[{"text":"Trusted Compute Base"},{"text":"Trusted Computing Base"}],"definitions":[{"text":"Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Trusted Computing Base ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"TCBC","link":"https://csrc.nist.gov/glossary/term/tcbc","definitions":[{"text":"TDEA Cipher Block Chaining Mode of Operation","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TCBC-I","link":"https://csrc.nist.gov/glossary/term/tcbc_i","definitions":[{"text":"TDEA Cipher Block Chaining Mode of Operation - Interleaved","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TCFB","link":"https://csrc.nist.gov/glossary/term/tcfb","definitions":[{"text":"TDEA Cipher Feedback Mode of Operation","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TCFB-P","link":"https://csrc.nist.gov/glossary/term/tcfb_p","definitions":[{"text":"TEA Cipher Feedback Mode of Operation - Pipelined","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TCG","link":"https://csrc.nist.gov/glossary/term/tcg","abbrSyn":[{"text":"Trusted Computing Group","link":"https://csrc.nist.gov/glossary/term/trusted_computing_group"}],"definitions":null},{"term":"TCI","link":"https://csrc.nist.gov/glossary/term/tci","abbrSyn":[{"text":"Toolchain Infrastructure","link":"https://csrc.nist.gov/glossary/term/toolchain_infrastructure"}],"definitions":null},{"term":"TCO","link":"https://csrc.nist.gov/glossary/term/tco","abbrSyn":[{"text":"Total Cost of Ownership","link":"https://csrc.nist.gov/glossary/term/total_cost_of_ownership"}],"definitions":null},{"term":"TCP","link":"https://csrc.nist.gov/glossary/term/tcp","abbrSyn":[{"text":"Transfer Control Protocol","link":"https://csrc.nist.gov/glossary/term/transfer_control_protocol"},{"text":"Transmission Control Protocol","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol"},{"text":"Transport Control Protocol","link":"https://csrc.nist.gov/glossary/term/transport_control_protocol"}],"definitions":[{"text":"TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees the delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. ","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under Transmission Control Protocol "}]}]},{"term":"TCP Segmentation Offload","link":"https://csrc.nist.gov/glossary/term/tcp_segmentation_offload","abbrSyn":[{"text":"TSO","link":"https://csrc.nist.gov/glossary/term/tso"}],"definitions":null},{"term":"TCP/IP","link":"https://csrc.nist.gov/glossary/term/tcp_ip","abbrSyn":[{"text":"Transmission Control Protocol/Internet Protocol","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_internet_protocol"}],"definitions":null},{"term":"TCP/UDP","link":"https://csrc.nist.gov/glossary/term/tcp_udp","abbrSyn":[{"text":"Transmission Control Protocol/User Datagram Protocol","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_user_datagram_protocol"}],"definitions":null},{"term":"TCP-TLS","link":"https://csrc.nist.gov/glossary/term/tcp_tls","abbrSyn":[{"text":"Transmission Control Protocol-Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_transport_layer_security"}],"definitions":null},{"term":"TCSEC","link":"https://csrc.nist.gov/glossary/term/tcsec","abbrSyn":[{"text":"Trusted Computer Security Evaluation Criteria"},{"text":"Trusted Computer System Evaluation Criteria","link":"https://csrc.nist.gov/glossary/term/trusted_computer_system_evaluation_criteria"}],"definitions":null},{"term":"TD","link":"https://csrc.nist.gov/glossary/term/td","abbrSyn":[{"text":"Technology Development","link":"https://csrc.nist.gov/glossary/term/technology_development"},{"text":"Trust Domain","link":"https://csrc.nist.gov/glossary/term/trust_domain"}],"definitions":null},{"term":"TDEA","link":"https://csrc.nist.gov/glossary/term/tdea","abbrSyn":[{"text":"Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_algorithm"}],"definitions":[{"text":"An approved cryptographic algorithm that specifies both the DEA cryptographic engine employed by TDEA and the TDEA algorithm itself.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under Triple Data Encryption Algorithm ","refSources":[{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1"}]}]},{"text":"The algorithm specified in FIPS PUB 46-3 –1999, Data Encryption Algorithm.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under Triple Data Encryption Algorithm "}]},{"text":"Triple Data Encryption Algorithm specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"Triple Data Encryption Algorithm; Triple DEA specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"}]}],"seeAlso":[{"text":"Triple DEA"}]},{"term":"TDEA Electronic Codebook","link":"https://csrc.nist.gov/glossary/term/tdea_electronic_codebook","abbrSyn":[{"text":"TECB","link":"https://csrc.nist.gov/glossary/term/tecb"}],"definitions":[{"text":"TDEA Electronic Codebook Mode of Operation","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under TECB "}]}]},{"term":"TDEA Key Wrap","link":"https://csrc.nist.gov/glossary/term/tdea_key_wrap","abbrSyn":[{"text":"TKW","link":"https://csrc.nist.gov/glossary/term/tkw"}],"definitions":null},{"term":"TDES","link":"https://csrc.nist.gov/glossary/term/tdes","abbrSyn":[{"text":"Triple Data Encryption Standard","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_standard"}],"definitions":[{"text":"Triple Data Encryption Standard specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TDM","link":"https://csrc.nist.gov/glossary/term/tdm","abbrSyn":[{"text":"Time Division Multiplexing","link":"https://csrc.nist.gov/glossary/term/time_division_multiplexing"}],"definitions":null},{"term":"TDMA","link":"https://csrc.nist.gov/glossary/term/tdma","abbrSyn":[{"text":"Time Division Multiple Access","link":"https://csrc.nist.gov/glossary/term/time_division_multiple_access"}],"definitions":null},{"term":"TE","link":"https://csrc.nist.gov/glossary/term/te","abbrSyn":[{"text":"Tennessee Eastman","link":"https://csrc.nist.gov/glossary/term/tennessee_eastman"},{"text":"Test Evidence","link":"https://csrc.nist.gov/glossary/term/test_evidence"},{"text":"Threat Event"},{"text":"Tripwire Enterprise","link":"https://csrc.nist.gov/glossary/term/tripwire_enterprise"}],"definitions":[{"text":"An event or situation that has the potential for causing undesirable consequences or impact.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Threat Event ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Threat Event ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Threat Event "},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Threat Event ","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]}]},{"term":"Team","link":"https://csrc.nist.gov/glossary/term/team","definitions":[{"text":"A number of persons associated together in work or activity. As used in this publication, a team is a group of individuals that has been assigned by an organization’s management the responsibility and capability to carry out a defined function or set of defined functions. Designations for teams as used in this publication are simply descriptive. Different organizations may have different designations for teams that carry out the functions described herein.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]}]},{"text":"A number of persons associated together in work or activity. As used in this publication, a team is a group of individuals that has been assigned by an organization’s management the responsibility and capability to carry out a defined function or set of defined functions. Designations for teams as used in this publication are simply descriptive. Different organizations may have different designations for teams that carry out the functions described herein.","sources":[{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","refSources":[{"text":"Merriam-Webster","link":"https://www.merriam-webster.com/"}]}]}]},{"term":"TECB","link":"https://csrc.nist.gov/glossary/term/tecb","abbrSyn":[{"text":"TDEA Electronic Codebook","link":"https://csrc.nist.gov/glossary/term/tdea_electronic_codebook"}],"definitions":[{"text":"TDEA Electronic Codebook Mode of Operation","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"technical community (TC)","link":"https://csrc.nist.gov/glossary/term/technical_community","abbrSyn":[{"text":"TC","link":"https://csrc.nist.gov/glossary/term/tc"}],"definitions":[{"text":"Government/Industry/Academia partnerships formed around major technology areas to act like a standards body for the purpose of creating and maintaining Protection Profiles.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 11","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Technical Guidelines Development Committee","link":"https://csrc.nist.gov/glossary/term/technical_guidelines_development_committee","abbrSyn":[{"text":"TGDC","link":"https://csrc.nist.gov/glossary/term/tgdc"}],"definitions":null},{"term":"Technical Implementation Guidance","link":"https://csrc.nist.gov/glossary/term/technical_implementation_guidance","abbrSyn":[{"text":"TIG","link":"https://csrc.nist.gov/glossary/term/tig"}],"definitions":null},{"term":"Technical Information Paper","link":"https://csrc.nist.gov/glossary/term/technical_information_paper","abbrSyn":[{"text":"TIP","link":"https://csrc.nist.gov/glossary/term/tip"}],"definitions":null},{"term":"Technical Information Report","link":"https://csrc.nist.gov/glossary/term/technical_information_report","abbrSyn":[{"text":"TIR","link":"https://csrc.nist.gov/glossary/term/tir"}],"definitions":null},{"term":"technical reference model (TRM)","link":"https://csrc.nist.gov/glossary/term/technical_reference_model","abbrSyn":[{"text":"TRM","link":"https://csrc.nist.gov/glossary/term/trm"}],"definitions":[{"text":"A component-driven, technical framework that categorizes the standards and technologies to support and enable the delivery of service components and capabilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Technical Report","link":"https://csrc.nist.gov/glossary/term/technical_report","abbrSyn":[{"text":"TR","link":"https://csrc.nist.gov/glossary/term/tr"}],"definitions":null},{"term":"Technical Review Board","link":"https://csrc.nist.gov/glossary/term/technical_review_board","abbrSyn":[{"text":"TRB","link":"https://csrc.nist.gov/glossary/term/trb"}],"definitions":null},{"term":"technical risk","link":"https://csrc.nist.gov/glossary/term/technical_risk","definitions":[{"text":"The risk associated with the evolution of the design and the production of the system of interest affecting the level of performance necessary to meet the stakeholder expectations and technical requirements.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NASA Systems Engineering Handbook","link":"https://www.nasa.gov/seh"}]}]}]},{"term":"technical security controls","link":"https://csrc.nist.gov/glossary/term/technical_security_controls","definitions":[{"text":"Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"technical security material","link":"https://csrc.nist.gov/glossary/term/technical_security_material","definitions":[{"text":"Equipment, components, devices, and associated documentation or other media which pertain to cryptography, or to the security of telecommunications and information systems.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSP 8","link":"https://www.cnss.gov/CNSS/issuances/Policies.cfm"}]}]}]},{"term":"Technical Specification","link":"https://csrc.nist.gov/glossary/term/technical_specification","abbrSyn":[{"text":"TS","link":"https://csrc.nist.gov/glossary/term/ts"}],"definitions":null},{"term":"technical surveillance countermeasures (TSCM)","link":"https://csrc.nist.gov/glossary/term/technical_surveillance_countermeasures","abbrSyn":[{"text":"TSCM","link":"https://csrc.nist.gov/glossary/term/tscm"}],"definitions":[{"text":"Techniques to detect, neutralize, and exploit technical surveillance technologies and hazards that permit the unauthorized access to or removal of information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5240.05","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"technical vulnerability information","link":"https://csrc.nist.gov/glossary/term/technical_vulnerability_information","definitions":[{"text":"Detailed description of a weakness to include the implementable steps (such as code) necessary to exploit that weakness.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"technique","link":"https://csrc.nist.gov/glossary/term/technique","abbrSyn":[{"text":"cyber resiliency technique","link":"https://csrc.nist.gov/glossary/term/cyber_resiliency_technique"}],"definitions":[{"text":"A set or class of technologies and processes intented to acheive one or more objectives by providing capabilities to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that include cyber resources. The definition or statement of a technique describes the capabilities it provides and/or the intended consequences of using technologies to process it includes.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under cyber resiliency technique "}]},{"text":"See cyber resiliency technique.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]"},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1"}]}]},{"term":"Technology Development","link":"https://csrc.nist.gov/glossary/term/technology_development","abbrSyn":[{"text":"TD","link":"https://csrc.nist.gov/glossary/term/td"}],"definitions":null},{"term":"Technology Infrastructure Subcommittee","link":"https://csrc.nist.gov/glossary/term/technology_infrastructure_subcommittee","abbrSyn":[{"text":"TIS","link":"https://csrc.nist.gov/glossary/term/tis"}],"definitions":null},{"term":"Technology Partnerships Office","link":"https://csrc.nist.gov/glossary/term/technology_partnerships_office","abbrSyn":[{"text":"TPO","link":"https://csrc.nist.gov/glossary/term/tpo"}],"definitions":null},{"term":"Technology-Based Input Product","link":"https://csrc.nist.gov/glossary/term/technology_based_input_product","definitions":[{"text":"Manufactured components used in the organization manufacturing process incorporating information technology and provided by third-parties (e.g. PLC, Sensors, Data Collection Systems, Workstations, Servers, etc).","sources":[{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"TEE","link":"https://csrc.nist.gov/glossary/term/tee","abbrSyn":[{"text":"Trusted Execution Environment","link":"https://csrc.nist.gov/glossary/term/trusted_execution_environment"}],"definitions":[{"text":"An area or enclave protected by a system processor.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320","underTerm":" under Trusted Execution Environment "}]}]},{"term":"TEI","link":"https://csrc.nist.gov/glossary/term/tei","abbrSyn":[{"text":"Trusted Enterprise Infrastructure","link":"https://csrc.nist.gov/glossary/term/trusted_enterprise_infrastructure"}],"definitions":null},{"term":"TEK","link":"https://csrc.nist.gov/glossary/term/tek","abbrSyn":[{"text":"Traffic Encryption Key"}],"definitions":null},{"term":"telecommunications","link":"https://csrc.nist.gov/glossary/term/telecommunications","definitions":[{"text":"The term 'telecommunications' means the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","underTerm":" under Telecommunications ","refSources":[{"text":"47 U.S.C., Sec. 153","link":"https://www.govinfo.gov/app/details/USCODE-2011-title47/USCODE-2011-title47-chap5-subchapI-sec153"}]}]},{"text":"The preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"},{"text":"NSTISSD 501","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"The transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1","underTerm":" under Telecommunications "},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1","underTerm":" under Telecommunications "}]}]},{"term":"Telecommunications Industry Association. Electronic Industries Alliance","link":"https://csrc.nist.gov/glossary/term/telecommunications_industry_association_electronic_industries_alliance","abbrSyn":[{"text":"TIA/EIA","link":"https://csrc.nist.gov/glossary/term/tia_eia"}],"definitions":null},{"term":"Telecommunications Security","link":"https://csrc.nist.gov/glossary/term/telecommunications_security","abbrSyn":[{"text":"TSEC","link":"https://csrc.nist.gov/glossary/term/tsec"}],"definitions":null},{"term":"telecommunications security (TSEC) nomenclature","link":"https://csrc.nist.gov/glossary/term/telecommunications_security_nomenclature","definitions":[{"text":"The National Security Agency (NSA) system for identifying the type and purpose of certain items of COMSEC material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Telecommunications Service Priority","link":"https://csrc.nist.gov/glossary/term/telecommunications_service_priority","abbrSyn":[{"text":"TSP","link":"https://csrc.nist.gov/glossary/term/tsp"}],"definitions":null},{"term":"Telecommuting","link":"https://csrc.nist.gov/glossary/term/telecommuting","abbrSyn":[{"text":"Telework","link":"https://csrc.nist.gov/glossary/term/telework"}],"definitions":[{"text":"See “Telework.”","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]"}]},{"text":"The ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Telework "}]}]},{"term":"telemetry","link":"https://csrc.nist.gov/glossary/term/telemetry","definitions":[{"text":"The science of measuring a quantity or quantities, transmitting the results to a distant station, and interpreting, indicating, and/or recording the quantities measured.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Telemetry, Tracking, and Command","link":"https://csrc.nist.gov/glossary/term/telemetry_tracking_and_command","abbrSyn":[{"text":"TT&C","link":"https://csrc.nist.gov/glossary/term/tt_and_c"}],"definitions":null},{"term":"Telework","link":"https://csrc.nist.gov/glossary/term/telework","abbrSyn":[{"text":"Telecommuting","link":"https://csrc.nist.gov/glossary/term/telecommuting"}],"definitions":[{"text":"See “Telework.”","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Telecommuting "}]},{"text":"The ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]"}]}]},{"term":"Temperature Transmitter","link":"https://csrc.nist.gov/glossary/term/temperature_transmitter","abbrSyn":[{"text":"TT","link":"https://csrc.nist.gov/glossary/term/tt"}],"definitions":null},{"term":"TEMPEST","link":"https://csrc.nist.gov/glossary/term/tempest","definitions":[{"text":"A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]}],"seeAlso":[{"text":"emission security (EMSEC)","link":"emission_security"}]},{"term":"TEMPEST Advisory Group","link":"https://csrc.nist.gov/glossary/term/tempest_advisory_group","abbrSyn":[{"text":"TAG"}],"definitions":null},{"term":"TEMPEST certified equipment or system","link":"https://csrc.nist.gov/glossary/term/tempest_certified_equipment_or_system","definitions":[{"text":"Equipment or systems that have been certified to meet the applicable level of NSTISSAM TEMPEST/1-92 or previous editions. Typically categorized as Level 1 for the highest containment of classified signals; Level II for the moderate containment of classified signals; and Level III for the least containment of classified signals.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSAM TEMPEST/01-13","link":"https://www.cnss.gov/CNSS/issuances/Memoranda.cfm"}]}]}]},{"term":"TEMPEST zone","link":"https://csrc.nist.gov/glossary/term/tempest_zone","definitions":[{"text":"Designated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Template Attack","link":"https://csrc.nist.gov/glossary/term/template_attack","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":null},{"term":"Template Generator","link":"https://csrc.nist.gov/glossary/term/template_generator","definitions":[{"text":"In the PIV context a template generator is a software library providing facilities for the conversion of images conformant to FINGSTD to templates conformant to MINUSTD for storage on the PIV card.","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"Template Matcher","link":"https://csrc.nist.gov/glossary/term/template_matcher","definitions":[{"text":"In the PIV context a matcher is a software library providing for the comparison of images conformant to FINGSTD and templates conformant to MINUSTD. The output of the matcher, a similarity score, will be the basis of accept or reject decision.","sources":[{"text":"NIST SP 800-85B","link":"https://doi.org/10.6028/NIST.SP.800-85B"}]}]},{"term":"Temporal Key","link":"https://csrc.nist.gov/glossary/term/temporal_key","abbrSyn":[{"text":"TK","link":"https://csrc.nist.gov/glossary/term/tk"}],"definitions":null},{"term":"Temporal Key Integrity Protocol","link":"https://csrc.nist.gov/glossary/term/temporal_key_integrity_protocol","abbrSyn":[{"text":"TKIP","link":"https://csrc.nist.gov/glossary/term/tkip"}],"definitions":null},{"term":"Temporal metrics","link":"https://csrc.nist.gov/glossary/term/temporal_metrics","definitions":[{"text":"describe the characteristics of misuse vulnerabilities that can change over time but remain constant across user environments.","sources":[{"text":"NISTIR 7864","link":"https://doi.org/10.6028/NIST.IR.7864"}]}]},{"term":"Temporal Pairwise Key","link":"https://csrc.nist.gov/glossary/term/temporal_pairwise_key","abbrSyn":[{"text":"TPK","link":"https://csrc.nist.gov/glossary/term/tpk"}],"definitions":null},{"term":"Temporary Key","link":"https://csrc.nist.gov/glossary/term/temporary_key","abbrSyn":[{"text":"TK","link":"https://csrc.nist.gov/glossary/term/tk"}],"definitions":null},{"term":"Temporary Mobile Subscriber Identity","link":"https://csrc.nist.gov/glossary/term/temporary_mobile_subscriber_identity","abbrSyn":[{"text":"TMSI","link":"https://csrc.nist.gov/glossary/term/tmsi"}],"definitions":null},{"term":"Tennessee Eastman","link":"https://csrc.nist.gov/glossary/term/tennessee_eastman","abbrSyn":[{"text":"TE","link":"https://csrc.nist.gov/glossary/term/te"}],"definitions":null},{"term":"Terabytes","link":"https://csrc.nist.gov/glossary/term/terabytes","abbrSyn":[{"text":"TB","link":"https://csrc.nist.gov/glossary/term/tb"}],"definitions":null},{"term":"TERENA","link":"https://csrc.nist.gov/glossary/term/terena","abbrSyn":[{"text":"Trans-European Research and Education Networking Association","link":"https://csrc.nist.gov/glossary/term/trans_european_research_and_education_networking_association"}],"definitions":null},{"term":"Term of Support","link":"https://csrc.nist.gov/glossary/term/term_of_support","definitions":[{"text":"The length of time for which the device will be supported by the manufacturer or supporting parties for such actions and materials as part replacements, software updates, vulnerability notices, technical support questions, etc.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"}]}]},{"term":"Terminal Access Controller Access Control System","link":"https://csrc.nist.gov/glossary/term/terminal_access_controller_access_control_system","abbrSyn":[{"text":"TACACS","link":"https://csrc.nist.gov/glossary/term/tacacs"}],"definitions":null},{"term":"Terrestrial Beacon System","link":"https://csrc.nist.gov/glossary/term/terrestrial_beacon_system","abbrSyn":[{"text":"TBS","link":"https://csrc.nist.gov/glossary/term/tbs"}],"definitions":null},{"term":"TESLA","link":"https://csrc.nist.gov/glossary/term/tesla","abbrSyn":[{"text":"Timed Efficient Stream Loss-Tolerant Authentication","link":"https://csrc.nist.gov/glossary/term/timed_efficient_stream_loss_tolerant_authentication"}],"definitions":null},{"term":"Test","link":"https://csrc.nist.gov/glossary/term/test","definitions":[{"text":"A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control effectiveness over time.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]}]},{"text":"An evaluation tool that uses quantifiable metrics to validate the operability of a system or system component in an operational environment specified in an IT plan.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]},{"text":"A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control or privacy control effectiveness over time.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"Test Access Points","link":"https://csrc.nist.gov/glossary/term/test_access_points","abbrSyn":[{"text":"TAP","link":"https://csrc.nist.gov/glossary/term/tap"}],"definitions":null},{"term":"Test Access Port","link":"https://csrc.nist.gov/glossary/term/test_access_port","abbrSyn":[{"text":"TAPS","link":"https://csrc.nist.gov/glossary/term/taps"}],"definitions":null},{"term":"test action","link":"https://csrc.nist.gov/glossary/term/test_action","definitions":[{"text":"The action to be performed based on the response to a particular question. Examples of test actions are asking another question or calculating a result.","sources":[{"text":"NISTIR 7692","link":"https://doi.org/10.6028/NIST.IR.7692"}]}]},{"term":"Test Director","link":"https://csrc.nist.gov/glossary/term/test_director","definitions":[{"text":"A person responsible for all aspects of a test, including staffing, development, conduct, and logistics.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test Evidence","link":"https://csrc.nist.gov/glossary/term/test_evidence","abbrSyn":[{"text":"TE","link":"https://csrc.nist.gov/glossary/term/te"}],"definitions":null},{"term":"Test Guide","link":"https://csrc.nist.gov/glossary/term/test_guide","definitions":[{"text":"A document that outlines the basic steps involved in conducting a test and includes a list of the participants, a list of individuals and groups who might be affected by the test, and procedures for early termination of the test.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"test key","link":"https://csrc.nist.gov/glossary/term/test_key","definitions":[{"text":"Key intended for testing of COMSEC equipment or systems. If intended for off-the-air, in-shop use, such key is called maintenance key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Test Plan","link":"https://csrc.nist.gov/glossary/term/test_plan","definitions":[{"text":"A document that outlines the specific steps that will be performed for a particular test, including the required logistical items and expected outcome or response for each step.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test Tools","link":"https://csrc.nist.gov/glossary/term/test_tools","definitions":[{"text":"are a means of testing to confirm that an IT product, process, or service conforms to the requirements of a standard or standards. Examples of test tools are executable test code or reference data.","sources":[{"text":"NISTIR 8074 Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8074v2"}]}]},{"term":"Test, Training, and Exercise","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise","abbrSyn":[{"text":"TT&E","link":"https://csrc.nist.gov/glossary/term/ttande"}],"definitions":null},{"term":"Test, Training, and Exercise (TT&E) Event","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise_event","definitions":[{"text":"An event used to support the maintenance of an IT plan by allowing organizations to identify problems related to an IT plan and implement solutions before an adverse situation occurs.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test, Training, and Exercise (TT&E) Plan","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise_plan","definitions":[{"text":"A plan that outlines the steps to be taken to ensure that personnel are trained in their IT plan roles and responsibilities, IT plans are exercised to validate their viability, and IT components or systems are tested to validate their operability in the context of an IT plan.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test, Training, and Exercise (TT&E) Policy","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise_policy","definitions":[{"text":"A policy that outlines an organization’s internal and external requirements associated with training personnel, exercising IT plans, and testing IT components and systems.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test, Training, and Exercise (TT&E) Program","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise_program","definitions":[{"text":"A means for ensuring that personnel are trained in their IT plan roles and responsibilities; IT plans are exercised to validate their viability; and IT components or systems are tested to validate their operability.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Test, Training, and Exercise (TT&E) Program Coordinator","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise_program_coordinator","definitions":[{"text":"A person who is responsible for developing a TT&E plan and coordinating TT&E events.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]}]},{"term":"Tested Operational Environment’s Physical Perimeter","link":"https://csrc.nist.gov/glossary/term/tested_operational_environments_physical_perimeter","abbrSyn":[{"text":"TOEPP","link":"https://csrc.nist.gov/glossary/term/toepp"}],"definitions":null},{"term":"Testing","link":"https://csrc.nist.gov/glossary/term/testing","definitions":[{"text":"Determination of one or more characteristics of an object of conformity assessment, according to a procedure.","sources":[{"text":"Cybersecurity Labeling for Consumer IoT Products","link":"https://doi.org/10.6028/NIST.CSWP.02042022-2"}]}]},{"term":"TestResult","link":"https://csrc.nist.gov/glossary/term/testresult","definitions":[{"text":"The container for XCCDF results. May be the root node of an XCCDF results document.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Text","link":"https://csrc.nist.gov/glossary/term/text","abbrSyn":[{"text":"TXT","link":"https://csrc.nist.gov/glossary/term/txt"}],"definitions":null},{"term":"TF-A","link":"https://csrc.nist.gov/glossary/term/tf_a","abbrSyn":[{"text":"Trusted Firmware-A","link":"https://csrc.nist.gov/glossary/term/trusted_firmware_a"}],"definitions":null},{"term":"TFC","link":"https://csrc.nist.gov/glossary/term/tfc","abbrSyn":[{"text":"Traffic Flow Confidentiality"}],"definitions":null},{"term":"TFS","link":"https://csrc.nist.gov/glossary/term/tfs","abbrSyn":[{"text":"Traffic Flow Security"}],"definitions":null},{"term":"TFT","link":"https://csrc.nist.gov/glossary/term/tft","abbrSyn":[{"text":"Thin Film Transistor","link":"https://csrc.nist.gov/glossary/term/thin_film_transistor"}],"definitions":null},{"term":"TFTP","link":"https://csrc.nist.gov/glossary/term/tftp","abbrSyn":[{"text":"Trivial File Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/trivial_file_transfer_protocol"}],"definitions":null},{"term":"TGDC","link":"https://csrc.nist.gov/glossary/term/tgdc","abbrSyn":[{"text":"Technical Guidelines Development Committee","link":"https://csrc.nist.gov/glossary/term/technical_guidelines_development_committee"}],"definitions":null},{"term":"TGS","link":"https://csrc.nist.gov/glossary/term/tgs","abbrSyn":[{"text":"Ticket Granting Server","link":"https://csrc.nist.gov/glossary/term/ticket_granting_server"},{"text":"Ticket Granting Ticket","link":"https://csrc.nist.gov/glossary/term/ticket_granting_ticket"}],"definitions":null},{"term":"TGT","link":"https://csrc.nist.gov/glossary/term/tgt","abbrSyn":[{"text":"Ticket Granting Ticket","link":"https://csrc.nist.gov/glossary/term/ticket_granting_ticket"},{"text":"Ticket-Granting Ticket"}],"definitions":null},{"term":"Thales TCT","link":"https://csrc.nist.gov/glossary/term/thales_tct","abbrSyn":[{"text":"Thales Trusted Cyber Technologies","link":"https://csrc.nist.gov/glossary/term/thales_trusted_cyber_technologies"}],"definitions":null},{"term":"Thales Trusted Cyber Technologies","link":"https://csrc.nist.gov/glossary/term/thales_trusted_cyber_technologies","abbrSyn":[{"text":"Thales TCT","link":"https://csrc.nist.gov/glossary/term/thales_tct"}],"definitions":null},{"term":"THC","link":"https://csrc.nist.gov/glossary/term/thc","abbrSyn":[{"text":"The Hacker’s Choice","link":"https://csrc.nist.gov/glossary/term/the_hackers_choice"}],"definitions":null},{"term":"The Common Rule","link":"https://csrc.nist.gov/glossary/term/the_common_rule","abbrSyn":[{"text":"Federal Policy for the Protection of Human Subjects","link":"https://csrc.nist.gov/glossary/term/federal_policy_for_the_protection_of_human_subjects"}],"definitions":null},{"term":"The Hacker’s Choice","link":"https://csrc.nist.gov/glossary/term/the_hackers_choice","abbrSyn":[{"text":"THC","link":"https://csrc.nist.gov/glossary/term/thc"}],"definitions":null},{"term":"The International Society of Automation","link":"https://csrc.nist.gov/glossary/term/the_international_society_of_automation","abbrSyn":[{"text":"ISA","link":"https://csrc.nist.gov/glossary/term/isa"}],"definitions":null},{"term":"The Ultimate Collection of Forensic Software","link":"https://csrc.nist.gov/glossary/term/the_ultimate_collection_of_forensic_software","abbrSyn":[{"text":"TUCOFS","link":"https://csrc.nist.gov/glossary/term/tucofs"}],"definitions":null},{"term":"Thin Film Transistor","link":"https://csrc.nist.gov/glossary/term/thin_film_transistor","abbrSyn":[{"text":"TFT","link":"https://csrc.nist.gov/glossary/term/tft"}],"definitions":null},{"term":"Third Extended Filesystem","link":"https://csrc.nist.gov/glossary/term/third_extended_filesystem","abbrSyn":[{"text":"ext3fs","link":"https://csrc.nist.gov/glossary/term/ext3fs"}],"definitions":null},{"term":"Third-party Providers","link":"https://csrc.nist.gov/glossary/term/third_party_providers","definitions":[{"text":"Service providers, integrators, vendors, telecommunications, and infrastructure support that are external to the organization that operates the manufacturing system.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"Third-Party Relationships","link":"https://csrc.nist.gov/glossary/term/third_party_relationships","definitions":[{"text":"relationships with external entities. External entities may include, for example, service providers, vendors, supply-side partners, demand-side partners, alliances, consortiums, and investors, and may include both contractual and non-contractual parties.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183","refSources":[{"text":"DHS","note":" - Unknown Source"},{"text":"National Cybersecurity & Communications Integration Center","link":"https://www.cisa.gov/central"}]},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2","refSources":[{"text":"DHS"}]},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3","refSources":[{"text":"DHS"}]}]},{"text":"Relationships with external entities. External entities may include, for example, service providers, vendors, supply-side partners, demand-side partners, alliances, consortiums, and investors, and may include both contractual and non-contractual parties.","sources":[{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1","refSources":[{"text":"DHS"}]}]}]},{"term":"Third-party testing","link":"https://csrc.nist.gov/glossary/term/third_party_testing","definitions":[{"text":"Independent testing by an organization that was not involved in the design and implementation of the object being tested (e.g., a system or device) and is not intended as the eventual user of that object.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"Thousandth of an inch","link":"https://csrc.nist.gov/glossary/term/thousandth_of_an_inch","abbrSyn":[{"text":"mil","link":"https://csrc.nist.gov/glossary/term/mil"}],"definitions":null},{"term":"Thread","link":"https://csrc.nist.gov/glossary/term/thread","definitions":[{"text":"A defined group of instructions executing apart from other similarly defined groups, but sharing memory and resources of the process to which they belong.","sources":[{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Threat Agent/Source","link":"https://csrc.nist.gov/glossary/term/threat_agent_source","abbrSyn":[{"text":"threat source","link":"https://csrc.nist.gov/glossary/term/threat_source"},{"text":"THREAT SOURCE"}],"definitions":[{"text":"The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under threat source ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"text":"The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with Threat Agent.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under THREAT SOURCE "},{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]},{"text":"Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","underTerm":" under threat source ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under threat source ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Either: (i) intent and method targeted at the intentional exploitation of a vulnerability; or (ii) a situation and method that may accidentally trigger a vulnerability.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","refSources":[{"text":"NIST SP 800-30","link":"https://doi.org/10.6028/NIST.SP.800-30"}]}]},{"text":"Either (1) intent and method targeted at the intentional exploitation of a vulnerability or (2) the situation and method that may accidentally trigger a vulnerability.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under threat source "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under threat source "}]},{"text":"The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. See threat agent.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under threat source ","refSources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200"}]}]}],"seeAlso":[{"text":"threat source","link":"threat_source"}]},{"term":"threat analysis","link":"https://csrc.nist.gov/glossary/term/threat_analysis","abbrSyn":[{"text":"threat assessment"}],"definitions":[{"text":"Formal description and evaluation of threat to a system or organization.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under threat assessment ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat assessment "}]},{"text":"Formal description and evaluation of threat to an information system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under threat assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under threat assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See threat assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]"},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]"}]},{"text":"Assessment to evaluate the actual or potential effect of a threat to a system. \nNote: The threat assessment may include identifying and describing the nature of the threat.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat assessment "}]},{"text":"Assessment to evaluate the actual or potential effect of a threat to a system.\nNote: The threat assessment may include identifying and describing the nature of the threat.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat assessment "}]}]},{"term":"Threat Assessment/Analysis","link":"https://csrc.nist.gov/glossary/term/threat_assessment_analysis","abbrSyn":[{"text":"threat analysis","link":"https://csrc.nist.gov/glossary/term/threat_analysis"}],"definitions":[{"text":"Formal description and evaluation of threat to a system or organization.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under threat assessment ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat assessment "},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Threat Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Threat Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Threat Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53A","link":"https://doi.org/10.6028/NIST.SP.800-53A"}]}]},{"text":"Formal description and evaluation of threat to an information system.","sources":[{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Threat Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Threat Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under threat assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under threat assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See threat assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under threat analysis "}]},{"text":"The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.","sources":[{"text":"NIST SP 800-33","link":"https://doi.org/10.6028/NIST.SP.800-33","note":" [Withdrawn]","underTerm":" under threat analysis "},{"text":"NIST SP 800-27 Rev. A","link":"https://doi.org/10.6028/NIST.SP.800-27rA","note":" [Withdrawn]","underTerm":" under threat analysis "}]},{"text":"Assessment to evaluate the actual or potential effect of a threat to a system. \nNote: The threat assessment may include identifying and describing the nature of the threat.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat assessment "}]},{"text":"Assessment to evaluate the actual or potential effect of a threat to a system.\nNote: The threat assessment may include identifying and describing the nature of the threat.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under threat assessment "}]}]},{"term":"threat event outcome","link":"https://csrc.nist.gov/glossary/term/threat_event_outcome","definitions":[{"text":"The effect a threat acting upon a vulnerability has on the confidentiality, integrity, and/or availability of the organization’s operations, assets, or individuals.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1"}]}]},{"term":"threat information","link":"https://csrc.nist.gov/glossary/term/threat_information","definitions":[{"text":"Analytical insights into trends, technologies, or tactics of an adversarial nature affecting information systems security.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Threat Information ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Any information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor. Major types of threat information include indicators, TTPs, security alerts, threat intelligence reports, and tool configurations.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Threat Information "}]},{"text":"Any information related to a threat that might help an organization protect itself against the threat or detect the activities of an actor. Major types of threat information include indicators, TTPs, security alerts, threat intelligence reports, and tool configurations.","sources":[{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]}]},{"term":"threat intelligence","link":"https://csrc.nist.gov/glossary/term/threat_intelligence","definitions":[{"text":"Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Threat Intelligence "},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Threat Intelligence ","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]},{"text":"NIST SP 800-172","link":"https://doi.org/10.6028/NIST.SP.800-171r2","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]}]},{"term":"Threat Intelligence Report","link":"https://csrc.nist.gov/glossary/term/threat_intelligence_report","definitions":[{"text":"A prose document that describes TTPs, actors, types of systems and information being targeted, and other threat-related information.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"term":"threat modeling","link":"https://csrc.nist.gov/glossary/term/threat_modeling","definitions":[{"text":"A form of risk assessment that models aspects of the attack and defense sides of a logical entity, such as a piece of data, an application, a host, a system, or an environment.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"Draft NIST SP 800-154","link":"/publications/detail/sp/800-154/draft"}]}]}]},{"term":"threat monitoring","link":"https://csrc.nist.gov/glossary/term/threat_monitoring","definitions":[{"text":"Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"threat scenario","link":"https://csrc.nist.gov/glossary/term/threat_scenario","definitions":[{"text":"A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Threat Scenario ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Threat Scenario ","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. Synonym for Threat Campaign.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Threat Scenario "}]}]},{"term":"Threat Shifting","link":"https://csrc.nist.gov/glossary/term/threat_shifting","definitions":[{"text":"The response of actors to perceived safeguards and/or countermeasures (i.e., security controls), in which actors change some characteristic of their intent/targeting in order to avoid and/or overcome those safeguards/countermeasures.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","refSources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"text":"Response from adversaries to perceived safeguards and/or countermeasures (i.e., security controls), in which the adversaries change some characteristic of their intent to do harm in order to avoid and/or overcome those safeguards/countermeasures.","sources":[{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1"}]}]},{"term":"Threat Signaling","link":"https://csrc.nist.gov/glossary/term/threat_signaling","definitions":[{"text":"Real-time signaling of DDoS-related telemetry and threat-handling requests and data between elements concerned with DDoS attack detection, classification, trace back, and mitigation.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"European Commission Rolling Plan","link":"https://joinup.ec.europa.eu/collection/rolling-plan-ict-standardisation/cybersecurity-network-and-information-security"}]}]},{"text":"Real-time signaling of DDoS-related telemetry and threat-handling requests and data between elements concerned with DDoS attack detection, classification, traceback, and mitigation.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"European Commission Rolling Plan","link":"https://joinup.ec.europa.eu/collection/rolling-plan-ict-standardisation/cybersecurity-network-and-information-security"}]}]}]},{"term":"Three-key Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/three_key_triple_data_encryption_algorithm","abbrSyn":[{"text":"3TDEA","link":"https://csrc.nist.gov/glossary/term/3tdea"}],"definitions":[{"text":"Three-key Triple Data Encryption Algorithm specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under 3TDEA "}]}]},{"term":"Thresholds","link":"https://csrc.nist.gov/glossary/term/thresholds","definitions":[{"text":"Values used to establish concrete decision points and operational control limits to trigger management action and response escalation.","sources":[{"text":"NISTIR 8183","link":"https://doi.org/10.6028/NIST.IR.8183"},{"text":"NISTIR 8183A Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8183A-1"},{"text":"NISTIR 8183A Vol. 2","link":"https://doi.org/10.6028/NIST.IR.8183A-2"},{"text":"NISTIR 8183A Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8183A-3"},{"text":"NISTIR 8183 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.8183r1"}]}]},{"term":"TIA/EIA","link":"https://csrc.nist.gov/glossary/term/tia_eia","abbrSyn":[{"text":"Telecommunications Industry Association. Electronic Industries Alliance","link":"https://csrc.nist.gov/glossary/term/telecommunications_industry_association_electronic_industries_alliance"}],"definitions":null},{"term":"TIC","link":"https://csrc.nist.gov/glossary/term/tic","abbrSyn":[{"text":"Trusted Internet Connection","link":"https://csrc.nist.gov/glossary/term/trusted_internet_connection"},{"text":"Trusted Internet Connections"}],"definitions":null},{"term":"Ticket Granting Server","link":"https://csrc.nist.gov/glossary/term/ticket_granting_server","abbrSyn":[{"text":"TGS","link":"https://csrc.nist.gov/glossary/term/tgs"}],"definitions":null},{"term":"Ticket Granting Ticket","link":"https://csrc.nist.gov/glossary/term/ticket_granting_ticket","abbrSyn":[{"text":"TGS","link":"https://csrc.nist.gov/glossary/term/tgs"},{"text":"TGT","link":"https://csrc.nist.gov/glossary/term/tgt"}],"definitions":null},{"term":"TID","link":"https://csrc.nist.gov/glossary/term/tid","abbrSyn":[{"text":"Tag Identifier","link":"https://csrc.nist.gov/glossary/term/tag_identifier"}],"definitions":null},{"term":"Tier 0 (central facility) (COMSEC)","link":"https://csrc.nist.gov/glossary/term/tier_0_central_facility","abbrSyn":[{"text":"central facility"}],"definitions":[{"text":"The composite facility approved, managed, and operated under National Security Agency (NSA) oversight that includes: \na. National COMSEC Material Generation and Production facilities for physical and electronic keys, both traditional and modern. \nb. Central Office of Record (COR) services for NSA, contractor, and select Civil Agency accounts. \nc. National Distribution Authority (NDA) for U.S. accounts worldwide. \nd. National Registration Authority for all non-military accounts on U.S. systems. \ne. National Credential Manager for all electronic key management system (EKMS) accounts on U.S. systems. \nf. EKMS Defense Courier Service (DCS) data administrator.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Tier 1/common tier 1 (CT1) (COMSEC)","link":"https://csrc.nist.gov/glossary/term/tier_1_common_tier_1","definitions":[{"text":"The composite of the electronic key management system (EKMS) Common Tier 1 (CT1) systems that is a tool used by the military service central offices of record (CORs) to support their accounts and by the Civil Agency CORs requesting CT1 support. The CT1 also provides generation and distribution of many types of traditional keying material for large nets. The CT1 consists of two Primary Tier 1 sites, one Extension Tier 1 site, and other Physical Material Handling Segments (PMHS) at several service sites providing the following services: a. Common military traditional electronic keying material generation and distribution facilities. b. Common keying material ordering interface for all types of keying material required by military accounts. c. Registration Authority for U.S. military accounts. d. Ordering Privilege Manager for U.S. military accounts. e. Management for the military’s COMSEC vaults, depots, and logistics system facilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Tier 2 (COMSEC)","link":"https://csrc.nist.gov/glossary/term/tier_2","definitions":[{"text":"The layer of the electronic key management system (EKMS) comprising COMSEC accounts and subaccounts managing keying material and other COMSEC material. Automated EKMS Tier 2s consist of a Service- or Agency-provided Local Management Device (LMD) running the Local COMSEC Management Software (LCMS), a Key Processor (KP), and a secure terminal equipment (STE) or other secure communication device(s).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Tier 3 (COMSEC)","link":"https://csrc.nist.gov/glossary/term/tier_3","definitions":[{"text":"The lowest tier or layer of electronic key management system (EKMS) architecture comprising hand-receipt holders who use an electronic fill device (e.g., the Data Transfer Device (DTD), Secure DTD2000 System (SDS), Simple Key Loader (SKL)) and all other means to issue key to End Cryptographic Units (ECUs). Tier 3 elements receive keying material from Tier 2 activities by means of electronic fill devices or in canisters (for physical keying material).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Tier I Checklist","link":"https://csrc.nist.gov/glossary/term/tier_i_checklist","definitions":[{"text":"A checklist in the National Checklist Repository that is prose-based, such as narrative descriptions of how a person can manually alter a product’s configuration.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Tier II Checklist","link":"https://csrc.nist.gov/glossary/term/tier_ii_checklist","definitions":[{"text":"A checklist in the National Checklist Repository that documents the recommended security settings in a machine-readable but non-standard format, such as a proprietary format or a product-specific configuration script.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Tier III Checklist","link":"https://csrc.nist.gov/glossary/term/tier_iii_checklist","definitions":[{"text":"A checklist in the National Checklist Repository that uses SCAP to document the recommended security settings in machine-readable standardized SCAP formats that meet the definition of “SCAP Expressed” specified in NIST SP 800-126. SCAP Validated products should be able to process Tier III checklists.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"Tier IV Checklist","link":"https://csrc.nist.gov/glossary/term/tier_iv_checklist","definitions":[{"text":"A checklist in the National Checklist Repository that is considered production-ready and has been validated by NIST or a NIST-recognized authoritative entity to ensure, to the maximum extent possible, interoperability with SCAP-validated products. Tier IV checklists also demonstrate the ability to map low-level security settings (for example, standardized identifiers for individual security configuration issues) to high -level security requirements as represented in various security frameworks (e.g., SP 800-53 controls for FISMA), and the mappings have been vetted with the appropriate authority.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"tiered label","link":"https://csrc.nist.gov/glossary/term/tiered_label","abbrSyn":[{"text":"graded label","link":"https://csrc.nist.gov/glossary/term/graded_label"}],"definitions":[{"text":"Indicates the degree to which a product has satisfied a specific standard, sometimes based on attaining increasing levels of performance against specified criteria. Tiers or grades are often represented by colors (e.g., red-yellow-green), numbers of icons (e.g., stars or security shields), or other appropriate metaphors (e.g., precious metals: gold-silver-bronze).","sources":[{"text":"Cybersecurity Labeling of Consumer Software","link":"https://doi.org/10.6028/NIST.CSWP.02042022-1"}]}]},{"term":"TIG","link":"https://csrc.nist.gov/glossary/term/tig","abbrSyn":[{"text":"Technical Implementation Guidance","link":"https://csrc.nist.gov/glossary/term/technical_implementation_guidance"},{"text":"Trusted Identities Group","link":"https://csrc.nist.gov/glossary/term/trusted_identities_group"}],"definitions":null},{"term":"time bomb","link":"https://csrc.nist.gov/glossary/term/time_bomb","definitions":[{"text":"Resident computer program that triggers an unauthorized act at a predefined time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Time Division Multiple Access","link":"https://csrc.nist.gov/glossary/term/time_division_multiple_access","abbrSyn":[{"text":"TDMA","link":"https://csrc.nist.gov/glossary/term/tdma"}],"definitions":null},{"term":"Time Division Multiplexing","link":"https://csrc.nist.gov/glossary/term/time_division_multiplexing","abbrSyn":[{"text":"TDM","link":"https://csrc.nist.gov/glossary/term/tdm"}],"definitions":null},{"term":"time interval","link":"https://csrc.nist.gov/glossary/term/time_interval","definitions":[{"text":"The elapsed time between two events. In time and frequency metrology, time interval is usually measured in small fractions of a second, such as milliseconds, microseconds, or nanoseconds. Higher resolution time interval measurements are often made with a time interval counter.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"time scale","link":"https://csrc.nist.gov/glossary/term/time_scale","definitions":[{"text":"An agreed upon system for keeping time. All time scales use a frequency source to define the length of the second, which is the standard unit of time interval. Seconds are then counted to measure longer units of time interval, such as minutes, hours, or days. Modern time scales, such as UTC, define the second based on an atomic property of the cesium atom, and thus standard seconds are produced by cesium oscillators. Earlier time scales (including earlier versions of Universal Time) were based on astronomical observations that measured the frequency of the Earth’s rotation.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST T&F Glossary","link":"https://www.nist.gov/pml/time-and-frequency-division/popular-links/time-frequency-z"}]}]}]},{"term":"Time Slotted Channel Hopping","link":"https://csrc.nist.gov/glossary/term/time_slotted_channel_hopping","abbrSyn":[{"text":"TSCH","link":"https://csrc.nist.gov/glossary/term/tsch"}],"definitions":null},{"term":"Time to Live","link":"https://csrc.nist.gov/glossary/term/time_to_live","abbrSyn":[{"text":"TTL","link":"https://csrc.nist.gov/glossary/term/ttl"}],"definitions":null},{"term":"time-compliance date","link":"https://csrc.nist.gov/glossary/term/time_compliance_date","definitions":[{"text":"Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Timed Efficient Stream Loss-Tolerant Authentication","link":"https://csrc.nist.gov/glossary/term/timed_efficient_stream_loss_tolerant_authentication","abbrSyn":[{"text":"TESLA","link":"https://csrc.nist.gov/glossary/term/tesla"}],"definitions":null},{"term":"time-dependent password","link":"https://csrc.nist.gov/glossary/term/time_dependent_password","definitions":[{"text":"Password that is valid only at a certain time of day or during a specified interval of time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Timestamp","link":"https://csrc.nist.gov/glossary/term/timestamp","definitions":[{"text":"A token or packet of information that is used to provide assurance of timeliness; the timestamp contains timestamped data, including a time, and a signature generated by a Trusted Timestamp Authority (TTA).","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102"}]},{"text":"A token of information that is used to provide assurance of timeliness; contains timestamped data, including time, and a signature generated by a Trusted Timestamp Authority (TTA).","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"Timestamp Packet","link":"https://csrc.nist.gov/glossary/term/timestamp_packet","abbrSyn":[{"text":"TSP","link":"https://csrc.nist.gov/glossary/term/tsp"}],"definitions":[{"text":"A unit of information that is transmitted by a TTA that contains timestamped_data and a timestamp_signature.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under timestamp_packet "}]}]},{"term":"Timestamp Token","link":"https://csrc.nist.gov/glossary/term/timestamp_token","abbrSyn":[{"text":"TST","link":"https://csrc.nist.gov/glossary/term/tst"}],"definitions":null},{"term":"TIP","link":"https://csrc.nist.gov/glossary/term/tip","abbrSyn":[{"text":"Technical Information Paper","link":"https://csrc.nist.gov/glossary/term/technical_information_paper"}],"definitions":null},{"term":"TIPC","link":"https://csrc.nist.gov/glossary/term/tipc","abbrSyn":[{"text":"Transparent Inter-Process Communication","link":"https://csrc.nist.gov/glossary/term/transparent_inter_process_communication"}],"definitions":null},{"term":"TIR","link":"https://csrc.nist.gov/glossary/term/tir","abbrSyn":[{"text":"Technical Information Report","link":"https://csrc.nist.gov/glossary/term/technical_information_report"}],"definitions":null},{"term":"TIS","link":"https://csrc.nist.gov/glossary/term/tis","abbrSyn":[{"text":"Technology Infrastructure Subcommittee","link":"https://csrc.nist.gov/glossary/term/technology_infrastructure_subcommittee"}],"definitions":null},{"term":"TK","link":"https://csrc.nist.gov/glossary/term/tk","abbrSyn":[{"text":"Temporal Key","link":"https://csrc.nist.gov/glossary/term/temporal_key"},{"text":"Temporary Key","link":"https://csrc.nist.gov/glossary/term/temporary_key"}],"definitions":null},{"term":"TKIP","link":"https://csrc.nist.gov/glossary/term/tkip","abbrSyn":[{"text":"Temporal Key Integrity Protocol","link":"https://csrc.nist.gov/glossary/term/temporal_key_integrity_protocol"}],"definitions":null},{"term":"TKIP Sequence Counter","link":"https://csrc.nist.gov/glossary/term/tkip_sequence_counter","abbrSyn":[{"text":"TSC","link":"https://csrc.nist.gov/glossary/term/tsc"}],"definitions":null},{"term":"TKS","link":"https://csrc.nist.gov/glossary/term/tks","abbrSyn":[{"text":"Task, Knowledge, and Skill statements","link":"https://csrc.nist.gov/glossary/term/task_knowledge_and_skill_statements"}],"definitions":null},{"term":"TKW","link":"https://csrc.nist.gov/glossary/term/tkw","abbrSyn":[{"text":"TDEA Key Wrap","link":"https://csrc.nist.gov/glossary/term/tdea_key_wrap"},{"text":"Triple Data Encryption Algorithm Wrapping","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_algorithm_wrapping"}],"definitions":null},{"term":"TLC","link":"https://csrc.nist.gov/glossary/term/tlc","abbrSyn":[{"text":"Tripwire Log Center","link":"https://csrc.nist.gov/glossary/term/tripwire_log_center"}],"definitions":null},{"term":"TLD","link":"https://csrc.nist.gov/glossary/term/tld","abbrSyn":[{"text":"Top-level Domain","link":"https://csrc.nist.gov/glossary/term/top_level_domain"}],"definitions":null},{"term":"TLP","link":"https://csrc.nist.gov/glossary/term/tlp","abbrSyn":[{"text":"Traffic Light Protocol","link":"https://csrc.nist.gov/glossary/term/traffic_light_protocol"}],"definitions":null},{"term":"TLS","link":"https://csrc.nist.gov/glossary/term/tls","abbrSyn":[{"text":"transport layer security"},{"text":"Transport Layer Security"},{"text":"Transport Layer Security (protocol)"}],"definitions":[{"text":"An authentication and encryption protocol widely implemented in browsers and Web servers. HTTP traffic transmitted using TLS is known as HTTPS.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Transport Layer Security "}]}]},{"term":"TLS Certificate Association (Resource Record)","link":"https://csrc.nist.gov/glossary/term/tls_certificate_association","abbrSyn":[{"text":"TLSA","link":"https://csrc.nist.gov/glossary/term/tlsa"}],"definitions":null},{"term":"TLS/SSL","link":"https://csrc.nist.gov/glossary/term/tls_ssl","abbrSyn":[{"text":"Transport Layer Security/Secure Sockets Layer","link":"https://csrc.nist.gov/glossary/term/transport_layer_security_secure_sockets_layer"}],"definitions":null},{"term":"TLSA","link":"https://csrc.nist.gov/glossary/term/tlsa","abbrSyn":[{"text":"TLS Certificate Association (Resource Record)","link":"https://csrc.nist.gov/glossary/term/tls_certificate_association"}],"definitions":null},{"term":"TLV","link":"https://csrc.nist.gov/glossary/term/tlv","abbrSyn":[{"text":"Tag-Length-Value","link":"https://csrc.nist.gov/glossary/term/tag_length_value"},{"text":"Type Length Value","link":"https://csrc.nist.gov/glossary/term/type_length_value"},{"text":"Type, Length, Value"}],"definitions":null},{"term":"TMOVS","link":"https://csrc.nist.gov/glossary/term/tmovs","definitions":[{"text":"TDEA Modes of Operation Validation System","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TMSAD","link":"https://csrc.nist.gov/glossary/term/tmsad","abbrSyn":[{"text":"Trust Model for Security Automation Data","link":"https://csrc.nist.gov/glossary/term/trust_model_for_security_automation_data"}],"definitions":null},{"term":"TMSH","link":"https://csrc.nist.gov/glossary/term/tmsh","abbrSyn":[{"text":"Traffic Management Shell","link":"https://csrc.nist.gov/glossary/term/traffic_management_shell"}],"definitions":null},{"term":"TMSI","link":"https://csrc.nist.gov/glossary/term/tmsi","abbrSyn":[{"text":"Temporary Mobile Subscriber Identity","link":"https://csrc.nist.gov/glossary/term/temporary_mobile_subscriber_identity"}],"definitions":null},{"term":"TNC","link":"https://csrc.nist.gov/glossary/term/tnc","abbrSyn":[{"text":"Trusted Network Connect","link":"https://csrc.nist.gov/glossary/term/trusted_network_connect"}],"definitions":null},{"term":"TOE","link":"https://csrc.nist.gov/glossary/term/toe","abbrSyn":[{"text":"Target of Evaluation"}],"definitions":null},{"term":"TOE Security Functions","link":"https://csrc.nist.gov/glossary/term/toe_security_functions","abbrSyn":[{"text":"TSF","link":"https://csrc.nist.gov/glossary/term/tsf"}],"definitions":null},{"term":"TOEPP","link":"https://csrc.nist.gov/glossary/term/toepp","abbrSyn":[{"text":"Tested Operational Environment’s Physical Perimeter","link":"https://csrc.nist.gov/glossary/term/tested_operational_environments_physical_perimeter"}],"definitions":null},{"term":"TOFB","link":"https://csrc.nist.gov/glossary/term/tofb","definitions":[{"text":"TDEA Output Feedback Mode of Operation","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"TOFB-I","link":"https://csrc.nist.gov/glossary/term/tofb_i","definitions":[{"text":"TDEA Output Feedback Mode of Operation – Interleaved","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]}]},{"term":"token","link":"https://csrc.nist.gov/glossary/term/token","abbrSyn":[{"text":"authenticator","link":"https://csrc.nist.gov/glossary/term/authenticator"},{"text":"Authenticator"}],"definitions":[{"text":"Something the cardholder possesses and controls (e.g., PIV Card or derived PIV credential) that is used to authenticate the cardholder’s identity.","sources":[{"text":"FIPS 201-3","link":"https://doi.org/10.6028/NIST.FIPS.201-3","underTerm":" under Authenticator "}]},{"text":"An entity that facilitates authentication of other entities attached to the same LAN using a public key certificate."},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-171r3","link":"https://doi.org/10.6028/NIST.SP.800-171r3","underTerm":" under authenticator "}]},{"text":"The means used to confirm the identity of a user, process, or device (e.g., user password or token).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under authenticator ","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"Something that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See cryptographic token.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" - Adapted"}]}]},{"text":"Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Token ","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"The means used to confirm the identity of a user, processor, or device (e.g., user password or token).","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Authenticator "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as atoken.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator "}]},{"text":"See Authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Token "}]},{"text":"A portable, user-controlled, physical device (e.g., smart card or memory stick) used to store cryptographic information and possibly also perform cryptographic functions.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Token "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Authenticator "}]},{"text":"See Authenticator","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Token "},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Token "}]},{"text":"Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as a token.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator "}]},{"text":"Something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. This was previously referred to as a token.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under authenticator "}]},{"text":"Either information that is only known to the person and the verifier, or a hardware device that can generate information that the verifier knows can only come from that device","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Tokens "}]},{"text":"A physical object a user possesses and controls that is used to authenticate the user’s identity.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Token "}]},{"text":"A representation of a particular asset that typically relies on a blockchain or other types of distributed ledgers.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Token ","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]},{"text":"Something that the Claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the Claimant’s identity.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Token "}]}],"seeAlso":[{"text":"cryptographic token","link":"cryptographic_token"}]},{"term":"Token Authenticator","link":"https://csrc.nist.gov/glossary/term/token_authenticator","abbrSyn":[{"text":"Authenticator Output","link":"https://csrc.nist.gov/glossary/term/authenticator_output"}],"definitions":[{"text":"The output value generated by an authenticator. The ability to generate valid authenticator outputs on demand proves that the claimant possesses and controls the authenticator. Protocol messages sent to the verifier are dependent upon the authenticator output, but they may or may not explicitly contain it.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator Output "}]},{"text":"See Authenticator Output.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The output value generated by a token. The ability to generate valid token authenticators on demand proves that the Claimant possesses and controls the token. Protocol messages sent to the Verifier are dependent upon the token authenticator, but they may or may not explicitly contain it.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Token Factory Contract","link":"https://csrc.nist.gov/glossary/term/token_factory_contract","definitions":[{"text":"A smart contract that defines and issues a token.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301"}]}]},{"term":"Token Secret","link":"https://csrc.nist.gov/glossary/term/token_secret","abbrSyn":[{"text":"Authenticator Secret","link":"https://csrc.nist.gov/glossary/term/authenticator_secret"}],"definitions":[{"text":"The secret value contained within an authenticator.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Authenticator Secret "}]},{"text":"See Authenticator Secret.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"The secret value, contained within a token, which is used to derive token authenticators.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Token Taxonomy Initiative","link":"https://csrc.nist.gov/glossary/term/token_taxonomy_initiative","abbrSyn":[{"text":"TTI","link":"https://csrc.nist.gov/glossary/term/tti"}],"definitions":null},{"term":"Tool Configuration","link":"https://csrc.nist.gov/glossary/term/tool_configuration","definitions":[{"text":"A recommendation for setting up and using tools that support the automated collection, exchange, processing, analysis, and use of threat information.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150"}]}]},{"term":"Toolchain Infrastructure","link":"https://csrc.nist.gov/glossary/term/toolchain_infrastructure","abbrSyn":[{"text":"TCI","link":"https://csrc.nist.gov/glossary/term/tci"}],"definitions":null},{"term":"Top-level Domain","link":"https://csrc.nist.gov/glossary/term/top_level_domain","abbrSyn":[{"text":"TLD","link":"https://csrc.nist.gov/glossary/term/tld"}],"definitions":null},{"term":"Top-of-Rack","link":"https://csrc.nist.gov/glossary/term/top_of_rack","abbrSyn":[{"text":"ToR","link":"https://csrc.nist.gov/glossary/term/tor"},{"text":"TOR"}],"definitions":null},{"term":"ToR","link":"https://csrc.nist.gov/glossary/term/tor","abbrSyn":[{"text":"Top-of-Rack","link":"https://csrc.nist.gov/glossary/term/top_of_rack"}],"definitions":null},{"term":"TOS","link":"https://csrc.nist.gov/glossary/term/tos","abbrSyn":[{"text":"Trusted Operating System"}],"definitions":null},{"term":"Total Cost of Ownership","link":"https://csrc.nist.gov/glossary/term/total_cost_of_ownership","abbrSyn":[{"text":"TCO","link":"https://csrc.nist.gov/glossary/term/tco"}],"definitions":null},{"term":"Total Risk","link":"https://csrc.nist.gov/glossary/term/total_risk","definitions":[{"text":"the potential for the occurrence of an adverse event if no mitigating action istaken (i.e., the potential for any applicable threat to exploit a system vulnerability). (See Acceptable Risk, Residual Risk, and Minimum Level of Protection.)","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}],"seeAlso":[{"text":"Acceptable Risk","link":"acceptable_risk"},{"text":"Minimum Level of Protection","link":"minimum_level_of_protection"},{"text":"Residual Risk"}]},{"term":"TPC","link":"https://csrc.nist.gov/glossary/term/tpc","abbrSyn":[{"text":"Transmission Power Control","link":"https://csrc.nist.gov/glossary/term/transmission_power_control"},{"text":"Two-Person Control"}],"definitions":null},{"term":"TPDU","link":"https://csrc.nist.gov/glossary/term/tpdu","abbrSyn":[{"text":"Transport Protocol Data Unit","link":"https://csrc.nist.gov/glossary/term/transport_protocol_data_unit"}],"definitions":null},{"term":"TPer","link":"https://csrc.nist.gov/glossary/term/tper","abbrSyn":[{"text":"Trusted Peripheral","link":"https://csrc.nist.gov/glossary/term/trusted_peripheral"}],"definitions":null},{"term":"TPI","link":"https://csrc.nist.gov/glossary/term/tpi","abbrSyn":[{"text":"Two-Person Integrity"}],"definitions":null},{"term":"TPK","link":"https://csrc.nist.gov/glossary/term/tpk","abbrSyn":[{"text":"Temporal Pairwise Key","link":"https://csrc.nist.gov/glossary/term/temporal_pairwise_key"}],"definitions":null},{"term":"TPM","link":"https://csrc.nist.gov/glossary/term/tpm","abbrSyn":[{"text":"Trusted Platform Module"}],"definitions":null},{"term":"TPO","link":"https://csrc.nist.gov/glossary/term/tpo","abbrSyn":[{"text":"Technology Partnerships Office","link":"https://csrc.nist.gov/glossary/term/technology_partnerships_office"}],"definitions":null},{"term":"TPP","link":"https://csrc.nist.gov/glossary/term/tpp","abbrSyn":[{"text":"Trust Protection Platform","link":"https://csrc.nist.gov/glossary/term/trust_protection_platform"}],"definitions":[{"text":"The Venafi Machine Identity Protection platform used in the example implementation described in this practice guide.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Trust Protection Platform "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Trust Protection Platform "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Trust Protection Platform "}]}]},{"term":"TR","link":"https://csrc.nist.gov/glossary/term/tr","abbrSyn":[{"text":"Technical Report","link":"https://csrc.nist.gov/glossary/term/technical_report"}],"definitions":null},{"term":"traceability","link":"https://csrc.nist.gov/glossary/term/traceability","definitions":[{"text":"Discernible association among two or more logical entities, such as requirements, system elements, verifications, or tasks.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC TR 29110-1:2016","link":"https://www.iso.org/standard/62711.html"}]}]}]},{"term":"traceability matrix","link":"https://csrc.nist.gov/glossary/term/traceability_matrix","definitions":[{"text":"A matrix that records the relationship between two or more products of the development process (e.g., a matrix that records the relationship between the requirements and the design of a given software component).","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24765:2017","link":"https://www.iso.org/standard/71952.html"}]}]},{"text":"A matrix that records the relationship between two or more products of the development process (e.g., a matrix that records the relationship between the requirements and the design of a given software component). \nNote 1: A traceability matrix can record the relationship between a set of requirements and one or more products of the development process and can be used to demonstrate completeness and coverage of an activity or analysis based upon the requirements contained in the matrix. \nNote 2: A traceability matrix may be conveyed as a set of matrices representing requirements at different levels of decomposition. Such a traceability matrix enables the tracing of requirements stated in their most abstract form (e.g., statement of stakeholder requirements) through decomposition steps that result in the implementation that satisfies the requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]},{"text":"A matrix that records the relationship between two or more products of the development process (e.g., a matrix that records the relationship between the requirements and the design of a given software component).\nNote 1: A traceability matrix can record the relationship between a set of requirements and one or more products of the development process and can be used to demonstrate completeness and coverage of an activity or analysis based upon the requirements contained in the matrix.\nNote 2: A traceability matrix may be conveyed as a set of matrices representing requirements at different levels of decomposition. Such a traceability matrix enables the tracing of requirements stated in their most abstract form (e.g., statement of stakeholder requirements) through decomposition steps that result in the implementation that satisfies the requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"IEEE 610.12"}]}]}]},{"term":"traceability, metrological","link":"https://csrc.nist.gov/glossary/term/traceability_metrological","definitions":[{"text":"Property of a measurement result whereby the result can be related to a reference through a documented, unbroken chain of calibrations, each contributing to the measurement uncertainty.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"VIM (3rd Edition)","link":"https://www.bipm.org/en/publications/guides/#vim"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"VIM (3rd Edition)","link":"https://www.bipm.org/en/publications/guides/#vim"}]}]}]},{"term":"Traceable","link":"https://csrc.nist.gov/glossary/term/traceable","definitions":[{"text":"Information that is sufficient to make a determination about a specific aspect of an individual's activities or status.","sources":[{"text":"NIST SP 800-122","link":"https://doi.org/10.6028/NIST.SP.800-122"}]}]},{"term":"tradecraft identity","link":"https://csrc.nist.gov/glossary/term/tradecraft_identity","definitions":[{"text":"An identity used for the purpose of work-related interactions that may or may not be synonymous with an individual’s true identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"trade-off","link":"https://csrc.nist.gov/glossary/term/trade_off","definitions":[{"text":"Decision-making actions that select from various requirements and alternative solutions on the basis of net benefit to the stakeholders.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC/IEEE 15288"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 15288:2015","link":"https://www.iso.org/standard/63711.html"}]}]}]},{"term":"trade-off analysis","link":"https://csrc.nist.gov/glossary/term/trade_off_analysis","definitions":[{"text":"Determining the effect of decreasing one or more key factors and simultaneously increasing one or more other key factors in a decision, design, or project.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]}]},{"term":"traditional key","link":"https://csrc.nist.gov/glossary/term/traditional_key","definitions":[{"text":"Term used to reference symmetric key wherein both ends of a link or all parties in a cryptonet have the same exact key. 256-bit advanced encryption standard (AES), high assurance internet protocol encryptor (HAIPE) pre-placed, and authenticated pre-placed key are examples of traditional key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4006","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"traffic encryption key (TEK)","link":"https://csrc.nist.gov/glossary/term/traffic_encryption_key","abbrSyn":[{"text":"TEK","link":"https://csrc.nist.gov/glossary/term/tek"}],"definitions":[{"text":"Key used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Traffic Filter","link":"https://csrc.nist.gov/glossary/term/traffic_filter","definitions":[{"text":"An entry in an access control list that is installed on the router or switch to enforce access controls on the network.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"},{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Traffic Flow Confidentiality (TFC) Padding","link":"https://csrc.nist.gov/glossary/term/traffic_flow_confidentiality_tfc_padding","definitions":[{"text":"Dummy data added to real data in order to obfuscate the length and frequency of information sent over IPsec.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"traffic flow security (TFS)","link":"https://csrc.nist.gov/glossary/term/traffic_flow_security","abbrSyn":[{"text":"TFS","link":"https://csrc.nist.gov/glossary/term/tfs"}],"definitions":[{"text":"Techniques to counter Traffic Analysis.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Traffic Light Protocol","link":"https://csrc.nist.gov/glossary/term/traffic_light_protocol","abbrSyn":[{"text":"TLP","link":"https://csrc.nist.gov/glossary/term/tlp"}],"definitions":null},{"term":"Traffic Management Shell","link":"https://csrc.nist.gov/glossary/term/traffic_management_shell","abbrSyn":[{"text":"TMSH","link":"https://csrc.nist.gov/glossary/term/tmsh"}],"definitions":null},{"term":"traffic padding","link":"https://csrc.nist.gov/glossary/term/traffic_padding","definitions":[{"text":"The generation of spurious instances of communication, spurious data units, and/or spurious data within data units. \nNote: May be used to disguise the amount of real data units being sent.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 7498-2"}]}]}]},{"term":"Traffic Selector for the Initiator","link":"https://csrc.nist.gov/glossary/term/traffic_selector_for_the_initiator","abbrSyn":[{"text":"TSi","link":"https://csrc.nist.gov/glossary/term/tsi"}],"definitions":null},{"term":"Traffic Selector for the Responder","link":"https://csrc.nist.gov/glossary/term/traffic_selector_for_the_responder","abbrSyn":[{"text":"TSr","link":"https://csrc.nist.gov/glossary/term/tsr"}],"definitions":null},{"term":"Training","link":"https://csrc.nist.gov/glossary/term/training","definitions":[{"text":"The ‘Training’ level of the learning continuum strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing).","sources":[{"text":"NIST SP 800-50","link":"https://doi.org/10.6028/NIST.SP.800-50","refSources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"text":"teaching people the knowledge and skills that will enable them to perform theirjobs more effectively.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]},{"text":"Informing personnel of their roles and responsibilities within a particular IT plan and teaching them skills related to those roles and responsibilities.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84"}]},{"text":"Teaching people the knowledge and relevant and needed cybersecurity skills and competencies that will enable them to understand how to use and configure the IoT devices to enable them to most securely use the IoT devices.","sources":[{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B"}]}]},{"term":"Training Assessment","link":"https://csrc.nist.gov/glossary/term/training_assessment","definitions":[{"text":"an evaluation of the training efforts.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Training Effectiveness","link":"https://csrc.nist.gov/glossary/term/training_effectiveness","definitions":[{"text":"a measurement of what a given student has learned from a specificcourse or training event, i.e., learning effectiveness; a pattern of student outcomes following a specific course or training event; i.e., teaching effectiveness; and the value of the specific class or training event, compared to other options in the context of an agency’s overall IT security training program; i.e., program effectiveness.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"Training Effectiveness Evaluation","link":"https://csrc.nist.gov/glossary/term/training_effectiveness_evaluation","definitions":[{"text":"information collected to assist employees and theirsupervisors in assessing individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on­ investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"training key","link":"https://csrc.nist.gov/glossary/term/training_key","definitions":[{"text":"Key intended for use for over-the-air or off-the-air training.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Training Matrix","link":"https://csrc.nist.gov/glossary/term/training_matrix","definitions":[{"text":"a table that relates role categories relative to IT systems—Manage,Acquire, Design and Implement, Operate, Review and Evaluate, and Use (with a seventh category, “other” included to provide extensibility) with three training content categories—Laws and Regulations, Security Program, and System Life Cycle Security.","sources":[{"text":"NIST SP 800-16","link":"https://doi.org/10.6028/NIST.SP.800-16"}]}]},{"term":"tranquility","link":"https://csrc.nist.gov/glossary/term/tranquility","definitions":[{"text":"Property whereby the security level of an object cannot change while the object is being processed by an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Transaction","link":"https://csrc.nist.gov/glossary/term/transaction","definitions":[{"text":"A discrete event between a user and a system that supports a business or programmatic purpose.\nA government digital system may have multiple categories or types of transactions, which may require separate analysis within the overall digital identity risk assessment.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A discrete event between a user and a system that supports a business or programmatic purpose. A government digital system may have multiple categories or types of transactions, which may require separate analysis within the overall digital identity risk assessment.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17"},{"text":"NIST SP 1800-17c","link":"https://doi.org/10.6028/NIST.SP.1800-17"},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A recording of an event, such as the transfer of assets (digital currency, units of inventory, etc.) between parties, or the creation of new assets.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"A recording of an event, such as the transfer of tokens between parties, or the creation of new assets.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","note":" - Adapted"}]}]}]},{"term":"Transaction fee","link":"https://csrc.nist.gov/glossary/term/transaction_fee","definitions":[{"text":"An amount of cryptocurrency charged to process a blockchain transaction. Given to publishing nodes to include the transaction within a block.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"},{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Transaction Fee ","refSources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202","note":" - Adapted"}]}]}]},{"term":"Transaction Signature","link":"https://csrc.nist.gov/glossary/term/transaction_signature","abbrSyn":[{"text":"TSIG","link":"https://csrc.nist.gov/glossary/term/tsig"}],"definitions":null},{"term":"transdisciplinary","link":"https://csrc.nist.gov/glossary/term/transdisciplinary","definitions":[{"text":"Creating a unity of intellectual frameworks beyond the disciplinary perspectives.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Stember91","link":"https://doi.org/10.1016/0362-3319(91)90040-B"}]}]}]},{"term":"Transducer","link":"https://csrc.nist.gov/glossary/term/transducer","definitions":[{"text":"A portion of an IoT device capable of interacting directly with a physical entity of interest. The two types of transducers are sensors and actuators.","sources":[{"text":"NISTIR 8259","link":"https://doi.org/10.6028/NIST.IR.8259","refSources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]}]},{"term":"Transducer Capabilities","link":"https://csrc.nist.gov/glossary/term/transducer_capabilities","definitions":[{"text":"Capabilities that provide the ability for computing devices to interact directly with physical entities of interest. The two types of transducer capabilities are sensing and actuating.","sources":[{"text":"NISTIR 8228","link":"https://doi.org/10.6028/NIST.IR.8228"}]}]},{"term":"TRANSEC","link":"https://csrc.nist.gov/glossary/term/transec","abbrSyn":[{"text":"Transmission Security"}],"definitions":null},{"term":"Trans-European Research and Education Networking Association","link":"https://csrc.nist.gov/glossary/term/trans_european_research_and_education_networking_association","abbrSyn":[{"text":"TERENA","link":"https://csrc.nist.gov/glossary/term/terena"}],"definitions":null},{"term":"transfer cross domain solution","link":"https://csrc.nist.gov/glossary/term/transfer_cross_domain_solution","definitions":[{"text":"A type of cross domain solution (CDS) that facilitates the movement of data between information systems operating in different security domains.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 8540.01","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"},{"text":"CNSSI 1253F Attachment 3","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}],"seeAlso":[{"text":"guard (system)","link":"guard"}]},{"term":"transfer key encryption key (TrKEK)","link":"https://csrc.nist.gov/glossary/term/transfer_key_encryption_key","abbrSyn":[{"text":"TrKEK","link":"https://csrc.nist.gov/glossary/term/trkek"}],"definitions":[{"text":"A key used to move key from a Key Processor to a data transfer device (DTD)/secure DTD2000 system (SDS)/simple key loader (SKL).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"transfer of accountability","link":"https://csrc.nist.gov/glossary/term/transfer_of_accountability","definitions":[{"text":"The process of transferring accountability for COMSEC material from the COMSEC account of the shipping organization to the COMSEC account of the receiving organization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - NSA/CSS Manual Number 3-16 (COMSEC) "}]}]}]},{"term":"Transforming Application","link":"https://csrc.nist.gov/glossary/term/transforming_application","definitions":[{"text":"An application that transforms a CBEFF Basic Data Structure from one Patron Format into another Patron Format. This can include processing of the content of the BDB, but need not. CBEFF defines rules for migrat­ ing the values in Standard Biometric Header fields.","sources":[{"text":"NISTIR 6529-A","link":"https://doi.org/10.6028/NIST.IR.6529-a"}]}]},{"term":"Transition Security Network","link":"https://csrc.nist.gov/glossary/term/transition_security_network","abbrSyn":[{"text":"TSN","link":"https://csrc.nist.gov/glossary/term/tsn"}],"definitions":null},{"term":"transmission","link":"https://csrc.nist.gov/glossary/term/transmission","definitions":[{"text":"The state that exists when information is being electronically sent from one location to one or more other locations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Transmission Control Protocol/Internet Protocol","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_internet_protocol","abbrSyn":[{"text":"TCP/IP","link":"https://csrc.nist.gov/glossary/term/tcp_ip"}],"definitions":null},{"term":"Transmission Control Protocol/User Datagram Protocol","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_user_datagram_protocol","abbrSyn":[{"text":"TCP/UDP","link":"https://csrc.nist.gov/glossary/term/tcp_udp"}],"definitions":null},{"term":"Transmission Control Protocol-Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/transmission_control_protocol_transport_layer_security","abbrSyn":[{"text":"TCP-TLS","link":"https://csrc.nist.gov/glossary/term/tcp_tls"}],"definitions":null},{"term":"transmission security","link":"https://csrc.nist.gov/glossary/term/transmission_security","abbrSyn":[{"text":"TRANSEC","link":"https://csrc.nist.gov/glossary/term/transec"}],"definitions":[{"text":"Measures (security controls) applied to transmissions in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals. \nNote: TRANSEC is that field of COMSEC which deals with the security of communication transmissions, rather than that of the information being communicated.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]}]},{"term":"Transmitter Address","link":"https://csrc.nist.gov/glossary/term/transmitter_address","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":null},{"term":"transparency","link":"https://csrc.nist.gov/glossary/term/transparency","abbrSyn":[{"text":"Visibility","link":"https://csrc.nist.gov/glossary/term/visibility"}],"definitions":[{"text":"Amount of information that can be gathered about a supplier, product, or service and how far through the supply chain this information can be obtained.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Visibility ","refSources":[{"text":"ISO/IEC 27036-2:2014","note":" - adapted"}]}]},{"text":"A property of openness and accountability throughout the supply chain. ","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Visibility ","refSources":[{"text":"ISO/IEC 27036-3 Draft","note":" - Adapted"}]}]}]},{"term":"Transparent Inter-Process Communication","link":"https://csrc.nist.gov/glossary/term/transparent_inter_process_communication","abbrSyn":[{"text":"TIPC","link":"https://csrc.nist.gov/glossary/term/tipc"}],"definitions":null},{"term":"Transparent Secure Memory Encryption","link":"https://csrc.nist.gov/glossary/term/transparent_secure_memory_encryption","abbrSyn":[{"text":"TSME","link":"https://csrc.nist.gov/glossary/term/tsme"}],"definitions":null},{"term":"Transparent Supply Chain","link":"https://csrc.nist.gov/glossary/term/transparent_supply_chain","abbrSyn":[{"text":"TSC","link":"https://csrc.nist.gov/glossary/term/tsc"}],"definitions":null},{"term":"Transponder","link":"https://csrc.nist.gov/glossary/term/transponder","abbrSyn":[{"text":"Tag","link":"https://csrc.nist.gov/glossary/term/tag"}],"definitions":[{"text":"An electronic device that communicates with RFID readers. A tag can function as a beacon or it can be used to convey information such as an identifier.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Tag "}]},{"text":"See Tag","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98"}]}]},{"term":"Transport Control Protocol","link":"https://csrc.nist.gov/glossary/term/transport_control_protocol","abbrSyn":[{"text":"TCP","link":"https://csrc.nist.gov/glossary/term/tcp"}],"definitions":null},{"term":"Transport Layer","link":"https://csrc.nist.gov/glossary/term/transport_layer","definitions":[{"text":"Layer of the TCP/IP protocol stack that is responsible for reliable connection-oriented or connectionless end-to-end communications.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]}]},{"term":"Transport Layer Security (TLS)","link":"https://csrc.nist.gov/glossary/term/transport_layer_security","abbrSyn":[{"text":"Secure Sockets Layer (SSL)","link":"https://csrc.nist.gov/glossary/term/secure_sockets_layer"},{"text":"TLS","link":"https://csrc.nist.gov/glossary/term/tls"}],"definitions":[{"text":"Provides privacy and data integrity between two communicating applications. It is designed to encapsulate other protocols, such as HTTP. TLS v1.0 was released in 1999, providing slight modifications to SSL 3.0.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"IETF RFC 2246","link":"https://www.ietf.org/rfc/rfc2246.txt"}]}]},{"text":"A security protocol providing privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under transport layer security (TLS) protocol ","refSources":[{"text":"IETF RFC 5246","link":"https://tools.ietf.org/html/rfc5246","note":" - Adapted"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Provides privacy and reliability between two communicating applications. It is designed to encapsulate other protocols, such as HTTP. SSL v3.0 was released in 1996. It has been succeeded by IETF's TLS.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Secure Sockets Layer (SSL) ","refSources":[{"text":"SSL 3.0 specification","link":"https://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00"}]}]},{"text":"See Transport Layer Security (TLS).","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Secure Sockets Layer (SSL) "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246. TLS is similar to the older SSL protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations, specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An authentication and security protocol that is widely implemented in browsers and web servers. TLS is defined by RFC 5246 and RFC 8446. TLS is similar to the older Secure Sockets Layer (SSL) protocol, and TLS 1.0 is effectively SSL version 3.1. [NIST SP 800-52] specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Transport Layer Security (TLS) protocol "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246. TLS is similar to the older SSL protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations [NIST SP 800-52], specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246 and RFC 8446.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]},{"text":"An authentication and encryption protocol widely implemented in browsers and Web servers. HTTP traffic transmitted using TLS is known as HTTPS.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Transport Layer Security "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. SSL has been superseded by the newer Transport Layer Security (TLS) protocol; TLS 1.0 is effectively SSL version 3.1.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Secure Sockets Layer (SSL) "}]},{"text":"An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by [RFC 2246], [RFC 3546], and [RFC 5246]. TLS is similar to the older Secure Sockets Layer (SSL) protocol, and TLS 1.0 is effectively SSL version 3.1. NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations specifies how TLS is to be used in government applications.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"Transport Layer Security/Secure Sockets Layer","link":"https://csrc.nist.gov/glossary/term/transport_layer_security_secure_sockets_layer","abbrSyn":[{"text":"TLS/SSL","link":"https://csrc.nist.gov/glossary/term/tls_ssl"}],"definitions":null},{"term":"Transport Mode","link":"https://csrc.nist.gov/glossary/term/transport_mode","definitions":[{"text":"IPsec mode that does not create a new IP header for each protected packet.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"An IPsec mode that does not create an additional IP header for each protected packet.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Transport Protocol Data Unit","link":"https://csrc.nist.gov/glossary/term/transport_protocol_data_unit","abbrSyn":[{"text":"TPDU","link":"https://csrc.nist.gov/glossary/term/tpdu"}],"definitions":null},{"term":"Transportation Security Administration","link":"https://csrc.nist.gov/glossary/term/transportation_security_administration","abbrSyn":[{"text":"TSA","link":"https://csrc.nist.gov/glossary/term/tsa"}],"definitions":null},{"term":"trap door","link":"https://csrc.nist.gov/glossary/term/trap_door","definitions":[{"text":"1. A means of reading cryptographically protected information by the use of private knowledge of weaknesses in the cryptographic algorithm used to protect the data. See backdoor.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. In cryptography, one-to-one function that is easy to compute in one direction, yet believed to be difficult to invert without special information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"backdoor","link":"backdoor"}]},{"term":"TRB","link":"https://csrc.nist.gov/glossary/term/trb","abbrSyn":[{"text":"Technical Review Board","link":"https://csrc.nist.gov/glossary/term/technical_review_board"}],"definitions":null},{"term":"trigger","link":"https://csrc.nist.gov/glossary/term/trigger","definitions":[{"text":"1) A set of logic statements to be applied to a data stream that produces an alert when an anomalous incident or behavior occurs","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]},{"text":"2) An event that causes the system to initiate a response. \nNote: Also known as triggering event.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"ISO/IEC 27031"}]}]}]},{"term":"Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_algorithm","abbrSyn":[{"text":"TDEA","link":"https://csrc.nist.gov/glossary/term/tdea"}],"definitions":[{"text":"An approved cryptographic algorithm that specifies both the DEA cryptographic engine employed by TDEA and the TDEA algorithm itself.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-67 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-67r1"}]}]},{"text":"The algorithm specified in FIPS PUB 46-3 –1999, Data Encryption Algorithm.","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20"}]},{"text":"Triple Data Encryption Algorithm specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under TDEA "}]},{"text":"Triple Data Encryption Algorithm; Triple DEA specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under TDEA "}]}],"seeAlso":[{"text":"3DES","link":"3des"},{"text":"TDEA","link":"tdea"}]},{"term":"Triple Data Encryption Algorithm Wrapping","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_algorithm_wrapping","abbrSyn":[{"text":"TKW","link":"https://csrc.nist.gov/glossary/term/tkw"}],"definitions":null},{"term":"Triple Data Encryption Standard","link":"https://csrc.nist.gov/glossary/term/triple_data_encryption_standard","abbrSyn":[{"text":"3DES","link":"https://csrc.nist.gov/glossary/term/3des"},{"text":"TDES","link":"https://csrc.nist.gov/glossary/term/tdes"}],"definitions":[{"text":"An implementation of the data encryption standard (DES) algorithm that uses three passes of the DES algorithm instead of one as used in ordinary DES applications. Triple DES provides much stronger encryption than ordinary DES but it is less secure than advanced encryption standard (AES). \nRationale: The terminology has been changed by NIST.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under triple DES (3DES) "}]},{"text":"Triple Data Encryption Standard specified in FIPS 46-3","sources":[{"text":"NIST SP 800-20","link":"https://doi.org/10.6028/NIST.SP.800-20","underTerm":" under TDES "}]}]},{"term":"Tripwire Enterprise","link":"https://csrc.nist.gov/glossary/term/tripwire_enterprise","abbrSyn":[{"text":"TE","link":"https://csrc.nist.gov/glossary/term/te"}],"definitions":null},{"term":"Tripwire Log Center","link":"https://csrc.nist.gov/glossary/term/tripwire_log_center","abbrSyn":[{"text":"TLC","link":"https://csrc.nist.gov/glossary/term/tlc"}],"definitions":null},{"term":"Trivial File Transfer Protocol","link":"https://csrc.nist.gov/glossary/term/trivial_file_transfer_protocol","abbrSyn":[{"text":"TFTP","link":"https://csrc.nist.gov/glossary/term/tftp"}],"definitions":null},{"term":"TrKEK","link":"https://csrc.nist.gov/glossary/term/trkek","abbrSyn":[{"text":"Transfer Key Encryption Key"}],"definitions":null},{"term":"TRM","link":"https://csrc.nist.gov/glossary/term/trm","abbrSyn":[{"text":"Technical Reference Model"}],"definitions":null},{"term":"TRNG","link":"https://csrc.nist.gov/glossary/term/trng","abbrSyn":[{"text":"True Random Number Generator","link":"https://csrc.nist.gov/glossary/term/true_random_number_generator"}],"definitions":null},{"term":"True Random Number Generator","link":"https://csrc.nist.gov/glossary/term/true_random_number_generator","abbrSyn":[{"text":"TRNG","link":"https://csrc.nist.gov/glossary/term/trng"}],"definitions":null},{"term":"trust","link":"https://csrc.nist.gov/glossary/term/trust","abbrSyn":[{"text":"Capability, Trust Management","link":"https://csrc.nist.gov/glossary/term/capability_trust_management"}],"definitions":[{"text":"A belief that an entity meets certain expectations and therefore, can be relied upon.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"MTR210263","link":"https://figshare.com/articles/preprint/Design_Principles_for_Cyber_Physical_Systems_pdf/15175605"}]}]},{"text":"The willingness to take actions expecting beneficial outcomes, based on assertions by other parties.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Trust ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"The confidence one element has in another, that the second element will behave as expected.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]},{"text":"NISTIR 8320B","link":"https://doi.org/10.6028/NIST.IR.8320B","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]}]},{"text":"A characteristic of an entity that indicates its ability to perform certain functions or services correctly, fairly and impartially, along with assurance that the entity and its identifier are genuine.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Trust "}]},{"text":"An ISCM capability that ensures that untrustworthy persons are prevented from being trusted with network access (to prevent insider attacks).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Trust Management "}]},{"text":"See Capability, Trust Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Trust "}]},{"text":"The confidence one element has in another that the second element will behave as expected.","sources":[{"text":"NISTIR 8320A","link":"https://doi.org/10.6028/NIST.IR.8320A","underTerm":" under Trust ","refSources":[{"text":"Software Assurance in Acquisition: Mitigating Risks to the Enterprise","link":"https://apps.dtic.mil/dtic/tr/fulltext/u2/a495389.pdf"}]}]}]},{"term":"Trust Agent","link":"https://csrc.nist.gov/glossary/term/trust_agent","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":null},{"term":"trust anchor","link":"https://csrc.nist.gov/glossary/term/trust_anchor","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":[{"text":"A CA with one or more trusted certificates containing public keys that exist at the base of a tree of trust or as the strongest link in a chain of trust and upon which a Public Key Infrastructure is constructed. \n“Trust anchor” also refers to the certificate of this CA.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Trust anchor "}]},{"text":"1. An authoritative entity for which trust is assumed. In a PKI, a trust anchor is a certification authority, which is represented by a certificate that is used to verify the signature on a certificate issued by that trust-anchor. The security of the validation process depends upon the authenticity and integrity of the trust anchor's certificate. Trust anchor certificates are often distributed as self-signed certificates.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Trust anchor "}]},{"text":"2. The self-signed public key certificate of a trusted CA.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Trust anchor "}]},{"text":"A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate). A trust anchor may have name or policy constraints limiting its scope.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Trust Anchor "}]},{"text":"A configured DNSKEY RR or DS RR hash of a DNSKEY RR. A validating DNSSEC-aware resolver uses this public key or hash as a starting point for building the authentication chain to a signed DNS response. In general, a validating resolver will need to obtain the initial values of its trust anchors via some secure or trusted means outside the DNS protocol. The presence of a trust anchor also implies that the resolver should expect the zone to which the trust anchor points to be signed. This is sometimes referred to as a “secure entry point.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2","underTerm":" under Trust Anchor "}]},{"text":"An authoritative entity represented by a public key and associated data (see RFC 5914).","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Trust anchor "}]},{"text":"An established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A \"trust anchor\" is sometimes defined as just a public key used for different purposes (e.g., validating a certification authority (CA), validating a signed software package or key, validating the process (or person) loading the signed software or key).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"1. An authoritative entity for which trust is assumed. In a PKI, a trust anchor is a certification authority, which is represented by a certificate that is used to verify the signature on a certificate issued by that trust-anchor. The security of the validation process depends upon the authenticity and integrity of the trust anchor’s certificate. Trust anchor certificates are often distributed as self-signed certificates. 2. The self-signed public key certificate of a trusted CA.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Trust anchor "}]},{"text":"The key for a certificate authority who issues certificates or authorizes others to do so on its behalf","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Trust anchor "}]},{"text":"A public key and the name of a certification authority that is used to validate the first certificate in a sequence of certificates. The trust anchor’s public key is used to verify the signature on a certificate issued by a trust-anchor certification authority. The security of the validation process depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self-signed certificates.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Trust anchor "}]},{"text":"A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate).","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Trust Anchor "}]}],"seeAlso":[{"text":"Authentication Key","link":"authentication_key"}]},{"term":"Trust Anchor Locator","link":"https://csrc.nist.gov/glossary/term/trust_anchor_locator","abbrSyn":[{"text":"TAL","link":"https://csrc.nist.gov/glossary/term/tal"}],"definitions":null},{"term":"Trust Domain","link":"https://csrc.nist.gov/glossary/term/trust_domain","abbrSyn":[{"text":"TD","link":"https://csrc.nist.gov/glossary/term/td"}],"definitions":null},{"term":"Trust Framework","link":"https://csrc.nist.gov/glossary/term/trust_framework","definitions":[{"text":"The “rules” underpinning federated identity management, typically consisting of: system, legal, conformance, and recognition.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"Trust Framework Operators","link":"https://csrc.nist.gov/glossary/term/trust_framework_operators","abbrSyn":[{"text":"Federation Administrators","link":"https://csrc.nist.gov/glossary/term/federation_administrators"}],"definitions":[{"text":"The entity responsible for the governance and administration of an identity federation.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Federation Administrators "}]},{"text":"See Federation Administrators.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"Trust Framework Providers","link":"https://csrc.nist.gov/glossary/term/trust_framework_providers","abbrSyn":[{"text":"Federation Administrators","link":"https://csrc.nist.gov/glossary/term/federation_administrators"}],"definitions":[{"text":"The entity responsible for the governance and administration of an identity federation.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under Federation Administrators "}]},{"text":"See Federation Administrators.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149"}]}]},{"term":"trust list","link":"https://csrc.nist.gov/glossary/term/trust_list","definitions":[{"text":"Collection of trusted certificates used by Relying Parties to authenticate other certificates.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trust List "}]}]},{"term":"Trust Management","link":"https://csrc.nist.gov/glossary/term/trust_management","abbrSyn":[{"text":"Capability, Trust Management","link":"https://csrc.nist.gov/glossary/term/capability_trust_management"}],"definitions":[{"text":"An ISCM capability that ensures that untrustworthy persons are prevented from being trusted with network access (to prevent insider attacks).","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Trust Management "}]},{"text":"See Capability, Trust Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Trust Model for Security Automation Data","link":"https://csrc.nist.gov/glossary/term/trust_model_for_security_automation_data","abbrSyn":[{"text":"TMSAD","link":"https://csrc.nist.gov/glossary/term/tmsad"}],"definitions":null},{"term":"Trust Protection Platform","link":"https://csrc.nist.gov/glossary/term/trust_protection_platform","abbrSyn":[{"text":"TPP","link":"https://csrc.nist.gov/glossary/term/tpp"}],"definitions":[{"text":"The Venafi Machine Identity Protection platform used in the example implementation described in this practice guide.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"trust relationship","link":"https://csrc.nist.gov/glossary/term/trust_relationship","definitions":[{"text":"An agreed upon relationship between two or more system elements that is governed by criteria for secure interaction, behavior, and outcomes relative to the protection of assets.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1"}]},{"text":"Policies that govern how entities in differing domains honor each other’s authorizations. An authority may be completely trusted—for example, any statement from the authority will be accepted as a basis for action—or there may be limited trust, in which case only statements in a specific range are accepted.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","underTerm":" under Trust Relationships ","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]},{"text":"The access relationship that is granted by an authorized key in an account on one system (server) and a corresponding identity key in an account on another system (client). Once deployed, these two keys establish a persistent trust relationship between the two accounts/systems that enables ongoing access.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966","underTerm":" under Trust Relationship "}]},{"text":"An agreed upon relationship between two or more system elements that is governed by criteria for secure interaction, behavior, and outcomes relative to the protection of assets. \nNote: This refers to trust relationships between system elements implemented by hardware, firmware, and software.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"An agreed upon relationship between two or more system elements that is governed by criteria for secure interaction, behavior, and outcomes relative to the protection of assets.\nNote: This refers to trust relationships between system elements implemented by hardware, firmware, and software.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"term":"Trusted","link":"https://csrc.nist.gov/glossary/term/trusted","definitions":[{"text":"An element that another element relies upon to fulfill critical requirements on its behalf.","sources":[{"text":"NISTIR 8320A","link":"https://doi.org/10.6028/NIST.IR.8320A"},{"text":"NISTIR 8320B","link":"https://doi.org/10.6028/NIST.IR.8320B"}]}]},{"term":"trusted agent (TA)","link":"https://csrc.nist.gov/glossary/term/trusted_agent","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":[{"text":"1. An individual explicitly aligned with one or more registration authority (RA) officers who has been delegated the authority to perform a portion of the RA functions. A trusted agent (TA) does not have privileged access to certification authority system (CAS) components to authorize certificate issuance, certificate revocation, or key recovery.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"2. Entity authorized to act as a representative of an Agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"Entity authorized to act as a representative of an Agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trusted Agent "}]}]},{"term":"Trusted Application","link":"https://csrc.nist.gov/glossary/term/trusted_application","abbrSyn":[{"text":"TA","link":"https://csrc.nist.gov/glossary/term/ta"}],"definitions":null},{"term":"Trusted association","link":"https://csrc.nist.gov/glossary/term/trusted_association","definitions":[{"text":"Assurance of the integrity of an asserted relationship between items of information that may be provided by cryptographic or non-cryptographic (e.g., physical) means. Also see Binding.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]"},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}],"seeAlso":[{"text":"Binding"}]},{"term":"Trusted Automated eXchange of Indicator Information","link":"https://csrc.nist.gov/glossary/term/trusted_automated_exchange_of_indicator_information","abbrSyn":[{"text":"TAXII","link":"https://csrc.nist.gov/glossary/term/taxii"}],"definitions":null},{"term":"Trusted boot","link":"https://csrc.nist.gov/glossary/term/trusted_boot","definitions":[{"text":"A system boot where aspects of the hardware and firmware are measured and compared against known good values to verify their integrity and thus their trustworthiness.","sources":[{"text":"NISTIR 8320A","link":"https://doi.org/10.6028/NIST.IR.8320A"},{"text":"NISTIR 8320B","link":"https://doi.org/10.6028/NIST.IR.8320B"}]}]},{"term":"trusted certificate","link":"https://csrc.nist.gov/glossary/term/trusted_certificate","definitions":[{"text":"A certificate that is trusted by the relying party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a “trust anchor.”","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a \"trust anchor\".","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trusted Certificate "}]},{"text":"A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a “trust anchor”.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Trusted Certificate ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]}]},{"term":"trusted channel","link":"https://csrc.nist.gov/glossary/term/trusted_channel","definitions":[{"text":"A protected communication link established between the cryptographic module and a sender or receiver (including another cryptographic module) to securely communicate and verify the validity of plaintext CSPs, keys, authentication data, and other sensitive data. Also called a secure channel.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Trusted channel "}]},{"text":"A channel where the endpoints are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include transport layer security (TLS), IP security (IPSec), and secure physical connection.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Trusted compute pool","link":"https://csrc.nist.gov/glossary/term/trusted_compute_pool","abbrSyn":[{"text":"trusted pool","link":"https://csrc.nist.gov/glossary/term/trusted_pool"}],"definitions":[{"text":"A physical or logical grouping of computing hardware in a data center that is tagged with specific and varying security policies. Within a trusted compute pool, the access and execution of applications and workloads are monitored, controlled, audited, etc.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19"}]}]},{"term":"trusted computer system","link":"https://csrc.nist.gov/glossary/term/trusted_computer_system","definitions":[{"text":"A system that has the necessary security functions and assurance that the security policy will be enforced and that can process a range of information sensitivities (i.e. classified, controlled unclassified information (CUI), or unclassified public information) simultaneously.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Trusted Computer System Evaluation Criteria","link":"https://csrc.nist.gov/glossary/term/trusted_computer_system_evaluation_criteria","abbrSyn":[{"text":"TCSEC","link":"https://csrc.nist.gov/glossary/term/tcsec"}],"definitions":null},{"term":"trusted computing base (TCB)","link":"https://csrc.nist.gov/glossary/term/trusted_computing_base","abbrSyn":[{"text":"TCB","link":"https://csrc.nist.gov/glossary/term/tcb"}],"definitions":[{"text":"Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Trusted Computing Base ","refSources":[{"text":"CNSSI 4009"}]}]}]},{"term":"Trusted Computing Group","link":"https://csrc.nist.gov/glossary/term/trusted_computing_group","abbrSyn":[{"text":"TCG","link":"https://csrc.nist.gov/glossary/term/tcg"}],"definitions":null},{"term":"trusted data recipient","link":"https://csrc.nist.gov/glossary/term/trusted_data_recipient","definitions":[{"text":"an entity that has limited access to the data that it receives as a result of being bound by some administrative control such as a law, regulation, or data use agreement","sources":[{"text":"NISTIR 8053","link":"https://doi.org/10.6028/NIST.IR.8053"}]}]},{"term":"Trusted Enterprise Infrastructure","link":"https://csrc.nist.gov/glossary/term/trusted_enterprise_infrastructure","abbrSyn":[{"text":"TEI","link":"https://csrc.nist.gov/glossary/term/tei"}],"definitions":null},{"term":"Trusted Execution Environment","link":"https://csrc.nist.gov/glossary/term/trusted_execution_environment","abbrSyn":[{"text":"TEE","link":"https://csrc.nist.gov/glossary/term/tee"}],"definitions":[{"text":"An area or enclave protected by a system processor.","sources":[{"text":"NISTIR 8320","link":"https://doi.org/10.6028/NIST.IR.8320"}]}]},{"term":"Trusted Execution Technology","link":"https://csrc.nist.gov/glossary/term/trusted_execution_technology","abbrSyn":[{"text":"TXT","link":"https://csrc.nist.gov/glossary/term/txt"}],"definitions":null},{"term":"Trusted Firmware-A","link":"https://csrc.nist.gov/glossary/term/trusted_firmware_a","abbrSyn":[{"text":"TF-A","link":"https://csrc.nist.gov/glossary/term/tf_a"}],"definitions":null},{"term":"trusted foundry","link":"https://csrc.nist.gov/glossary/term/trusted_foundry","definitions":[{"text":"Facility that produces integrated circuits with a higher level of integrity assurance.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Trusted Identities Group","link":"https://csrc.nist.gov/glossary/term/trusted_identities_group","abbrSyn":[{"text":"TIG","link":"https://csrc.nist.gov/glossary/term/tig"}],"definitions":null},{"term":"Trusted Internet Connection","link":"https://csrc.nist.gov/glossary/term/trusted_internet_connection","abbrSyn":[{"text":"TIC","link":"https://csrc.nist.gov/glossary/term/tic"}],"definitions":null},{"term":"Trusted Network Connect","link":"https://csrc.nist.gov/glossary/term/trusted_network_connect","abbrSyn":[{"text":"TNC","link":"https://csrc.nist.gov/glossary/term/tnc"}],"definitions":null},{"term":"trusted operating system","link":"https://csrc.nist.gov/glossary/term/trusted_operating_system","abbrSyn":[{"text":"TOS","link":"https://csrc.nist.gov/glossary/term/tos"}],"definitions":[{"text":"An operating system in which there exists a level of confidence (based on rigorous analysis and testing) that the security principals and mechanisms (e.g., separation, isolation, least privilege, discretionary and non-discretionary access control, trusted path, authentication, and security policy enforcement) are correctly implemented and operate as intended even in the presence of adversarial activity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1253","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An operating system that manages data to make sure that it cannot be altered, moved, or viewed except by entities having appropriate and authorized access rights.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Trusted (secure) operating system "}]}]},{"term":"Trusted Party","link":"https://csrc.nist.gov/glossary/term/trusted_party","definitions":[{"text":"A party that is trusted by its clients to generate cryptographic keys.","sources":[{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]"},{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2"}]},{"text":"A trusted party is a party that is trusted by an entity to faithfully perform certain services for that entity. An entity could be a trusted party for itself.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Trusted party "}]},{"text":"A party that is trusted by an entity to faithfully perform certain services for that entity. An entity may choose to act as a trusted party for itself.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Trusted party "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Trusted party "}]}]},{"term":"trusted path","link":"https://csrc.nist.gov/glossary/term/trusted_path","definitions":[{"text":"A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Trusted Path "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Trusted Path "}]},{"text":"A mechanism by which a user (through an input device) can communicate directly with the security functions of the system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the system and cannot be imitated by untrusted software.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"}]}]},{"term":"Trusted Peripheral","link":"https://csrc.nist.gov/glossary/term/trusted_peripheral","abbrSyn":[{"text":"TPer","link":"https://csrc.nist.gov/glossary/term/tper"}],"definitions":null},{"term":"Trusted Platform Module (TPM)","link":"https://csrc.nist.gov/glossary/term/trusted_platform_module","abbrSyn":[{"text":"TPM","link":"https://csrc.nist.gov/glossary/term/tpm"}],"definitions":[{"text":"A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"trusted pool","link":"https://csrc.nist.gov/glossary/term/trusted_pool","abbrSyn":[{"text":"Trusted compute pool","link":"https://csrc.nist.gov/glossary/term/trusted_compute_pool"}],"definitions":[{"text":"A physical or logical grouping of computing hardware in a data center that is tagged with specific and varying security policies. Within a trusted compute pool, the access and execution of applications and workloads are monitored, controlled, audited, etc.","sources":[{"text":"NIST SP 1800-19B","link":"https://doi.org/10.6028/NIST.SP.1800-19","underTerm":" under Trusted compute pool "}]}]},{"term":"trusted process","link":"https://csrc.nist.gov/glossary/term/trusted_process","definitions":[{"text":"Process that has been tested and verified to operate only as intended.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"trusted recovery","link":"https://csrc.nist.gov/glossary/term/trusted_recovery","definitions":[{"text":"Ability to ensure recovery without compromise after a system failure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Trusted Service Identity","link":"https://csrc.nist.gov/glossary/term/trusted_service_identity","abbrSyn":[{"text":"TSI","link":"https://csrc.nist.gov/glossary/term/t_s_i"}],"definitions":null},{"term":"Trusted Third Party","link":"https://csrc.nist.gov/glossary/term/trusted_third_party","abbrSyn":[{"text":"TTP","link":"https://csrc.nist.gov/glossary/term/ttp"}],"definitions":[{"text":"An entity other than the owner and verifier that is trusted by the owner, the verifier or both to provide certain services.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]},{"text":"An entity other than the key pair owner and verifier that is trusted by the owner or the verifier or both. Sometimes shortened to “trusted party.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5"}]},{"text":"A third party, such as a CA, that is trusted by its clients to perform certain services. (By contrast, in a key establishment transaction, the participants, parties U and V, are considered to be the first and second parties.)","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Trusted third party "}]},{"text":"A third party, such as a CA, that is trusted by its clients to perform certain services. (By contrast, the two participants in a key-establishment transaction are considered to be the first and second parties.)","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Trusted third party "}]},{"text":"A third party, such as a CA, that is trusted by its clients to perform certain services. (By contrast, for example, the sender and receiver in a scheme are considered to be the first and second parties in a key-establishment transaction).","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Trusted third party "}]}]},{"term":"trusted timestamp","link":"https://csrc.nist.gov/glossary/term/trusted_timestamp","definitions":[{"text":"A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]},{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trusted Timestamp "}]},{"text":"A timestamp that has been signed by a TTA.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Trusted timestamp "}]},{"text":"A timestamp that has been signed by a Trusted Timestamp Authority.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Trusted timestamp "}]}]},{"term":"Trusted Timestamp Authority (TTA)","link":"https://csrc.nist.gov/glossary/term/trusted_timestamp_authority","abbrSyn":[{"text":"TTA","link":"https://csrc.nist.gov/glossary/term/tta"}],"definitions":[{"text":"An entity that is trusted to provide accurate time information.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Trusted Timestamp Authority "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89"}]}]},{"term":"trustworthiness","link":"https://csrc.nist.gov/glossary/term/trustworthiness","definitions":[{"text":"The interdependent combination of attributes of a person, system, or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. The degree to which a system (including the technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, enterprise, or other entity.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"Neumann04"}]}]},{"text":"The degree to which the behavior of a component is demonstrably compliant with its stated requirements.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","underTerm":" under trustworthy "}]},{"text":"The attribute of a person or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Trustworthiness ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Trustworthiness ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Computer hardware, software and procedures that— \n1) are reasonably secure from intrusion and misuse; \n2) provide a reasonable level of availability, reliability, and correct operation; \n3) are reasonably suited to performing their intended functions; and \n4) adhere to generally accepted security procedures.","sources":[{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Trustworthy System ","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"The degree to which an information system (including the information technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats. A trustworthy information system is a system that is believed to be capable of operating within defined levels of risk despite the environmental disruptions, human errors, structural failures, and purposeful attacks that are expected to occur in its environment of operation.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Trustworthiness (Information System) "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Trustworthiness(Information System) "}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, business function, enterprise, or other entity.","sources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" [Superseded]","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]},{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Computer hardware, software and procedures that: (1) are reasonably secure from intrusion and misuse; (2) provide a reasonable level of availability, reliability, and correct operation; (3) are reasonably suited to performing their intended functions; and (4) adhere to generally accepted security procedures.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Trustworthy System "}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, enterprise, or other entity.  Note: From a privacy perspective, a trustworthy system is a system that meets specific privacy requirements in addition to meeting other critical requirements.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Trustworthiness ","refSources":[{"text":"Neumann04","note":" - adapted"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, enterprise, or other entity.\nNote From a privacy perspective, a trustworthy system is a system that meets specific privacy requirements in addition to meeting other critical requirements.","sources":[{"text":"NISTIR 8062","link":"https://doi.org/10.6028/NIST.IR.8062","underTerm":" under Trustworthiness ","refSources":[{"text":"Neumann04","note":" - Derived"},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1"}]}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed.","sources":[{"text":"NISTIR 8320A","link":"https://doi.org/10.6028/NIST.IR.8320A","underTerm":" under Trustworthy ","refSources":[{"text":"NIST SP 800-160 Vol. 2","link":"https://doi.org/10.6028/NIST.SP.800-160v2","note":" - Adapted from \"trustworthiness\""}]},{"text":"NISTIR 8320B","link":"https://doi.org/10.6028/NIST.IR.8320B","underTerm":" under Trustworthy ","refSources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","note":" - adapted"}]}]},{"text":"Security decision with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Trustworthiness "}]},{"text":"The degree to which the security behavior of a component is demonstrably compliant with its stated functionality.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under trustworthy "}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, enterprise, or other entity. \nNote: From a security perspective, a trustworthy system is a system that meets specific security requirements in addition to meeting other critical requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"Neumann04"}]}]},{"text":"Worthy of being trusted to fulfill whatever critical requirements may be needed for a particular component, subsystem, system, network, application, mission, enterprise, or other entity.\nNote: From a security perspective, a trustworthy system is a system that meets specific security requirements in addition to meeting other critical requirements.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"Neumann04"}]}]}]},{"term":"trustworthiness (system)","link":"https://csrc.nist.gov/glossary/term/trustworthiness_system","definitions":[{"text":"The degree to which an information system (including the information technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats and individuals’ privacy.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2"}]},{"text":"The degree to which an information system (including the information technology components that are used to build the system) can be expected to preserve the confidentiality, integrity, and availability of the information being processed, stored, or transmitted by the system across the full range of threats. A trustworthy information system is believed to operate within defined levels of risk despite the environmental disruptions, human errors, structural failures, and purposeful attacks that are expected to occur in its environment of operation.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]}]},{"term":"trustworthy information system","link":"https://csrc.nist.gov/glossary/term/trustworthy_information_system","definitions":[{"text":"An information system that is believed to be capable of operating within defined levels of risk despite the environmental disruptions, human errors, structural failures, and purposeful attacks that are expected to occur in its environment of operation.","sources":[{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"OMB Circular A-130 (2016)","link":"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf"}]}]}]},{"term":"TS","link":"https://csrc.nist.gov/glossary/term/ts","abbrSyn":[{"text":"Technical Specification","link":"https://csrc.nist.gov/glossary/term/technical_specification"}],"definitions":null},{"term":"TSA","link":"https://csrc.nist.gov/glossary/term/tsa","abbrSyn":[{"text":"Transportation Security Administration","link":"https://csrc.nist.gov/glossary/term/transportation_security_administration"}],"definitions":null},{"term":"TSC","link":"https://csrc.nist.gov/glossary/term/tsc","abbrSyn":[{"text":"TKIP Sequence Counter","link":"https://csrc.nist.gov/glossary/term/tkip_sequence_counter"},{"text":"Transparent Supply Chain","link":"https://csrc.nist.gov/glossary/term/transparent_supply_chain"}],"definitions":null},{"term":"TSCH","link":"https://csrc.nist.gov/glossary/term/tsch","abbrSyn":[{"text":"Time Slotted Channel Hopping","link":"https://csrc.nist.gov/glossary/term/time_slotted_channel_hopping"}],"definitions":null},{"term":"TSCM","link":"https://csrc.nist.gov/glossary/term/tscm","abbrSyn":[{"text":"Technical Surveillance Countermeasures"}],"definitions":null},{"term":"TSEC","link":"https://csrc.nist.gov/glossary/term/tsec","abbrSyn":[{"text":"Telecommunications Security","link":"https://csrc.nist.gov/glossary/term/telecommunications_security"}],"definitions":null},{"term":"TSEC nomenclature","link":"https://csrc.nist.gov/glossary/term/tsec_nomenclature","definitions":[{"text":"The NSA system for identifying the type and purpose of certain items of COMSEC material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"TSF","link":"https://csrc.nist.gov/glossary/term/tsf","abbrSyn":[{"text":"TOE Security Functions","link":"https://csrc.nist.gov/glossary/term/toe_security_functions"}],"definitions":null},{"term":"TSi","link":"https://csrc.nist.gov/glossary/term/tsi","abbrSyn":[{"text":"Traffic Selector for the Initiator","link":"https://csrc.nist.gov/glossary/term/traffic_selector_for_the_initiator"}],"definitions":null},{"term":"TSI","link":"https://csrc.nist.gov/glossary/term/t_s_i","abbrSyn":[{"text":"Trusted Service Identity","link":"https://csrc.nist.gov/glossary/term/trusted_service_identity"}],"definitions":null},{"term":"TSIG","link":"https://csrc.nist.gov/glossary/term/tsig","abbrSyn":[{"text":"Transaction Signature","link":"https://csrc.nist.gov/glossary/term/transaction_signature"}],"definitions":null},{"term":"TSIG Key","link":"https://csrc.nist.gov/glossary/term/tsig_key","definitions":[{"text":"A string used to generate the message authentication hash stored in a TSIG RR and used to authenticate an entire DNS message. This is not the same as signing a message, which involves a cryptographic operation.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"TSME","link":"https://csrc.nist.gov/glossary/term/tsme","abbrSyn":[{"text":"Transparent Secure Memory Encryption","link":"https://csrc.nist.gov/glossary/term/transparent_secure_memory_encryption"}],"definitions":null},{"term":"TSN","link":"https://csrc.nist.gov/glossary/term/tsn","abbrSyn":[{"text":"Transition Security Network","link":"https://csrc.nist.gov/glossary/term/transition_security_network"}],"definitions":null},{"term":"TSO","link":"https://csrc.nist.gov/glossary/term/tso","abbrSyn":[{"text":"TCP Segmentation Offload","link":"https://csrc.nist.gov/glossary/term/tcp_segmentation_offload"}],"definitions":null},{"term":"TSP","link":"https://csrc.nist.gov/glossary/term/tsp","abbrSyn":[{"text":"Telecommunications Service Priority","link":"https://csrc.nist.gov/glossary/term/telecommunications_service_priority"},{"text":"Timestamp Packet","link":"https://csrc.nist.gov/glossary/term/timestamp_packet"}],"definitions":null},{"term":"TSr","link":"https://csrc.nist.gov/glossary/term/tsr","abbrSyn":[{"text":"Traffic Selector for the Responder","link":"https://csrc.nist.gov/glossary/term/traffic_selector_for_the_responder"}],"definitions":null},{"term":"TST","link":"https://csrc.nist.gov/glossary/term/tst","abbrSyn":[{"text":"Timestamp Token","link":"https://csrc.nist.gov/glossary/term/timestamp_token"}],"definitions":null},{"term":"TT","link":"https://csrc.nist.gov/glossary/term/tt","abbrSyn":[{"text":"Temperature Transmitter","link":"https://csrc.nist.gov/glossary/term/temperature_transmitter"}],"definitions":null},{"term":"TT&C","link":"https://csrc.nist.gov/glossary/term/tt_and_c","abbrSyn":[{"text":"Telemetry, Tracking, and Command","link":"https://csrc.nist.gov/glossary/term/telemetry_tracking_and_command"}],"definitions":null},{"term":"TT&E","link":"https://csrc.nist.gov/glossary/term/ttande","abbrSyn":[{"text":"Test, Training, and Exercise","link":"https://csrc.nist.gov/glossary/term/test_training_and_exercise"},{"text":"Test, Training, And Exercise"}],"definitions":null},{"term":"TTA","link":"https://csrc.nist.gov/glossary/term/tta","abbrSyn":[{"text":"Trusted Timestamp Authority"}],"definitions":[{"text":"An entity that is trusted to provide accurate time information.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Trusted Timestamp Authority "}]}]},{"term":"TTF","link":"https://csrc.nist.gov/glossary/term/ttf","abbrSyn":[{"text":"Tag Talks First","link":"https://csrc.nist.gov/glossary/term/tag_talks_first"}],"definitions":[{"text":"An RF transaction in which the tag communicates its presence to a reader. The reader may then send commands to the tag.","sources":[{"text":"NIST SP 800-98","link":"https://doi.org/10.6028/NIST.SP.800-98","underTerm":" under Tag Talks First "}]}]},{"term":"TTI","link":"https://csrc.nist.gov/glossary/term/tti","abbrSyn":[{"text":"Token Taxonomy Initiative","link":"https://csrc.nist.gov/glossary/term/token_taxonomy_initiative"}],"definitions":null},{"term":"TTL","link":"https://csrc.nist.gov/glossary/term/ttl","abbrSyn":[{"text":"Time to Live","link":"https://csrc.nist.gov/glossary/term/time_to_live"},{"text":"Time To Live"}],"definitions":null},{"term":"TTLS","link":"https://csrc.nist.gov/glossary/term/ttls","abbrSyn":[{"text":"Tunneled Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/tunneled_transport_layer_security"}],"definitions":null},{"term":"TTP","link":"https://csrc.nist.gov/glossary/term/ttp","abbrSyn":[{"text":"A Trusted Third Party"},{"text":"Tactic Technique Procedure","link":"https://csrc.nist.gov/glossary/term/tactic_technique_procedure"},{"text":"Tactics, Techniques and Procedures"},{"text":"Tactics, techniques, and procedures"},{"text":"Tactics, Techniques, and Procedures"},{"text":"Trusted Third Party","link":"https://csrc.nist.gov/glossary/term/trusted_third_party"}],"definitions":[{"text":"An entity other than the owner and verifier that is trusted by the owner, the verifier or both to provide certain services.","sources":[{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Trusted Third Party "}]},{"text":"An entity other than the key pair owner and verifier that is trusted by the owner or the verifier or both. Sometimes shortened to “trusted party.”","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Trusted Third Party "}]}]},{"term":"TTX","link":"https://csrc.nist.gov/glossary/term/ttx","abbrSyn":[{"text":"Table Top Exercise"},{"text":"Tabletop Exercise","link":"https://csrc.nist.gov/glossary/term/tabletop_exercise"}],"definitions":[{"text":"A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation. A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario.","sources":[{"text":"NIST SP 800-84","link":"https://doi.org/10.6028/NIST.SP.800-84","underTerm":" under Tabletop Exercise "}]}]},{"term":"TUCOFS","link":"https://csrc.nist.gov/glossary/term/tucofs","abbrSyn":[{"text":"The Ultimate Collection of Forensic Software","link":"https://csrc.nist.gov/glossary/term/the_ultimate_collection_of_forensic_software"}],"definitions":null},{"term":"Tunnel Mode","link":"https://csrc.nist.gov/glossary/term/tunnel_mode","definitions":[{"text":"IPsec mode that creates a new IP header for each protected packet.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]"}]},{"text":"An IPsec mode that creates an additional outer IP header for each protected packet.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1"}]}]},{"term":"Tunnel VPN","link":"https://csrc.nist.gov/glossary/term/tunnel_vpn","definitions":[{"text":"An SSL connection that allows a remote user to securely access a wide variety of protocols and applications, through a tunnel that is running under SSL, via a Web browser, generally augmented by a client application or plug-in..","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113"}]}]},{"term":"Tunneled Transport Layer Security","link":"https://csrc.nist.gov/glossary/term/tunneled_transport_layer_security","abbrSyn":[{"text":"TTLS","link":"https://csrc.nist.gov/glossary/term/ttls"}],"definitions":null},{"term":"tunneling","link":"https://csrc.nist.gov/glossary/term/tunneling","definitions":[{"text":"Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Tuple Density","link":"https://csrc.nist.gov/glossary/term/tuple_density","definitions":[{"text":"Sum of t and the fraction of the covered (t+1)-tuples out of all possible (t+1)-tuples.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878","refSources":[{"text":"B. Chen et al"}]}]}]},{"term":"Turing complete","link":"https://csrc.nist.gov/glossary/term/turing_complete","definitions":[{"text":"A system (computer system, programming language, etc.) that can be used for any algorithm, regardless of complexity, to find a solution.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]}]},{"term":"Tweakable Block Cipher","link":"https://csrc.nist.gov/glossary/term/tweakable_block_cipher","abbrSyn":[{"text":"TBC","link":"https://csrc.nist.gov/glossary/term/tbc"}],"definitions":null},{"term":"Two-Factor Authentication","link":"https://csrc.nist.gov/glossary/term/two_factor_authentication","abbrSyn":[{"text":"2FA","link":"https://csrc.nist.gov/glossary/term/2fa"}],"definitions":[{"text":"Proof of the possession of a physical or software token in combination with some memorized secret knowledge.","sources":[{"text":"NIST SP 800-175A","link":"https://doi.org/10.6028/NIST.SP.800-175A","underTerm":" under two-factor authentication "}]}]},{"term":"Two-key Triple Data Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/two_key_triple_data_encryption_algorithm","abbrSyn":[{"text":"2TDEA","link":"https://csrc.nist.gov/glossary/term/2tdea"}],"definitions":[{"text":"Two-key Triple Data Encryption Algorithm specified in [NIST SP 800-67].","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under 2TDEA "}]}]},{"term":"two-person control","link":"https://csrc.nist.gov/glossary/term/two_person_control","abbrSyn":[{"text":"TPC","link":"https://csrc.nist.gov/glossary/term/tpc"}],"definitions":[{"text":"The continuous surveillance and control of material at all times by a minimum of two authorized individuals, each capable of detecting incorrect or unauthorized procedures with respect to the task being performed and each familiar with established security requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoDI 5200.44","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"two-person integrity","link":"https://csrc.nist.gov/glossary/term/two_person_integrity","abbrSyn":[{"text":"TPI","link":"https://csrc.nist.gov/glossary/term/tpi"}],"definitions":[{"text":"A system of storage and handling designed to prohibit individual access to certain material by requiring the presence of at least two authorized persons for the task to be performed.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401"}]},{"text":"The system of storage and handling designed to prohibit individual access to certain COMSEC keying material by requiring the presence of at least two authorized persons, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. \nNote: Two-Person Control refers to the handling of Nuclear Command and Control COMSEC material while Two-Person Integrity refers only to the handling of COMSEC keying material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}],"seeAlso":[{"text":"no-lone zone (NLZ)","link":"no_lone_zone"}]},{"term":"TXT","link":"https://csrc.nist.gov/glossary/term/txt","abbrSyn":[{"text":"Text","link":"https://csrc.nist.gov/glossary/term/text"},{"text":"Trusted Execution Technology","link":"https://csrc.nist.gov/glossary/term/trusted_execution_technology"}],"definitions":null},{"term":"type accreditation","link":"https://csrc.nist.gov/glossary/term/type_accreditation","note":"(C.F.D.)","definitions":[{"text":"A form of accreditation that is used to authorize multiple instances of a major application or general support system for operation at approved locations with the same type of computing environment. In situations where a major application or general support system is installed at multiple locations, a type accreditation will satisfy Certification and Accreditation (C&A) requirements only if the application or system consists of a common set of tested and approved hardware, software, and firmware. \nSee type authorization.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"type authorization","link":"type_authorization"}]},{"term":"type authorization","link":"https://csrc.nist.gov/glossary/term/type_authorization","definitions":[{"text":"An official authorization decision to employ identical copies of an information system or subsystem (including hardware, software, firmware, and/or applications) in specified environments of operation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1"}]}]}],"seeAlso":[{"text":"type accreditation","link":"type_accreditation"}]},{"term":"type certification","link":"https://csrc.nist.gov/glossary/term/type_certification","definitions":[{"text":"The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and non-technical security features of an information system and other safeguards, made as part of and in support of the formal approval process, to establish the extent to which a particular design and implementation meet a specified set of security requirements.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Type Length Value","link":"https://csrc.nist.gov/glossary/term/type_length_value","abbrSyn":[{"text":"TLV","link":"https://csrc.nist.gov/glossary/term/tlv"}],"definitions":null},{"term":"U","link":"https://csrc.nist.gov/glossary/term/u","definitions":[{"text":"One party in a key-establishment scheme.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"U.S. Coast Guard Navigation Center","link":"https://csrc.nist.gov/glossary/term/us_coast_guard_navigation_center","abbrSyn":[{"text":"NAVCEN","link":"https://csrc.nist.gov/glossary/term/navcen"}],"definitions":null},{"term":"U.S. Computer Emergency Readiness Team","link":"https://csrc.nist.gov/glossary/term/us_computer_emergency_readiness_team","abbrSyn":[{"text":"US-CERT","link":"https://csrc.nist.gov/glossary/term/us_cert"}],"definitions":null},{"term":"U.S. Department of Health, Education, and Welfare","link":"https://csrc.nist.gov/glossary/term/us_department_of_health_education_and_welfare","abbrSyn":[{"text":"HEW","link":"https://csrc.nist.gov/glossary/term/hew"}],"definitions":null},{"term":"U.S. Government","link":"https://csrc.nist.gov/glossary/term/us_government","abbrSyn":[{"text":"USG","link":"https://csrc.nist.gov/glossary/term/usg"}],"definitions":null},{"term":"U.S. Government Configuration Baseline","link":"https://csrc.nist.gov/glossary/term/us_government_configuration_baseline","abbrSyn":[{"text":"USGCB","link":"https://csrc.nist.gov/glossary/term/usgcb"}],"definitions":null},{"term":"U.S. Government Federal Radionavigation Plan","link":"https://csrc.nist.gov/glossary/term/us_government_federal_radionavigation_plan","abbrSyn":[{"text":"USG FRP","link":"https://csrc.nist.gov/glossary/term/usg_frp"}],"definitions":null},{"term":"U.S. national interests","link":"https://csrc.nist.gov/glossary/term/us_national_interests","definitions":[{"text":"Matters of vital interest to the United States to include national security, public safety, national economic security, the safe and reliable functioning of “critical infrastructure”, and the availability of “key resources”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"PPD-20"}]}]}]},{"term":"U.S. person","link":"https://csrc.nist.gov/glossary/term/us_person","definitions":[{"text":"U.S. person means a person (as defined in 22 CFR 120.14) who is a lawful permanent resident as defined by 8 U.S.C. 1101(a) (20) or who is a protected individual as defined by 8 U.S.C. 1324b(a) (3). It also means any corporation, business association, partnership, society, trust, or any other entity, organization or group that is incorporated to do business in the United States. It also includes any governmental (federal, state or local) entity. It does not include any foreign person as defined in 22 CFR 120.16.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"22 C.F.R., Sec. 120.15","link":"https://www.govinfo.gov/app/details/CFR-2011-title22-vol1/CFR-2011-title22-vol1-sec120-15"}]}]}]},{"term":"U.S. Securities and Exchange Commission","link":"https://csrc.nist.gov/glossary/term/us_securities_and_exchange_commission","abbrSyn":[{"text":"SEC","link":"https://csrc.nist.gov/glossary/term/sec"}],"definitions":null},{"term":"U.S.C.","link":"https://csrc.nist.gov/glossary/term/u_s_c_","abbrSyn":[{"text":"United States Code","link":"https://csrc.nist.gov/glossary/term/united_states_code"}],"definitions":null},{"term":"U.S.-controlled facility","link":"https://csrc.nist.gov/glossary/term/us_controlled_facility","definitions":[{"text":"A base or building, access to which is physically controlled by U.S. citizens or resident aliens who are authorized U.S. Government or U.S. Government contractor employees.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSI No. 3013","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"U.S.-controlled space","link":"https://csrc.nist.gov/glossary/term/us_controlled_space","definitions":[{"text":"A space (e.g., room or floor) within a facility other than a U.S.-controlled facility, access to which is physically controlled by U.S. citizens or resident aliens who are authorized U.S. Government or U.S. Government contractor employees. Keys or combinations to locks controlling entrance to the U.S.-controlled space must be under the exclusive control of U.S. citizens or resident aliens who are U.S. Government or U.S. Government contractor employees.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSTISSI No. 3013","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"U1","link":"https://csrc.nist.gov/glossary/term/u1","abbrSyn":[{"text":"Citect SCADA system","link":"https://csrc.nist.gov/glossary/term/citect_scada_system"}],"definitions":null},{"term":"U2F","link":"https://csrc.nist.gov/glossary/term/u2f","abbrSyn":[{"text":"Universal Second Factor","link":"https://csrc.nist.gov/glossary/term/universal_second_factor"}],"definitions":null},{"term":"UA","link":"https://csrc.nist.gov/glossary/term/ua","abbrSyn":[{"text":"User Agent","link":"https://csrc.nist.gov/glossary/term/user_agent"}],"definitions":null},{"term":"UAC","link":"https://csrc.nist.gov/glossary/term/uac","abbrSyn":[{"text":"User Access Control","link":"https://csrc.nist.gov/glossary/term/user_access_control"}],"definitions":null},{"term":"UAF","link":"https://csrc.nist.gov/glossary/term/uaf","abbrSyn":[{"text":"Universal Authentication Framework","link":"https://csrc.nist.gov/glossary/term/universal_authentication_framework"}],"definitions":null},{"term":"UART","link":"https://csrc.nist.gov/glossary/term/uart","abbrSyn":[{"text":"Universal Asynchronous Receiver Transmitter"},{"text":"Universal Asynchronous Receiver/Transmitter","link":"https://csrc.nist.gov/glossary/term/universal_asynchronous_receiver_transmitter"}],"definitions":null},{"term":"UAS","link":"https://csrc.nist.gov/glossary/term/uas","abbrSyn":[{"text":"Unmanned Aerial Systems","link":"https://csrc.nist.gov/glossary/term/unmanned_aerial_systems"},{"text":"Unmanned Aircraft System","link":"https://csrc.nist.gov/glossary/term/unmanned_aircraft_system"},{"text":"User Applications Software","link":"https://csrc.nist.gov/glossary/term/user_applications_software"}],"definitions":null},{"term":"UAV","link":"https://csrc.nist.gov/glossary/term/uav","abbrSyn":[{"text":"Unmanned Aerial Vehicle","link":"https://csrc.nist.gov/glossary/term/unmanned_aerial_vehicle"}],"definitions":null},{"term":"UBR","link":"https://csrc.nist.gov/glossary/term/ubr","abbrSyn":[{"text":"Universal Business Registry","link":"https://csrc.nist.gov/glossary/term/universal_business_registry"}],"definitions":null},{"term":"UCC","link":"https://csrc.nist.gov/glossary/term/ucc","abbrSyn":[{"text":"Uniform Code Council","link":"https://csrc.nist.gov/glossary/term/uniform_code_council"}],"definitions":null},{"term":"UCDSMO","link":"https://csrc.nist.gov/glossary/term/ucdsmo","abbrSyn":[{"text":"Unified Cross Domain Services Management Office","link":"https://csrc.nist.gov/glossary/term/unified_cross_domain_services_management_office"}],"definitions":null},{"term":"UCE","link":"https://csrc.nist.gov/glossary/term/uce","abbrSyn":[{"text":"Unsolicited Commercial Email","link":"https://csrc.nist.gov/glossary/term/unsolicited_commercial_email"}],"definitions":null},{"term":"UCS","link":"https://csrc.nist.gov/glossary/term/ucs","abbrSyn":[{"text":"Unified Computing System","link":"https://csrc.nist.gov/glossary/term/unified_computing_system"},{"text":"User Configuration Set","link":"https://csrc.nist.gov/glossary/term/user_configuration_set"}],"definitions":null},{"term":"UDDI","link":"https://csrc.nist.gov/glossary/term/uddi","abbrSyn":[{"text":"Universal Description, Discovery, and Integration"}],"definitions":null},{"term":"UDF","link":"https://csrc.nist.gov/glossary/term/udf","abbrSyn":[{"text":"Universal Disk Format","link":"https://csrc.nist.gov/glossary/term/universal_disk_format"}],"definitions":null},{"term":"UDLR","link":"https://csrc.nist.gov/glossary/term/udlr","abbrSyn":[{"text":"Universal Distributed Logical Router","link":"https://csrc.nist.gov/glossary/term/universal_distributed_logical_router"}],"definitions":null},{"term":"UDM","link":"https://csrc.nist.gov/glossary/term/udm","abbrSyn":[{"text":"Universal Data Manager","link":"https://csrc.nist.gov/glossary/term/universal_data_manager"}],"definitions":null},{"term":"UDP","link":"https://csrc.nist.gov/glossary/term/udp","abbrSyn":[{"text":"User Datagram Protocol","link":"https://csrc.nist.gov/glossary/term/user_datagram_protocol"}],"definitions":null},{"term":"UE","link":"https://csrc.nist.gov/glossary/term/ue","abbrSyn":[{"text":"User Equipment","link":"https://csrc.nist.gov/glossary/term/user_equipment"}],"definitions":null},{"term":"UEA","link":"https://csrc.nist.gov/glossary/term/uea","abbrSyn":[{"text":"UMTS Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/umts_encryption_algorithm"}],"definitions":null},{"term":"UEBA","link":"https://csrc.nist.gov/glossary/term/ueba","abbrSyn":[{"text":"User and Entity Behavior Analytics","link":"https://csrc.nist.gov/glossary/term/user_and_entity_behavior_analytics"}],"definitions":null},{"term":"UEFI","link":"https://csrc.nist.gov/glossary/term/uefi","abbrSyn":[{"text":"Unified Extensible Firmware Interface"}],"definitions":null},{"term":"UEFI Secure Boot","link":"https://csrc.nist.gov/glossary/term/uefi_secure_boot","abbrSyn":[{"text":"SB","link":"https://csrc.nist.gov/glossary/term/sb"}],"definitions":null},{"term":"UEM","link":"https://csrc.nist.gov/glossary/term/uem","abbrSyn":[{"text":"Unified Endpoint Management","link":"https://csrc.nist.gov/glossary/term/unified_endpoint_management"}],"definitions":null},{"term":"UFS","link":"https://csrc.nist.gov/glossary/term/ufs","abbrSyn":[{"text":"Unix File System","link":"https://csrc.nist.gov/glossary/term/unix_file_system"},{"text":"UNIX File System"}],"definitions":null},{"term":"UHF","link":"https://csrc.nist.gov/glossary/term/uhf","abbrSyn":[{"text":"Ultra High Frequency","link":"https://csrc.nist.gov/glossary/term/ultra_high_frequency"}],"definitions":null},{"term":"UI","link":"https://csrc.nist.gov/glossary/term/ui","abbrSyn":[{"text":"User interface","link":"https://csrc.nist.gov/glossary/term/user_interface"},{"text":"User Interface"}],"definitions":[{"text":"The physical or logical means by which users interact with a system, device or process.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under User interface "}]}]},{"term":"UI/UX","link":"https://csrc.nist.gov/glossary/term/ui_ux","abbrSyn":[{"text":"user interface/user experience","link":"https://csrc.nist.gov/glossary/term/user_interface_user_experience"}],"definitions":null},{"term":"UIA","link":"https://csrc.nist.gov/glossary/term/uia","abbrSyn":[{"text":"UMTS Integrity Algorithm","link":"https://csrc.nist.gov/glossary/term/umts_integrity_algorithm"}],"definitions":null},{"term":"UICC","link":"https://csrc.nist.gov/glossary/term/uicc","abbrSyn":[{"text":"Universal Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/universal_integrated_circuit_card"}],"definitions":[{"text":"An integrated circuit card that securely stores the international mobile subscriber identity (IMSI) and the related cryptographic key used to identify and authenticate subscribers on mobile devices. A UICC may be referred to as a: SIM, USIM, RUIM or CSIM, and is used interchangeably with those terms.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Universal Integrated Circuit Card "}]}]},{"term":"UIRP","link":"https://csrc.nist.gov/glossary/term/uirp","abbrSyn":[{"text":"unknown inclusion re-identification probability","link":"https://csrc.nist.gov/glossary/term/unknown_inclusion_re_identification_probability"}],"definitions":null},{"term":"UIS","link":"https://csrc.nist.gov/glossary/term/uis","abbrSyn":[{"text":"User Interface System","link":"https://csrc.nist.gov/glossary/term/user_interface_system"}],"definitions":null},{"term":"UK","link":"https://csrc.nist.gov/glossary/term/uk","abbrSyn":[{"text":"United Kingdom","link":"https://csrc.nist.gov/glossary/term/united_kingdom"}],"definitions":null},{"term":"UK Research and Innovation","link":"https://csrc.nist.gov/glossary/term/uk_research_and_innovation","abbrSyn":[{"text":"UKRI","link":"https://csrc.nist.gov/glossary/term/ukri"}],"definitions":null},{"term":"UKAN","link":"https://csrc.nist.gov/glossary/term/ukan","abbrSyn":[{"text":"United Kingdom Advocacy Network","link":"https://csrc.nist.gov/glossary/term/united_kingdom_advocacy_network"}],"definitions":null},{"term":"UKRI","link":"https://csrc.nist.gov/glossary/term/ukri","abbrSyn":[{"text":"UK Research and Innovation","link":"https://csrc.nist.gov/glossary/term/uk_research_and_innovation"}],"definitions":null},{"term":"UL","link":"https://csrc.nist.gov/glossary/term/ul","abbrSyn":[{"text":"Underwriter’s Laboratories"},{"text":"Underwriters Laboratories","link":"https://csrc.nist.gov/glossary/term/underwriters_laboratories"}],"definitions":null},{"term":"Ultra High Frequency","link":"https://csrc.nist.gov/glossary/term/ultra_high_frequency","abbrSyn":[{"text":"UHF","link":"https://csrc.nist.gov/glossary/term/uhf"}],"definitions":null},{"term":"Ultraviolet","link":"https://csrc.nist.gov/glossary/term/ultraviolet","abbrSyn":[{"text":"UV","link":"https://csrc.nist.gov/glossary/term/uv"}],"definitions":null},{"term":"Ultrawideband","link":"https://csrc.nist.gov/glossary/term/ultrawideband","abbrSyn":[{"text":"UWB","link":"https://csrc.nist.gov/glossary/term/uwb"}],"definitions":null},{"term":"umbilical cord","link":"https://csrc.nist.gov/glossary/term/umbilical_cord","definitions":[{"text":"The cable that connects the space vehicle to the launch pad during pre-launch to monitor the vehicle health and is disconnected or cut when the vehicle launches; enables the exchange of data with ground launch mission systems.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"UMD","link":"https://csrc.nist.gov/glossary/term/umd","abbrSyn":[{"text":"University of Maryland","link":"https://csrc.nist.gov/glossary/term/university_of_maryland"}],"definitions":null},{"term":"UMTS","link":"https://csrc.nist.gov/glossary/term/umts","abbrSyn":[{"text":"Universal Mobile Telecommunications System"}],"definitions":[{"text":"a third-generation (3G) mobile phone technologies standardized by the 3GPP as the successor to GSM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Universal Mobile Telecommunications System "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Universal Mobile Telecommunications System "}]}]},{"term":"UMTS Encryption Algorithm","link":"https://csrc.nist.gov/glossary/term/umts_encryption_algorithm","abbrSyn":[{"text":"UEA","link":"https://csrc.nist.gov/glossary/term/uea"}],"definitions":null},{"term":"UMTS Integrity Algorithm","link":"https://csrc.nist.gov/glossary/term/umts_integrity_algorithm","abbrSyn":[{"text":"UIA","link":"https://csrc.nist.gov/glossary/term/uia"}],"definitions":null},{"term":"UMTS Subscriber Identity Module (USIM)","link":"https://csrc.nist.gov/glossary/term/umts_subscriber_identity_module","abbrSyn":[{"text":"USIM","link":"https://csrc.nist.gov/glossary/term/usim"}],"definitions":[{"text":"A module similar to the SIM in GSM/GPRS networks, but with additional capabilities suited to 3G networks.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under UMTS Subscriber Identity Module "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under UMTS Subscriber Identity Module "}]}]},{"term":"UN/CEFACT","link":"https://csrc.nist.gov/glossary/term/un_cefact","abbrSyn":[{"text":"United Nations Centre for Trade Facilitation and Electronic Business","link":"https://csrc.nist.gov/glossary/term/united_nations_centre_for_trade_facilitation_and_electronic_business"}],"definitions":null},{"term":"unattended","link":"https://csrc.nist.gov/glossary/term/unattended","definitions":[{"text":"A facility is unattended when there is no human presence. Use of roaming guards and/or an intrusion detection system is not enough to consider a facility attended. Having a trusted individual sitting at the entrance to a vault does make the vault attended.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"unauthorized disclosure","link":"https://csrc.nist.gov/glossary/term/unauthorized_disclosure","definitions":[{"text":"An event involving the exposure of information to entities not authorized access to the information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 3","link":"https://doi.org/10.6028/NIST.SP.800-57p3"}]},{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Unauthorized disclosure "},{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Unauthorized disclosure "},{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Unauthorized disclosure "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Unauthorized disclosure "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Unauthorized disclosure "}]}]},{"term":"Unbalanced Oil-Vinegar Digital Signature Scheme","link":"https://csrc.nist.gov/glossary/term/unbalanced_oil_vinegar_digital_signature_scheme","abbrSyn":[{"text":"UOV","link":"https://csrc.nist.gov/glossary/term/uov"}],"definitions":null},{"term":"Unbiased","link":"https://csrc.nist.gov/glossary/term/unbiased","definitions":[{"text":"A value that is chosen from a sample space is said to be unbiased if all potential values have the same probability of being chosen. Contrast with biased.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]},{"text":"A value that is chosen from a sample space is said to be unbiased if all potential values have the same probability of being chosen. (Contrast with biased.)","sources":[{"text":"NIST SP 800-90B","link":"https://doi.org/10.6028/NIST.SP.800-90B"}]}]},{"term":"Unbind","link":"https://csrc.nist.gov/glossary/term/unbind","definitions":[{"text":"To deterministically transform a binding into its logical-form construct.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695"}]}]},{"term":"UNC","link":"https://csrc.nist.gov/glossary/term/unc","abbrSyn":[{"text":"Universal Naming Convention","link":"https://csrc.nist.gov/glossary/term/universal_naming_convention"}],"definitions":null},{"term":"unclassified","link":"https://csrc.nist.gov/glossary/term/unclassified","definitions":[{"text":"Information that does not require safeguarding or dissemination controls pursuant to Executive Order (E.O.) 13556 (Controlled Unclassified Information) and has not been determined to require protection against unauthorized disclosure pursuant to E.O. 13526 (Classified National Security Information), or any predecessor or successor Order, or the Atomic Energy Act of 1954, as amended. \nSee controlled unclassified information (CUI), and classified national security information.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}],"seeAlso":[{"text":"classified national security information","link":"classified_national_security_information"},{"text":"controlled unclassified information (CUI)","link":"controlled_unclassified_information"}]},{"term":"Underwriters Laboratories","link":"https://csrc.nist.gov/glossary/term/underwriters_laboratories","abbrSyn":[{"text":"UL","link":"https://csrc.nist.gov/glossary/term/ul"}],"definitions":null},{"term":"unencrypted key","link":"https://csrc.nist.gov/glossary/term/unencrypted_key","definitions":[{"text":"Key that has not been encrypted in a system approved by the National Security Agency (NSA) for key encryption or encrypted key in the presence of its associated key encryption key (KEK) or transfer key encryption key (TrKEK). Encrypted key in the same fill device as its associated KEK or TrKEK is considered unencrypted. (Unencrypted key is also known as RED key).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/unicast_reverse_path_forwarding","abbrSyn":[{"text":"uRPF","link":"https://csrc.nist.gov/glossary/term/urpf"}],"definitions":null},{"term":"UniCERT Programmatic Interface","link":"https://csrc.nist.gov/glossary/term/unicert_programmatic_interface","abbrSyn":[{"text":"UPI","link":"https://csrc.nist.gov/glossary/term/upi"}],"definitions":null},{"term":"Unified Computing System","link":"https://csrc.nist.gov/glossary/term/unified_computing_system","note":"(Cisco)","abbrSyn":[{"text":"UCS","link":"https://csrc.nist.gov/glossary/term/ucs"}],"definitions":null},{"term":"Unified Cross Domain Services Management Office","link":"https://csrc.nist.gov/glossary/term/unified_cross_domain_services_management_office","abbrSyn":[{"text":"UCDSMO","link":"https://csrc.nist.gov/glossary/term/ucdsmo"}],"definitions":null},{"term":"Unified Endpoint Management","link":"https://csrc.nist.gov/glossary/term/unified_endpoint_management","abbrSyn":[{"text":"UEM","link":"https://csrc.nist.gov/glossary/term/uem"}],"definitions":null},{"term":"Unified Extensible Firmware Interface (UEFI)","link":"https://csrc.nist.gov/glossary/term/unified_extensible_firmware_interface","abbrSyn":[{"text":"UEFI","link":"https://csrc.nist.gov/glossary/term/uefi"}],"definitions":[{"text":"A possible replacement for the conventional BIOS that is becoming widely deployed in new x86-based computer systems. The UEFI specifications were preceded by the EFI specifications.","sources":[{"text":"NIST SP 800-147","link":"https://doi.org/10.6028/NIST.SP.800-147"},{"text":"NIST SP 800-147B","link":"https://doi.org/10.6028/NIST.SP.800-147B"}]}]},{"term":"Unified Threat Management","link":"https://csrc.nist.gov/glossary/term/unified_threat_management","abbrSyn":[{"text":"UTM","link":"https://csrc.nist.gov/glossary/term/utm"}],"definitions":null},{"term":"Uniform Code Council","link":"https://csrc.nist.gov/glossary/term/uniform_code_council","abbrSyn":[{"text":"UCC","link":"https://csrc.nist.gov/glossary/term/ucc"}],"definitions":null},{"term":"Uniform Resource Identifier","link":"https://csrc.nist.gov/glossary/term/uniform_resource_identifier","abbrSyn":[{"text":"URI","link":"https://csrc.nist.gov/glossary/term/uri"}],"definitions":[{"text":"A uniform resource identifier, or URI, is a short string containing a name or address which refers to an object in the \"web.\"","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under URI "}]},{"text":"A compact sequence of characters that identifies an abstract or physical resource available on the Internet. The syntax used for URIs is defined in.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","refSources":[{"text":"RFC 3986","link":"https://doi.org/10.17487/RFC3986"}]}]}]},{"term":"Uniform Resource Locator","link":"https://csrc.nist.gov/glossary/term/uniform_resource_locator","abbrSyn":[{"text":"URL","link":"https://csrc.nist.gov/glossary/term/url"}],"definitions":[{"text":"A uniform resource locator, or URL, is a short string containing an address which refers to an object in the \"web.\" URLs are a subset of URIs.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under URL "}]},{"text":"A reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A typical URL could have the form http://www.example.com/index.html, which indicates a protocol (http), a host name (www.example.com), and a file name (index.html). Also sometimes referred to as a web address.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Uniform Resource Locator (URL) "}]},{"text":"A reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A typical URL could have the form http://www.example.com/index.html, which indicates a protocol (hypertext transfer protocol [http]), a host name (www.example.com), and a file name (index.html). Also sometimes referred to as a web address.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Uniform Resource Locator (URL) "}]}]},{"term":"Uniform Resource Name","link":"https://csrc.nist.gov/glossary/term/uniform_resource_name","abbrSyn":[{"text":"URN","link":"https://csrc.nist.gov/glossary/term/urn"}],"definitions":null},{"term":"Uninstantiate","link":"https://csrc.nist.gov/glossary/term/uninstantiate","definitions":[{"text":"The termination of a DRBG instantiation.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Uninterruptible Power Supply","link":"https://csrc.nist.gov/glossary/term/uninterruptible_power_supply","abbrSyn":[{"text":"UPS","link":"https://csrc.nist.gov/glossary/term/ups"}],"definitions":[{"text":"A device with an internal battery that allows connected devices to run for at least a short time when the primary power source is lost.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1"}]}]},{"term":"United Kingdom","link":"https://csrc.nist.gov/glossary/term/united_kingdom","abbrSyn":[{"text":"UK","link":"https://csrc.nist.gov/glossary/term/uk"}],"definitions":null},{"term":"United Kingdom Advocacy Network","link":"https://csrc.nist.gov/glossary/term/united_kingdom_advocacy_network","abbrSyn":[{"text":"UKAN","link":"https://csrc.nist.gov/glossary/term/ukan"}],"definitions":null},{"term":"United Nations Centre for Trade Facilitation and Electronic Business","link":"https://csrc.nist.gov/glossary/term/united_nations_centre_for_trade_facilitation_and_electronic_business","abbrSyn":[{"text":"UN/CEFACT","link":"https://csrc.nist.gov/glossary/term/un_cefact"}],"definitions":null},{"term":"United States Citizenship and Immigration Services","link":"https://csrc.nist.gov/glossary/term/united_states_citizenship_and_immigration_services","abbrSyn":[{"text":"USCIS","link":"https://csrc.nist.gov/glossary/term/uscis"}],"definitions":null},{"term":"United States Code","link":"https://csrc.nist.gov/glossary/term/united_states_code","abbrSyn":[{"text":"U.S.C.","link":"https://csrc.nist.gov/glossary/term/u_s_c_"},{"text":"USC","link":"https://csrc.nist.gov/glossary/term/usc"}],"definitions":null},{"term":"United States Department of Agriculture","link":"https://csrc.nist.gov/glossary/term/united_states_department_of_agriculture","abbrSyn":[{"text":"USDA","link":"https://csrc.nist.gov/glossary/term/usda"}],"definitions":null},{"term":"United States Government","link":"https://csrc.nist.gov/glossary/term/united_states_government","abbrSyn":[{"text":"USG","link":"https://csrc.nist.gov/glossary/term/usg"}],"definitions":null},{"term":"United States government configuration baseline (USGCB)","link":"https://csrc.nist.gov/glossary/term/united_states_government_configuration_baseline_usgcb","definitions":[{"text":"The United States Government Configuration Baseline (USGCB) provides security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain effective configuration settings focusing primarily on security.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"United States Government Configuration Baseline (USGCB)","link":"https://csrc.nist.gov/glossary/term/united_states_government_configuration_baseline","abbrSyn":[{"text":"USGCB","link":"https://csrc.nist.gov/glossary/term/usgcb"}],"definitions":[{"text":"The United States Government Configuration Baseline (USGCB) provides security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security. ","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"term":"United States Government Environment","link":"https://csrc.nist.gov/glossary/term/united_states_government_environment","definitions":[{"text":"A Custom environment that contains federal government systems to be secured according to prescribed configurations as mandated by policy.","sources":[{"text":"NIST SP 800-70 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-70r4"},{"text":"NIST SP 800-70 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-70r2","note":" [Superseded]"}]}]},{"term":"United States Naval Observatory","link":"https://csrc.nist.gov/glossary/term/united_states_naval_observatory","abbrSyn":[{"text":"USNO","link":"https://csrc.nist.gov/glossary/term/usno"}],"definitions":null},{"term":"United States Nuclear Regulatory Commission","link":"https://csrc.nist.gov/glossary/term/us_nuclear_regulatory_commission","abbrSyn":[{"text":"NRC","link":"https://csrc.nist.gov/glossary/term/nrc"}],"definitions":null},{"term":"Universal Asynchronous Receiver/Transmitter","link":"https://csrc.nist.gov/glossary/term/universal_asynchronous_receiver_transmitter","abbrSyn":[{"text":"UART","link":"https://csrc.nist.gov/glossary/term/uart"}],"definitions":null},{"term":"Universal Authentication Framework","link":"https://csrc.nist.gov/glossary/term/universal_authentication_framework","abbrSyn":[{"text":"UAF","link":"https://csrc.nist.gov/glossary/term/uaf"}],"definitions":null},{"term":"Universal Business Registry","link":"https://csrc.nist.gov/glossary/term/universal_business_registry","abbrSyn":[{"text":"UBR","link":"https://csrc.nist.gov/glossary/term/ubr"}],"definitions":null},{"term":"Universal Data Manager","link":"https://csrc.nist.gov/glossary/term/universal_data_manager","abbrSyn":[{"text":"UDM","link":"https://csrc.nist.gov/glossary/term/udm"}],"definitions":null},{"term":"Universal Description, Discovery, and Integration (UDDI)","link":"https://csrc.nist.gov/glossary/term/universal_description_discovery_and_integration","abbrSyn":[{"text":"UDDI","link":"https://csrc.nist.gov/glossary/term/uddi"}],"definitions":[{"text":"An XML-based lookup service for locating Web services in an Internet Topology. UDDI provides a platform-independent way of describing and discovering Web services and Web service providers. The UDDI data structures provide a framework for the description of basic service information, and an extensible mechanism to specify detailed service access information using any standard description language.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary","link":"https://www.developer.com/services/article.php/1485771/Web-Services-Glossary.htm"}]}]}]},{"term":"Universal Disk Format","link":"https://csrc.nist.gov/glossary/term/universal_disk_format","abbrSyn":[{"text":"UDF","link":"https://csrc.nist.gov/glossary/term/udf"}],"definitions":null},{"term":"Universal Distributed Logical Router","link":"https://csrc.nist.gov/glossary/term/universal_distributed_logical_router","abbrSyn":[{"text":"UDLR","link":"https://csrc.nist.gov/glossary/term/udlr"}],"definitions":null},{"term":"Universal Integrated Circuit Card","link":"https://csrc.nist.gov/glossary/term/universal_integrated_circuit_card","abbrSyn":[{"text":"UICC","link":"https://csrc.nist.gov/glossary/term/uicc"}],"definitions":[{"text":"An integrated circuit card that securely stores the international mobile subscriber identity (IMSI) and the related cryptographic key used to identify and authenticate subscribers on mobile devices. A UICC may be referred to as a: SIM, USIM, RUIM or CSIM, and is used interchangeably with those terms.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]}]},{"term":"Universal Mobile Telecommunications System (UMTS)","link":"https://csrc.nist.gov/glossary/term/universal_mobile_telecommunications_system","abbrSyn":[{"text":"UMTS","link":"https://csrc.nist.gov/glossary/term/umts"}],"definitions":[{"text":"A third-generation (3G) mobile phone technology standardized by the 3GPP as the successor to GSM.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a third-generation (3G) mobile phone technologies standardized by the 3GPP as the successor to GSM.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Universal Mobile Telecommunications System "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Universal Mobile Telecommunications System "}]}]},{"term":"Universal Naming Convention","link":"https://csrc.nist.gov/glossary/term/universal_naming_convention","abbrSyn":[{"text":"UNC","link":"https://csrc.nist.gov/glossary/term/unc"}],"definitions":null},{"term":"Universal Plug and Play","link":"https://csrc.nist.gov/glossary/term/universal_plug_and_play","abbrSyn":[{"text":"UPnP","link":"https://csrc.nist.gov/glossary/term/upnp"}],"definitions":null},{"term":"Universal Principal Name","link":"https://csrc.nist.gov/glossary/term/universal_principal_name","abbrSyn":[{"text":"UPN","link":"https://csrc.nist.gov/glossary/term/upn"}],"definitions":null},{"term":"Universal Resource Identifier","link":"https://csrc.nist.gov/glossary/term/universal_resource_identifier","abbrSyn":[{"text":"URI","link":"https://csrc.nist.gov/glossary/term/uri"}],"definitions":[{"text":"A uniform resource identifier, or URI, is a short string containing a name or address which refers to an object in the \"web.\"","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under URI "}]}]},{"term":"Universal Resource Locator","link":"https://csrc.nist.gov/glossary/term/universal_resource_locator","abbrSyn":[{"text":"URL","link":"https://csrc.nist.gov/glossary/term/url"}],"definitions":[{"text":"A uniform resource locator, or URL, is a short string containing an address which refers to an object in the \"web.\" URLs are a subset of URIs.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]","underTerm":" under URL "}]}]},{"term":"Universal Second Factor","link":"https://csrc.nist.gov/glossary/term/universal_second_factor","abbrSyn":[{"text":"U2F","link":"https://csrc.nist.gov/glossary/term/u2f"}],"definitions":null},{"term":"Universal Serial Bus (USB)","link":"https://csrc.nist.gov/glossary/term/universal_serial_bus","abbrSyn":[{"text":"USB","link":"https://csrc.nist.gov/glossary/term/usb"}],"definitions":[{"text":"A hardware interface for low-speed peripherals such as the keyboard, mouse, joystick, scanner, printer, and telephony devices.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"Type of standard cable, connector, and protocol for connecting computers, electronic devices, and power sources.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Universal Serial Bus "}]}]},{"term":"Universal Statistical Test","link":"https://csrc.nist.gov/glossary/term/universal_statistical_test","definitions":[{"text":"The purpose of the test is to detect whether or not the sequence can be significantly compressed without loss of information. A compressible sequence is considered to be non­ random.","sources":[{"text":"NISTIR 6390","link":"https://doi.org/10.6028/NIST.IR.6390"},{"text":"NISTIR 6483","link":"https://doi.org/10.6028/NIST.IR.6483"}]}]},{"term":"Universal Subscriber Identity Module","link":"https://csrc.nist.gov/glossary/term/universal_subscriber_identity_module","abbrSyn":[{"text":"USIM","link":"https://csrc.nist.gov/glossary/term/usim"}],"definitions":null},{"term":"Universally Unique Identifier","link":"https://csrc.nist.gov/glossary/term/universally_unique_identifier","abbrSyn":[{"text":"UUID","link":"https://csrc.nist.gov/glossary/term/uuid"}],"definitions":null},{"term":"University of Maryland","link":"https://csrc.nist.gov/glossary/term/university_of_maryland","abbrSyn":[{"text":"UMD","link":"https://csrc.nist.gov/glossary/term/umd"}],"definitions":null},{"term":"University of Texas-San Antonio","link":"https://csrc.nist.gov/glossary/term/university_of_texas_san_antonio","abbrSyn":[{"text":"UTSA","link":"https://csrc.nist.gov/glossary/term/utsa"}],"definitions":null},{"term":"UNIX Timesharing System","link":"https://csrc.nist.gov/glossary/term/unix_timesharing_system","abbrSyn":[{"text":"UTS","link":"https://csrc.nist.gov/glossary/term/uts"}],"definitions":null},{"term":"unkeyed","link":"https://csrc.nist.gov/glossary/term/unkeyed","definitions":[{"text":"COMSEC equipment containing no key or containing key that has been protected from unauthorized use by removing the cryptographic ignition key (CIK) or deactivating the personal identification number (PIN).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"unknown inclusion re-identification probability","link":"https://csrc.nist.gov/glossary/term/unknown_inclusion_re_identification_probability","abbrSyn":[{"text":"UIRP","link":"https://csrc.nist.gov/glossary/term/uirp"}],"definitions":null},{"term":"Unmanaged Device","link":"https://csrc.nist.gov/glossary/term/unmanaged_device","definitions":[{"text":"A device inside the assessment boundary that is either unauthorized or, if authorized, not assigned to a person to administer.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]},{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Unmanned Aerial Systems","link":"https://csrc.nist.gov/glossary/term/unmanned_aerial_systems","abbrSyn":[{"text":"UAS","link":"https://csrc.nist.gov/glossary/term/uas"}],"definitions":null},{"term":"Unmanned Aerial Vehicle","link":"https://csrc.nist.gov/glossary/term/unmanned_aerial_vehicle","abbrSyn":[{"text":"UAV","link":"https://csrc.nist.gov/glossary/term/uav"}],"definitions":null},{"term":"Unmanned Aircraft System","link":"https://csrc.nist.gov/glossary/term/unmanned_aircraft_system","abbrSyn":[{"text":"UAS","link":"https://csrc.nist.gov/glossary/term/uas"}],"definitions":null},{"term":"Unpredictable","link":"https://csrc.nist.gov/glossary/term/unpredictable","definitions":[{"text":"In the context of random bit generation, an output bit is unpredictable if an adversary has only a negligible advantage (that is, essentially not much better than chance) in predicting it correctly.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Unsigned Zone","link":"https://csrc.nist.gov/glossary/term/unsigned_zone","definitions":[{"text":"A zone that is not signed.","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"Unsolicited Commercial Email","link":"https://csrc.nist.gov/glossary/term/unsolicited_commercial_email","abbrSyn":[{"text":"UCE","link":"https://csrc.nist.gov/glossary/term/uce"}],"definitions":null},{"term":"Unspent Transaction Output","link":"https://csrc.nist.gov/glossary/term/unspent_transaction_output","abbrSyn":[{"text":"UTXO","link":"https://csrc.nist.gov/glossary/term/utxo"}],"definitions":null},{"term":"Unstructured Supplementary Service Data","link":"https://csrc.nist.gov/glossary/term/unstructured_supplementary_service_data","abbrSyn":[{"text":"USSD","link":"https://csrc.nist.gov/glossary/term/ussd"}],"definitions":null},{"term":"untrusted process","link":"https://csrc.nist.gov/glossary/term/untrusted_process","definitions":[{"text":"Process that has not been evaluated or examined for correctness and adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"unwrapping function","link":"https://csrc.nist.gov/glossary/term/unwrapping_function","definitions":[{"text":"The inverse of the wrapping function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"UOCAVA Systems","link":"https://csrc.nist.gov/glossary/term/uocava_systems","definitions":[{"text":"Information technology systems which support various aspects of the UOCAVA voting process?","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711"}]}]},{"term":"UOV","link":"https://csrc.nist.gov/glossary/term/uov","abbrSyn":[{"text":"Unbalanced Oil and Vinegar cryptosystem"},{"text":"Unbalanced Oil-Vinegar"},{"text":"Unbalanced Oil-Vinegar Digital Signature Scheme","link":"https://csrc.nist.gov/glossary/term/unbalanced_oil_vinegar_digital_signature_scheme"}],"definitions":null},{"term":"Update","link":"https://csrc.nist.gov/glossary/term/update","definitions":[{"text":"New, improved, or fixed software, which replaces older versions of the same software. For example, updating an operating system brings it up-to-date with the latest drivers, system utilities, and security software. The software publisher often provides updates free of charge.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Computer Hope","link":"https://www.computerhope.com/jargon"}]}]},{"text":"New, improved, or fixed software, which replaces older versions of the same software. For example, updating an OS brings it up-to-date with the latest drivers, system utilities, and security software. Updates are often provided by the software publisher free of charge.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","refSources":[{"text":"Computer Hope","link":"https://www.computerhope.com/jargon"}]}]},{"text":"A patch, upgrade, or other modification to code that corrects security and/or functionality problems in software.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","refSources":[{"text":"NIST SP 800-40 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-40r3","note":" - Derived"}]},{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","refSources":[{"text":"IoT Device Security Baseline Capabilities","link":"https://csde.org/wp-content/uploads/2019/09/CSDE_IoT-C2-Consensus-Report_FINAL.pdf"}]},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","refSources":[{"text":"NIST SP 800-40 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-40r3","note":" - Adapted"}]}]}]},{"term":"update (a certificate)","link":"https://csrc.nist.gov/glossary/term/update_a_certificate","definitions":[{"text":"2. The process of creating a new certificate with a new serial number that differs in one or more fields from the old certificate. The new certificate may have the same or different subject public key.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1300","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - adapted from \"modification\""}]}]},{"text":"1. The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32"}]}]},{"text":"The act or process by which data items bound in an existing public key certificate, especially authorizations granted to the subject, are changed by issuing a new certificate.","sources":[{"text":"NIST SP 800-32","link":"https://doi.org/10.6028/NIST.SP.800-32","note":" [Withdrawn]","underTerm":" under Update (a certificate) "}]}]},{"term":"update (a key)","link":"https://csrc.nist.gov/glossary/term/update_a_key","definitions":[{"text":"Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]}]},{"term":"Update Server","link":"https://csrc.nist.gov/glossary/term/update_server","definitions":[{"text":"A server that provides patches and other software updates to IoT devices.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]},{"text":"A server that provides patches and other software updates to Internet of Things devices.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"Upgrade Management System","link":"https://csrc.nist.gov/glossary/term/upgrade_management_system","definitions":[{"text":"The hardware and software used to communicate and manage the Upgrade Process. The Upgrade Management System may be included in the Network Management System.","sources":[{"text":"NISTIR 7823","link":"https://doi.org/10.6028/NIST.IR.7823","refSources":[{"text":"SG-AMI 1-2009"}]}]}]},{"term":"Upgrading","link":"https://csrc.nist.gov/glossary/term/upgrading","definitions":[{"text":"An authorized increase in the level of protection to be provided to specified information, e.g., from a Low impact-level to a Moderate impact-level.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"UPI","link":"https://csrc.nist.gov/glossary/term/upi","abbrSyn":[{"text":"UniCERT Programmatic Interface","link":"https://csrc.nist.gov/glossary/term/unicert_programmatic_interface"}],"definitions":null},{"term":"uplink","link":"https://csrc.nist.gov/glossary/term/uplink","definitions":[{"text":"Communication that originates from the ground to the satellite.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"UPN","link":"https://csrc.nist.gov/glossary/term/upn","abbrSyn":[{"text":"Universal Principal Name","link":"https://csrc.nist.gov/glossary/term/universal_principal_name"},{"text":"User Principal Name","link":"https://csrc.nist.gov/glossary/term/user_principal_name"}],"definitions":[{"text":"In Windows Active Directory, this is the name of a system user in email address format, i.e., a concatenation of username, the “@” symbol, and domain name.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under User Principal Name "},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under User Principal Name "},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under User Principal Name "}]}]},{"term":"UPnP","link":"https://csrc.nist.gov/glossary/term/upnp","abbrSyn":[{"text":"Universal Plug and Play","link":"https://csrc.nist.gov/glossary/term/universal_plug_and_play"}],"definitions":null},{"term":"UPS","link":"https://csrc.nist.gov/glossary/term/ups","abbrSyn":[{"text":"Uninterruptable Power Supply"},{"text":"Uninterruptible Power Supply","link":"https://csrc.nist.gov/glossary/term/uninterruptible_power_supply"}],"definitions":[{"text":"A device with an internal battery that allows connected devices to run for at least a short time when the primary power source is lost.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Uninterruptible Power Supply "}]}]},{"term":"URI","link":"https://csrc.nist.gov/glossary/term/uri","abbrSyn":[{"text":"Uniform Resource Identifier","link":"https://csrc.nist.gov/glossary/term/uniform_resource_identifier"},{"text":"Uniform Resource Indicator"},{"text":"Universal Resource Identifier","link":"https://csrc.nist.gov/glossary/term/universal_resource_identifier"}],"definitions":[{"text":"A uniform resource identifier, or URI, is a short string containing a name or address which refers to an object in the \"web.\"","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]},{"text":"A compact sequence of characters that identifies an abstract or physical resource available on the Internet. The syntax used for URIs is defined in.","sources":[{"text":"NISTIR 7695","link":"https://doi.org/10.6028/NIST.IR.7695","underTerm":" under Uniform Resource Identifier ","refSources":[{"text":"RFC 3986","link":"https://doi.org/10.17487/RFC3986"}]}]}]},{"term":"URL","link":"https://csrc.nist.gov/glossary/term/url","abbrSyn":[{"text":"Uniform Resource Locator","link":"https://csrc.nist.gov/glossary/term/uniform_resource_locator"},{"text":"Universal Resource Locator","link":"https://csrc.nist.gov/glossary/term/universal_resource_locator"},{"text":"Universal Resource Locators"}],"definitions":[{"text":"A uniform resource locator, or URL, is a short string containing an address which refers to an object in the \"web.\" URLs are a subset of URIs.","sources":[{"text":"NIST SP 800-15","link":"https://doi.org/10.6028/NIST.SP.800-15","note":" [Withdrawn]"}]}]},{"term":"URN","link":"https://csrc.nist.gov/glossary/term/urn","abbrSyn":[{"text":"Uniform Resource Name","link":"https://csrc.nist.gov/glossary/term/uniform_resource_name"}],"definitions":null},{"term":"uRPF","link":"https://csrc.nist.gov/glossary/term/urpf","abbrSyn":[{"text":"Unicast Reverse Path Forwarding","link":"https://csrc.nist.gov/glossary/term/unicast_reverse_path_forwarding"}],"definitions":null},{"term":"Usability","link":"https://csrc.nist.gov/glossary/term/usability","definitions":[{"text":"Per ISO/IEC 9241-11: Extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"ISO/IEC 9241-11"}]}]},{"text":"Extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","refSources":[{"text":"ISO/IEC 9241-11"}]}]},{"text":"The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","refSources":[{"text":"ISO 9241-11:1998"}]}]}]},{"term":"USB","link":"https://csrc.nist.gov/glossary/term/usb","abbrSyn":[{"text":"Universal Serial Bus"}],"definitions":[{"text":"Type of standard cable, connector, and protocol for connecting computers, electronic devices, and power sources.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Universal Serial Bus "}]}]},{"term":"USC","link":"https://csrc.nist.gov/glossary/term/usc","abbrSyn":[{"text":"United States Code","link":"https://csrc.nist.gov/glossary/term/united_states_code"}],"definitions":null},{"term":"USCIS","link":"https://csrc.nist.gov/glossary/term/uscis","abbrSyn":[{"text":"United States Citizenship and Immigration Services","link":"https://csrc.nist.gov/glossary/term/united_states_citizenship_and_immigration_services"}],"definitions":null},{"term":"USDA","link":"https://csrc.nist.gov/glossary/term/usda","abbrSyn":[{"text":"United States Department of Agriculture","link":"https://csrc.nist.gov/glossary/term/united_states_department_of_agriculture"}],"definitions":null},{"term":"user","link":"https://csrc.nist.gov/glossary/term/user","abbrSyn":[{"text":"Entity"},{"text":"Information System User","link":"https://csrc.nist.gov/glossary/term/information_system_user"}],"definitions":[{"text":"A person, team, or organization that accesses or otherwise uses an OLIR.","sources":[{"text":"NIST IR 8278r1","link":"https://doi.org/10.6028/NIST.IR.8278r1","underTerm":" under User "},{"text":"NIST IR 8278Ar1","link":"https://doi.org/10.6028/NIST.IR.8278Ar1","underTerm":" under User "}]},{"text":"A person or entity with authorized access.","sources":[{"text":"NIST SP 800-66r2","link":"https://doi.org/10.6028/NIST.SP.800-66r2","refSources":[{"text":"HIPAA Security Rule","link":"https://www.govinfo.gov/app/details/FR-2003-02-20/03-3877","note":" - §164.304"}]}]},{"text":"Individual or (system) process authorized to access an information system.","sources":[{"text":"FIPS 200","link":"https://doi.org/10.6028/NIST.FIPS.200","underTerm":" under USER ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under User ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"A person or entity with authorized access.","sources":[{"text":"NIST SP 800-66 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-66r1","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"45 C.F.R., Sec. 164.304","link":"https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=&SID=d0084b439c9af380fae6d8eb9bf43a34&mc=true&n=pt45.1.164&r=PART&ty=HTML"}]}]},{"text":"2. An individual who is required to use COMSEC material in the performance of his/her official duties and who is responsible for safeguarding that COMSEC material. See hand receipt holder and local element.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system.\nSee Organizational User and Non-Organizational User.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access a system.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"},{"text":"NIST SP 800-172A","link":"https://doi.org/10.6028/NIST.SP.800-172A","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system. \nSee Organizational User and Non-Organizational User.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under User ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]},{"text":"1. Individual, or (system) process acting on behalf of an individual, authorized to access an information system.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4"}]}]},{"text":"An individual (person), organization, device or process. Used interchangeably with “party”.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Entity "},{"text":"NIST SP 800-133","link":"https://doi.org/10.6028/NIST.SP.800-133","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device or a combination thereof. “Party” is a synonym. In this Recommendation, an entity may be a functional unit that executes certain processes.","sources":[{"text":"NIST SP 800-108","link":"https://doi.org/10.6028/NIST.SP.800-108","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"See Information System User","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under User "}]},{"text":"The term user refers to an individual, group, host, domain, trusted communication channel, network address/port, another netwoik, a remote system (e.g., operations system), or a process (e.g., service or program) that accesses the network, or is accessed by it, including any entity that accesses a network support entity to perform OAM&Prelated tasks. Regardless of their role, users must be required to successfully pass an identification and authentication (I&A) mechanism. For example, I&A would be required for a security or system administrator. For customers, I&A could be required for billing purposes.\nFor some services (e.g.. Emergency Services) a customer may not need to be authenticated by the system.","sources":[{"text":"NIST SP 800-13","link":"https://doi.org/10.6028/NIST.SP.800-13","note":" [Withdrawn]","underTerm":" under User "}]},{"text":"An individual (person), organization, device, or process.","sources":[{"text":"NIST SP 800-175B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-175Br1","underTerm":" under Entity "}]},{"text":"An FCKMS role that utilizes the key-management services offered by an FCKMS service provider.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under User "}]},{"text":"An individual (person), organization, device, or process. “Party” is a synonym.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Entity "},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"An individual (person), organization, device or process.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under Entity "},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under Entity "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under Entity "}]},{"text":"A human (person/individual/user), organization, device or process.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under Entity "}]},{"text":"See Entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under User "},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under User "}]},{"text":"A human entity.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1","underTerm":" under User "}]},{"text":"An individual (person), organization, device or process. Used interchangeably with “party.”","sources":[{"text":"NIST SP 800-133 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-133r1","note":" [Superseded]","underTerm":" under Entity "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Entity "}]},{"text":"See system user.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]},{"text":"Individual, or (system) process acting on behalf of an individual, authorized to access an information system.\n[Note: With respect to SecCM, an information system user is an individual who uses the information system functions, initiates change requests, and assists with functional testing.]","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Information System User ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"An individual (person). Also see Entity.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under User "}]},{"text":"An individual (person), organization, device, or process; used interchangeably with “party.”","sources":[{"text":"NIST SP 800-133 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-133r2","underTerm":" under Entity "}]},{"text":"See organizational user and non-organizational user.","sources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Person who interacts with the product.","sources":[{"text":"NISTIR 8040","link":"https://doi.org/10.6028/NIST.IR.8040","underTerm":" under User ","refSources":[{"text":"ISO 9241-11:1998"}]}]},{"text":"A person, organization, or other entity which requests access to and uses the resources of a computer system or network.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734","underTerm":" under User "}]},{"text":"The entity, human or machine, that is identified by the userID, authenticated prior to system access, the subject of all access control decisions, and held accountable via the audit reporting system.","sources":[{"text":"NISTIR 5153","link":"https://doi.org/10.6028/NIST.IR.5153","underTerm":" under User "}]},{"text":"the set of people, both trusted (e.g., administrators) and untrusted, who use the system.","sources":[{"text":"NISTIR 6192","link":"https://doi.org/10.6028/NIST.IR.6192","underTerm":" under User "}]},{"text":"A consumer of the services offered by an RP.","sources":[{"text":"NISTIR 8149","link":"https://doi.org/10.6028/NIST.IR.8149","underTerm":" under User "}]},{"text":"A person, device, service, network, domain, manufacturer, or other party who might interact with an IoT device.","sources":[{"text":"NISTIR 8259A","link":"https://doi.org/10.6028/NIST.IR.8259A","underTerm":" under Entity "},{"text":"NISTIR 8259B","link":"https://doi.org/10.6028/NIST.IR.8259B","underTerm":" under Entity "},{"text":"NIST SP 800-213","link":"https://doi.org/10.6028/NIST.SP.800-213","underTerm":" under Entity "}]},{"text":"A person, team, or organization that accesses or otherwise uses an Online Informative Reference.","sources":[{"text":"NISTIR 8278","link":"https://doi.org/10.6028/NIST.IR.8278","underTerm":" under User "},{"text":"NISTIR 8278A","link":"https://doi.org/10.6028/NIST.IR.8278A","underTerm":" under User "}]},{"text":"Individual or group that interacts with a system or benefits from a system during its utilization.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO/IEC 25010"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC 25010:2011"}]}]}],"seeAlso":[{"text":"Non-Organizational User"},{"text":"Organizational User"}]},{"term":"User Access Control","link":"https://csrc.nist.gov/glossary/term/user_access_control","abbrSyn":[{"text":"UAC","link":"https://csrc.nist.gov/glossary/term/uac"}],"definitions":null},{"term":"user activity monitoring","link":"https://csrc.nist.gov/glossary/term/user_activity_monitoring","definitions":[{"text":"The technical capability to observe and record the actions and activities of an individual, at any time, on any device accessing U.S. Government information in order to detect insider threat and to support authorized investigations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSD No. 504","link":"https://www.cnss.gov/CNSS/issuances/Directives.cfm"}]}]}]},{"term":"User Agent","link":"https://csrc.nist.gov/glossary/term/user_agent","abbrSyn":[{"text":"UA","link":"https://csrc.nist.gov/glossary/term/ua"}],"definitions":null},{"term":"user agreement","link":"https://csrc.nist.gov/glossary/term/user_agreement","definitions":[{"text":"A user-based agreement that is similar to rules of behavior. It specifies user responsibilities when exchanging information or accessing information or systems that contain the exchanged information. Also known as access agreement or acceptable use agreement.","sources":[{"text":"NIST SP 800-47 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-47r1"}]}]},{"term":"User and Entity Behavior Analytics","link":"https://csrc.nist.gov/glossary/term/user_and_entity_behavior_analytics","abbrSyn":[{"text":"UEBA","link":"https://csrc.nist.gov/glossary/term/ueba"}],"definitions":null},{"term":"User Applications Software","link":"https://csrc.nist.gov/glossary/term/user_applications_software","abbrSyn":[{"text":"UAS","link":"https://csrc.nist.gov/glossary/term/uas"}],"definitions":null},{"term":"User Configuration Set","link":"https://csrc.nist.gov/glossary/term/user_configuration_set","abbrSyn":[{"text":"UCS","link":"https://csrc.nist.gov/glossary/term/ucs"}],"definitions":null},{"term":"User Datagram Protocol","link":"https://csrc.nist.gov/glossary/term/user_datagram_protocol","abbrSyn":[{"text":"UDP","link":"https://csrc.nist.gov/glossary/term/udp"}],"definitions":null},{"term":"User Equipment","link":"https://csrc.nist.gov/glossary/term/user_equipment","abbrSyn":[{"text":"UE","link":"https://csrc.nist.gov/glossary/term/ue"}],"definitions":null},{"term":"User Execute Never","link":"https://csrc.nist.gov/glossary/term/user_execute_never","abbrSyn":[{"text":"UXN","link":"https://csrc.nist.gov/glossary/term/uxn"}],"definitions":null},{"term":"user ID","link":"https://csrc.nist.gov/glossary/term/user_id","definitions":[{"text":"Unique symbol or character string used by an information system to identify a specific user.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"User interface","link":"https://csrc.nist.gov/glossary/term/user_interface","abbrSyn":[{"text":"UI","link":"https://csrc.nist.gov/glossary/term/ui"}],"definitions":[{"text":"The physical or logical means by which users interact with a system, device or process.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"term":"User Interface System","link":"https://csrc.nist.gov/glossary/term/user_interface_system","abbrSyn":[{"text":"UIS","link":"https://csrc.nist.gov/glossary/term/uis"}],"definitions":null},{"term":"user interface/user experience","link":"https://csrc.nist.gov/glossary/term/user_interface_user_experience","abbrSyn":[{"text":"UI/UX","link":"https://csrc.nist.gov/glossary/term/ui_ux"}],"definitions":null},{"term":"User Key","link":"https://csrc.nist.gov/glossary/term/user_key","definitions":[{"text":"A key that is used for granting access to a user account via the SSH protocol  (as opposed to a host key, which does not grant access to anything but serves to authenticate a host). Both authorized keys and identity keys are user keys. A user key is the equivalent of an access token.","sources":[{"text":"NISTIR 7966","link":"https://doi.org/10.6028/NIST.IR.7966"}]}]},{"term":"User Principal Name","link":"https://csrc.nist.gov/glossary/term/user_principal_name","abbrSyn":[{"text":"UPN","link":"https://csrc.nist.gov/glossary/term/upn"}],"definitions":[{"text":"In Windows Active Directory, this is the name of a system user in email address format, i.e., a concatenation of username, the “@” symbol, and domain name.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"user representative (COMSEC)","link":"https://csrc.nist.gov/glossary/term/user_representative_comsec","definitions":[{"text":"The key management entity (KME) authorized by an organization and registered by the Central Facility Finksburg (CFFB) to order asymmetric key (including secure data network system (SDNS) key and message signature key (MSK)).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - Adapted"}]}]}]},{"term":"user representative (risk management)","link":"https://csrc.nist.gov/glossary/term/user_representative_risk_management","definitions":[{"text":"The person that defines the system’s operational and functional requirements, and who is responsible for ensuring that user operational interests are met throughout the systems authorization process.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"USG","link":"https://csrc.nist.gov/glossary/term/usg","abbrSyn":[{"text":"U.S. Government","link":"https://csrc.nist.gov/glossary/term/us_government"},{"text":"United States Government","link":"https://csrc.nist.gov/glossary/term/united_states_government"}],"definitions":null},{"term":"USG FRP","link":"https://csrc.nist.gov/glossary/term/usg_frp","abbrSyn":[{"text":"U.S. Government Federal Radionavigation Plan","link":"https://csrc.nist.gov/glossary/term/us_government_federal_radionavigation_plan"}],"definitions":null},{"term":"USGCB","link":"https://csrc.nist.gov/glossary/term/usgcb","abbrSyn":[{"text":"U.S. Government Configuration Baseline","link":"https://csrc.nist.gov/glossary/term/us_government_configuration_baseline"},{"text":"United States Government Configuration Baseline"}],"definitions":null},{"term":"USIM","link":"https://csrc.nist.gov/glossary/term/usim","abbrSyn":[{"text":"UMTS Subscriber Identity Module"},{"text":"Universal Subscriber Identity Module","link":"https://csrc.nist.gov/glossary/term/universal_subscriber_identity_module"}],"definitions":[{"text":"A module similar to the SIM in GSM/GPRS networks, but with additional capabilities suited to 3G networks.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under UMTS Subscriber Identity Module "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under UMTS Subscriber Identity Module "}]}]},{"term":"USNO","link":"https://csrc.nist.gov/glossary/term/usno","abbrSyn":[{"text":"United States Naval Observatory","link":"https://csrc.nist.gov/glossary/term/united_states_naval_observatory"}],"definitions":null},{"term":"USSD","link":"https://csrc.nist.gov/glossary/term/ussd","abbrSyn":[{"text":"Unstructured Supplementary Service Data","link":"https://csrc.nist.gov/glossary/term/unstructured_supplementary_service_data"}],"definitions":null},{"term":"UTC","link":"https://csrc.nist.gov/glossary/term/utc","abbrSyn":[{"text":"Coordinate Universal Time"},{"text":"Coordinated Universal Time","link":"https://csrc.nist.gov/glossary/term/coordinated_universal_time"},{"text":"Utilities Telecom Council","link":"https://csrc.nist.gov/glossary/term/utilities_telecom_council"}],"definitions":null},{"term":"Utilities Telecom Council","link":"https://csrc.nist.gov/glossary/term/utilities_telecom_council","abbrSyn":[{"text":"UTC","link":"https://csrc.nist.gov/glossary/term/utc"}],"definitions":null},{"term":"UTM","link":"https://csrc.nist.gov/glossary/term/utm","abbrSyn":[{"text":"Unified Threat Management","link":"https://csrc.nist.gov/glossary/term/unified_threat_management"}],"definitions":null},{"term":"UTS","link":"https://csrc.nist.gov/glossary/term/uts","abbrSyn":[{"text":"UNIX Timesharing System","link":"https://csrc.nist.gov/glossary/term/unix_timesharing_system"}],"definitions":null},{"term":"UTSA","link":"https://csrc.nist.gov/glossary/term/utsa","abbrSyn":[{"text":"University of Texas-San Antonio","link":"https://csrc.nist.gov/glossary/term/university_of_texas_san_antonio"}],"definitions":null},{"term":"UTXO","link":"https://csrc.nist.gov/glossary/term/utxo","abbrSyn":[{"text":"Unspent Transaction Output","link":"https://csrc.nist.gov/glossary/term/unspent_transaction_output"}],"definitions":null},{"term":"Uu","link":"https://csrc.nist.gov/glossary/term/uu","abbrSyn":[{"text":"LTE air interface","link":"https://csrc.nist.gov/glossary/term/lte_air_interface"}],"definitions":null},{"term":"UUID","link":"https://csrc.nist.gov/glossary/term/uuid","abbrSyn":[{"text":"Universally Unique Identifier","link":"https://csrc.nist.gov/glossary/term/universally_unique_identifier"}],"definitions":null},{"term":"UV","link":"https://csrc.nist.gov/glossary/term/uv","abbrSyn":[{"text":"Ultraviolet","link":"https://csrc.nist.gov/glossary/term/ultraviolet"}],"definitions":null},{"term":"UWB","link":"https://csrc.nist.gov/glossary/term/uwb","abbrSyn":[{"text":"Ultra Wideband","link":"https://csrc.nist.gov/glossary/term/ultra_wideband"},{"text":"Ultrawideband","link":"https://csrc.nist.gov/glossary/term/ultrawideband"},{"text":"Ultra-Wideband"}],"definitions":null},{"term":"UXN","link":"https://csrc.nist.gov/glossary/term/uxn","abbrSyn":[{"text":"User Execute Never","link":"https://csrc.nist.gov/glossary/term/user_execute_never"}],"definitions":null},{"term":"V","link":"https://csrc.nist.gov/glossary/term/v","definitions":[{"text":"Another party in a key-establishment scheme.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"},{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]"}]}]},{"term":"V2G","link":"https://csrc.nist.gov/glossary/term/v2g","abbrSyn":[{"text":"Vehicle-To-Grid","link":"https://csrc.nist.gov/glossary/term/vehicle_to_grid"}],"definitions":null},{"term":"VA","link":"https://csrc.nist.gov/glossary/term/va","abbrSyn":[{"text":"Department of Veterans Affairs","link":"https://csrc.nist.gov/glossary/term/department_of_veterans_affairs"}],"definitions":null},{"term":"Valid Data Element","link":"https://csrc.nist.gov/glossary/term/valid_data_element","definitions":[{"text":"A payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function.","sources":[{"text":"NIST SP 800-38C","link":"https://doi.org/10.6028/NIST.SP.800-38C"}]}]},{"term":"valid length","link":"https://csrc.nist.gov/glossary/term/valid_length","definitions":[{"text":"A length for a plaintext or ciphertext input that is allowed for an implementation of the authenticated-encryption function or the authenticated-decryption function.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Validate","link":"https://csrc.nist.gov/glossary/term/validate","definitions":[{"text":"The step in the media sanitization process flowchart which involves testing the media to ensure the information cannot be read.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Validated ROA Payload","link":"https://csrc.nist.gov/glossary/term/validated_roa_payload","abbrSyn":[{"text":"VRP","link":"https://csrc.nist.gov/glossary/term/vrp"}],"definitions":[{"text":"Validated ROA Payload contains {prefix, max length, origin AS} information from an X.509 validated ROA.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060"}]}]},{"term":"Validating Cache","link":"https://csrc.nist.gov/glossary/term/validating_cache","abbrSyn":[{"text":"VC","link":"https://csrc.nist.gov/glossary/term/vc"}],"definitions":null},{"term":"validation","link":"https://csrc.nist.gov/glossary/term/validation","definitions":[{"text":"Confirmation (through the provision of strong, sound, and objective evidence and demonstration) that requirements for a specific intended use or application have been fulfilled and that the system, while in use, fulfills its mission or business objectives while being able to provide adequate protection for stakeholder and mission or business assets, minimize or contain asset loss and associated consequences, and achieve its intended use in its intended operational environment with the desired level of trustworthiness.","sources":[{"text":"NIST IR 8401","link":"https://doi.org/10.6028/NIST.IR.8401","refSources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","note":" - adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - (§3.4.11), adapted"}]}]},{"text":"Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled (e.g., a trustworthy credential has been presented, or data or information has been formatted in accordance with a defined set of rules, or a specific process has demonstrated that an entity under consideration meets, in all respects, its defined attributes or requirements).","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-12 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-12r1","underTerm":" under Validation ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled.","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Validation ","refSources":[{"text":"ISO 9000"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Validation ","refSources":[{"text":"ISO 9000"}]}]},{"text":"The process of determining that an object or process is acceptable according to a pre-defined set of tests and the results of those tests.","sources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152","underTerm":" under Validation "},{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Validation ","refSources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Validation ","refSources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16","underTerm":" under Validation ","refSources":[{"text":"NIST SP 800-152","link":"https://doi.org/10.6028/NIST.SP.800-152"}]}]},{"text":"Confirmation (through the provision of strong, sound, and objective evidence and demonstration) that requirements for a specific intended use or application have been fulfilled and that the system, while in use, fulfills its mission or business objectives while being able to provide adequate protection for stakeholder and mission or business assets, minimize or contain asset loss and associated consequences, and achieve its intended use in its intended operational environment with the desired level of trustworthiness.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Validation ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - §3.4.11, Adapted"}]}]},{"text":"The process of demonstrating that the system under consideration meets in all respects the specification of that system.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Validation ","refSources":[{"text":"INCITS/M1-040211","link":"https://standards.incits.org/a/public/group/m1"}]}]},{"text":"Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.","sources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"ISO 9000"}]},{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]},{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO 9000:2015","link":"https://www.iso.org/standard/45481.html"}]}]}]},{"term":"Validation and ID Protection","link":"https://csrc.nist.gov/glossary/term/validation_and_id_protection","abbrSyn":[{"text":"VIP","link":"https://csrc.nist.gov/glossary/term/vip"}],"definitions":null},{"term":"validation model","link":"https://csrc.nist.gov/glossary/term/validation_model","definitions":[{"text":"The synthetic data user is provided with some statistics computed directly on the confidential data using the same statistical formulas that were applied to the synthetic data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"Validator","link":"https://csrc.nist.gov/glossary/term/validator","definitions":[{"text":"A component that validates DNSSEC signatures. Usually not a separate component but part of a DNSSEC-aware recursive server (sometimes referred to as a validating resolver or validating recursive server).","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}]},{"term":"Validity period","link":"https://csrc.nist.gov/glossary/term/validity_period","definitions":[{"text":"The period of time during which a certificate is intended to be valid; the period of time between the start date and time and end date and time in a certificate.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"Value","link":"https://csrc.nist.gov/glossary/term/value","definitions":[{"text":"A named data value that can be substituted into other items’ properties or into checks.","sources":[{"text":"NISTIR 7275 Rev. 4","link":"https://csrc.nist.gov/publications/detail/nistir/7275/rev-4/final"}]}]},{"term":"Value String","link":"https://csrc.nist.gov/glossary/term/value_string","definitions":[{"text":"A value assigned to an attribute of a WFN. It must be a non-empty contiguous string of bytes encoded using printable Unicode Transformation Format-8 (UTF-8) characters with hexadecimal values between x00 and x7F.","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"Value-Added Reseller","link":"https://csrc.nist.gov/glossary/term/value_added_reseller","abbrSyn":[{"text":"VAR","link":"https://csrc.nist.gov/glossary/term/var"}],"definitions":null},{"term":"VAR","link":"https://csrc.nist.gov/glossary/term/var","abbrSyn":[{"text":"Value-Added Reseller","link":"https://csrc.nist.gov/glossary/term/value_added_reseller"}],"definitions":null},{"term":"variable","link":"https://csrc.nist.gov/glossary/term/variable","definitions":[{"text":"A logical entity that holds a single value.","sources":[{"text":"NISTIR 7692","link":"https://doi.org/10.6028/NIST.IR.7692"}]}]},{"term":"Variable Air Volume","link":"https://csrc.nist.gov/glossary/term/variable_air_volume","abbrSyn":[{"text":"VAV","link":"https://csrc.nist.gov/glossary/term/vav"}],"definitions":null},{"term":"Variable-value configuration","link":"https://csrc.nist.gov/glossary/term/variable_value_configuration","definitions":[{"text":"For a set of t variables, a variable-value configuration is a set of t valid values, one for each of the variables.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"Variable-value configuration coverage","link":"https://csrc.nist.gov/glossary/term/variable_value_configuration_coverage","definitions":[{"text":"For a given combination of t variables, variable-value configuration coverage is the proportion of variable-value configurations that are covered by at least one test case in a test set.","sources":[{"text":"NISTIR 7878","link":"https://doi.org/10.6028/NIST.IR.7878"}]}]},{"term":"variant","link":"https://csrc.nist.gov/glossary/term/variant","definitions":[{"text":"One of two or more code symbols having the same plain text equivalent.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"VAV","link":"https://csrc.nist.gov/glossary/term/vav","abbrSyn":[{"text":"Variable Air Volume","link":"https://csrc.nist.gov/glossary/term/variable_air_volume"}],"definitions":null},{"term":"VB","link":"https://csrc.nist.gov/glossary/term/vb","abbrSyn":[{"text":"Visual Basic","link":"https://csrc.nist.gov/glossary/term/visual_basic"}],"definitions":null},{"term":"VB.NET","link":"https://csrc.nist.gov/glossary/term/vb_net","abbrSyn":[{"text":"Visual Basic for .Net"},{"text":"Visual Basic.NET","link":"https://csrc.nist.gov/glossary/term/visual_basic_net"}],"definitions":null},{"term":"VBA","link":"https://csrc.nist.gov/glossary/term/vba","abbrSyn":[{"text":"Visual Basic for Application"},{"text":"Visual Basic for Applications","link":"https://csrc.nist.gov/glossary/term/visual_basic_for_applications"}],"definitions":null},{"term":"VBScript","link":"https://csrc.nist.gov/glossary/term/vbscript","abbrSyn":[{"text":"Visual Basic Script","link":"https://csrc.nist.gov/glossary/term/visual_basic_script"}],"definitions":null},{"term":"VC","link":"https://csrc.nist.gov/glossary/term/vc","abbrSyn":[{"text":"Validating Cache","link":"https://csrc.nist.gov/glossary/term/validating_cache"}],"definitions":null},{"term":"Vcc","link":"https://csrc.nist.gov/glossary/term/vcc","abbrSyn":[{"text":"Voltage at the Common Collector","link":"https://csrc.nist.gov/glossary/term/voltage_at_the_common_collector"}],"definitions":null},{"term":"vCenter Server","link":"https://csrc.nist.gov/glossary/term/vcenter_server","abbrSyn":[{"text":"vCS","link":"https://csrc.nist.gov/glossary/term/vcs"}],"definitions":null},{"term":"VCI","link":"https://csrc.nist.gov/glossary/term/vci","abbrSyn":[{"text":"Virtual Contact Interface","link":"https://csrc.nist.gov/glossary/term/virtual_contact_interface"}],"definitions":null},{"term":"vCPU","link":"https://csrc.nist.gov/glossary/term/vcpu","abbrSyn":[{"text":"Virtual Central Processing Unit","link":"https://csrc.nist.gov/glossary/term/virtual_central_processing_unit"}],"definitions":null},{"term":"vCS","link":"https://csrc.nist.gov/glossary/term/vcs","abbrSyn":[{"text":"vCenter Server","link":"https://csrc.nist.gov/glossary/term/vcenter_server"}],"definitions":null},{"term":"VCU","link":"https://csrc.nist.gov/glossary/term/vcu","abbrSyn":[{"text":"Vehicle Control Unit","link":"https://csrc.nist.gov/glossary/term/vehicle_control_unit"}],"definitions":null},{"term":"VDI","link":"https://csrc.nist.gov/glossary/term/vdi","abbrSyn":[{"text":"Virtual Desktop Infrastructure","link":"https://csrc.nist.gov/glossary/term/virtual_desktop_infrastructure"},{"text":"Virtual Desktop Interface","link":"https://csrc.nist.gov/glossary/term/virtual_desktop_interface"}],"definitions":null},{"term":"VDP","link":"https://csrc.nist.gov/glossary/term/vdp","abbrSyn":[{"text":"Vulnerability Disclosure Policy","link":"https://csrc.nist.gov/glossary/term/vulnerability_disclosure_policy"}],"definitions":null},{"term":"VDPO","link":"https://csrc.nist.gov/glossary/term/vdpo","abbrSyn":[{"text":"Vulnerability Disclosure Program Office","link":"https://csrc.nist.gov/glossary/term/vulnerability_disclosure_program_office"}],"definitions":[{"text":"The entity with which an agency coordinates internally to resolve reported vulnerabilities.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216","underTerm":" under Vulnerability Disclosure Program Office "}]}]},{"term":"VDS","link":"https://csrc.nist.gov/glossary/term/vds","abbrSyn":[{"text":"Virtual Distributed Switch","link":"https://csrc.nist.gov/glossary/term/virtual_distributed_switch"},{"text":"vSphere Distributed Switch","link":"https://csrc.nist.gov/glossary/term/vsphere_distributed_switch"}],"definitions":null},{"term":"vehicle","link":"https://csrc.nist.gov/glossary/term/vehicle","definitions":[{"text":"Space operational items that include the launching items used to place the satellite, bus, and/or payload into orbit.","sources":[{"text":"NIST IR 8270","link":"https://doi.org/10.6028/NIST.IR.8270"}]}]},{"term":"Vehicle Control Unit","link":"https://csrc.nist.gov/glossary/term/vehicle_control_unit","abbrSyn":[{"text":"VCU","link":"https://csrc.nist.gov/glossary/term/vcu"}],"definitions":null},{"term":"Vehicle-To-Grid","link":"https://csrc.nist.gov/glossary/term/vehicle_to_grid","abbrSyn":[{"text":"V2G","link":"https://csrc.nist.gov/glossary/term/v2g"}],"definitions":null},{"term":"Vendor","link":"https://csrc.nist.gov/glossary/term/vendor","definitions":[{"text":"A commercial supplier of software or hardware.","sources":[{"text":"NISTIR 4734","link":"https://doi.org/10.6028/NIST.IR.4734"}]}]},{"term":"Vendor Evidence","link":"https://csrc.nist.gov/glossary/term/vendor_evidence","abbrSyn":[{"text":"VE","link":"https://csrc.nist.gov/glossary/term/ve"}],"definitions":null},{"term":"Vendor Neutral Archive","link":"https://csrc.nist.gov/glossary/term/vendor_neutral_archive","abbrSyn":[{"text":"VNA","link":"https://csrc.nist.gov/glossary/term/vna"}],"definitions":null},{"term":"Veraison","link":"https://csrc.nist.gov/glossary/term/veraison","abbrSyn":[{"text":"VERificAtIon of atteStatiON","link":"https://csrc.nist.gov/glossary/term/verification_of_attestation"}],"definitions":null},{"term":"verification model","link":"https://csrc.nist.gov/glossary/term/verification_model","definitions":[{"text":"The synthetic data user is provided with statistics that measure the similarity of the synthetic data result to the same output computed from the confidential data.","sources":[{"text":"NIST SP 800-188","link":"https://doi.org/10.6028/NIST.SP.800-188"}]}]},{"term":"VERificAtIon of atteStatiON","link":"https://csrc.nist.gov/glossary/term/verification_of_attestation","abbrSyn":[{"text":"Veraison","link":"https://csrc.nist.gov/glossary/term/veraison"}],"definitions":null},{"term":"verifier","link":"https://csrc.nist.gov/glossary/term/verifier","definitions":[{"text":"An entity that verifies the claimant’s identity by verifying the claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2"}]}]},{"text":"The entity that verifies the authenticity of a digital signature using the public key.","sources":[{"text":"NIST SP 800-102","link":"https://doi.org/10.6028/NIST.SP.800-102","underTerm":" under Verifier "},{"text":"NIST SP 800-89","link":"https://doi.org/10.6028/NIST.SP.800-89","underTerm":" under Verifier "},{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Verifier "}]},{"text":"The Bluetooth device that validates the identity of the claimant during the Bluetooth connection process.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2","underTerm":" under Verifier "},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]","underTerm":" under Verifier "}]},{"text":"An entity that verifies the claimant’s identity by verifying the claimant’s possession and control of one or two authenticators using an authentication protocol. To do this, the verifier may also need to validate credentials that link the authenticator(s) to the subscriber’s identifier and check their status.","sources":[{"text":"NIST SP 1800-17b","link":"https://doi.org/10.6028/NIST.SP.1800-17","underTerm":" under Verifier "},{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Verifier "}]},{"text":"The party trying to assess the authenticity of an identity","sources":[{"text":"NISTIR 7682","link":"https://doi.org/10.6028/NIST.IR.7682","underTerm":" under Verifier "}]},{"text":"An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Verifier "}]}]},{"term":"Verifier Impersonation","link":"https://csrc.nist.gov/glossary/term/verifier_impersonation","definitions":[{"text":"A scenario where the attacker impersonates the verifier in an authentication protocol, usually to capture information that can be used to masquerade as a subscriber to the real verifier. In previous editions of SP 800-63, authentication protocols that are resistant to verifier impersonation have been described as “strongly MitM resistant”.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]}]},{"term":"Version Scanning","link":"https://csrc.nist.gov/glossary/term/version_scanning","definitions":[{"text":"The process of identifying the service application and application version currently in use.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"Very High Frequency","link":"https://csrc.nist.gov/glossary/term/very_high_frequency","abbrSyn":[{"text":"VHF","link":"https://csrc.nist.gov/glossary/term/vhf"}],"definitions":null},{"term":"Very Secure File Transfer Protocol Daemon","link":"https://csrc.nist.gov/glossary/term/very_secure_file_transfer_protocol_daemon","abbrSyn":[{"text":"vsftpd","link":"https://csrc.nist.gov/glossary/term/vsftpd"}],"definitions":null},{"term":"VHD","link":"https://csrc.nist.gov/glossary/term/vhd","abbrSyn":[{"text":"Virtual Hard Disk","link":"https://csrc.nist.gov/glossary/term/virtual_hard_disk"},{"text":"Virtual Hard Drive","link":"https://csrc.nist.gov/glossary/term/virtual_hard_drive"}],"definitions":null},{"term":"VHDX","link":"https://csrc.nist.gov/glossary/term/vhdx","abbrSyn":[{"text":"Hyper-V virtual hard disk","link":"https://csrc.nist.gov/glossary/term/hyper_v_virtual_hard_disk"}],"definitions":null},{"term":"VHF","link":"https://csrc.nist.gov/glossary/term/vhf","abbrSyn":[{"text":"Very High Frequency","link":"https://csrc.nist.gov/glossary/term/very_high_frequency"}],"definitions":null},{"term":"Vi","link":"https://csrc.nist.gov/glossary/term/vi","abbrSyn":[{"text":"Visual","link":"https://csrc.nist.gov/glossary/term/visual"}],"definitions":null},{"term":"VIB","link":"https://csrc.nist.gov/glossary/term/vib","abbrSyn":[{"text":"vSphere Installation Bundle","link":"https://csrc.nist.gov/glossary/term/vsphere_installation_bundle"}],"definitions":null},{"term":"view","link":"https://csrc.nist.gov/glossary/term/view","definitions":[{"text":"Representation of a whole system from the perspective of a related set of concerns.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24774:2021","link":"https://www.iso.org/standard/78981.html"}]}]},{"text":"A classification of elements in which each element is associated with exactly one item of the classification.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"viewpoint","link":"https://csrc.nist.gov/glossary/term/viewpoint","definitions":[{"text":"Specification of the conventions for constructing and using a view.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/IEC/IEEE 24774:2021","link":"https://www.iso.org/standard/78981.html"}]}]}]},{"term":"VIP","link":"https://csrc.nist.gov/glossary/term/vip","abbrSyn":[{"text":"Validation and ID Protection","link":"https://csrc.nist.gov/glossary/term/validation_and_id_protection"}],"definitions":null},{"term":"Virtual Central Processing Unit","link":"https://csrc.nist.gov/glossary/term/virtual_central_processing_unit","abbrSyn":[{"text":"vCPU","link":"https://csrc.nist.gov/glossary/term/vcpu"}],"definitions":null},{"term":"Virtual Contact Interface","link":"https://csrc.nist.gov/glossary/term/virtual_contact_interface","abbrSyn":[{"text":"VCI","link":"https://csrc.nist.gov/glossary/term/vci"}],"definitions":null},{"term":"Virtual Desktop Infrastructure","link":"https://csrc.nist.gov/glossary/term/virtual_desktop_infrastructure","abbrSyn":[{"text":"VDI","link":"https://csrc.nist.gov/glossary/term/vdi"}],"definitions":null},{"term":"Virtual Desktop Interface","link":"https://csrc.nist.gov/glossary/term/virtual_desktop_interface","abbrSyn":[{"text":"VDI","link":"https://csrc.nist.gov/glossary/term/vdi"}],"definitions":null},{"term":"Virtual Distributed Switch","link":"https://csrc.nist.gov/glossary/term/virtual_distributed_switch","abbrSyn":[{"text":"VDS","link":"https://csrc.nist.gov/glossary/term/vds"}],"definitions":null},{"term":"Virtual Edition","link":"https://csrc.nist.gov/glossary/term/virtual_edition","abbrSyn":[{"text":"VE","link":"https://csrc.nist.gov/glossary/term/ve"}],"definitions":null},{"term":"Virtual eXtensible Local Area Network","link":"https://csrc.nist.gov/glossary/term/virtual_extensible_local_area_network","abbrSyn":[{"text":"VXLAN","link":"https://csrc.nist.gov/glossary/term/vxlan"}],"definitions":null},{"term":"Virtual Hard Drive","link":"https://csrc.nist.gov/glossary/term/virtual_hard_drive","abbrSyn":[{"text":"VHD","link":"https://csrc.nist.gov/glossary/term/vhd"}],"definitions":null},{"term":"Virtual Link Tunnel Interconnect","link":"https://csrc.nist.gov/glossary/term/virtual_link_tunnel_interconnect","abbrSyn":[{"text":"VLTi","link":"https://csrc.nist.gov/glossary/term/vlti"}],"definitions":null},{"term":"Virtual Local Area Network","link":"https://csrc.nist.gov/glossary/term/virtual_local_area_network","abbrSyn":[{"text":"VLAN","link":"https://csrc.nist.gov/glossary/term/vlan"}],"definitions":[{"text":"A broadcast domain that is partitioned and isolated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN, as if they were attached to the same physical LAN.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under VLAN "}]},{"text":"A broadcast domain that is partitioned and isolated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN as if they were attached to the same physical LAN.","sources":[{"text":"NIST SP 1800-15C","link":"https://doi.org/10.6028/NIST.SP.1800-15","underTerm":" under Virtual Local Area Network (VLAN) "}]}]},{"term":"Virtual Machine (VM)","link":"https://csrc.nist.gov/glossary/term/virtual_machine","abbrSyn":[{"text":"VM","link":"https://csrc.nist.gov/glossary/term/vm"}],"definitions":[{"text":"A simulated environment created by virtualization.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","underTerm":" under Virtual machine (VM) "},{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190","underTerm":" under Virtual machine ","refSources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"text":"Software that allows a single host to run one or more guest operating systems.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"},{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"text":"A software-defined complete execution stack consisting of virtualized hardware, operating system (guest OS), and applications.","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A"}]},{"text":"A virtual data processing system that appears to be at the disposal of a particular user but whose functions are accomplished by sharing the resources of a real data processing system","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","underTerm":" under Virtual machine ","refSources":[{"text":"ISO/IEC 2382-1"}]}]}],"seeAlso":[{"text":"Guest Operating System (OS)"}]},{"term":"Virtual Machine Extensions","link":"https://csrc.nist.gov/glossary/term/virtual_machine_extensions","abbrSyn":[{"text":"VMX","link":"https://csrc.nist.gov/glossary/term/vmx"}],"definitions":null},{"term":"Virtual Machine IDentifier","link":"https://csrc.nist.gov/glossary/term/virtual_machine_identifier","abbrSyn":[{"text":"VMID","link":"https://csrc.nist.gov/glossary/term/vmid"}],"definitions":null},{"term":"Virtual machine monitor (VMM)","link":"https://csrc.nist.gov/glossary/term/virtual_machine_monitor","abbrSyn":[{"text":"hypervisor","link":"https://csrc.nist.gov/glossary/term/hypervisor"},{"text":"VMM","link":"https://csrc.nist.gov/glossary/term/vmm"}],"definitions":[{"text":"See “hypervisor”.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"term":"Virtual Machines","link":"https://csrc.nist.gov/glossary/term/virtual_machines","abbrSyn":[{"text":"VM","link":"https://csrc.nist.gov/glossary/term/vm"}],"definitions":null,"seeAlso":[{"text":"Hypervisor"}]},{"term":"Virtual Mobile Infrastructure","link":"https://csrc.nist.gov/glossary/term/virtual_mobile_infrastructure","abbrSyn":[{"text":"VMI","link":"https://csrc.nist.gov/glossary/term/vmi"}],"definitions":null},{"term":"virtual network","link":"https://csrc.nist.gov/glossary/term/virtual_network","abbrSyn":[{"text":"VNet","link":"https://csrc.nist.gov/glossary/term/vnet"}],"definitions":null},{"term":"Virtual Network Computing","link":"https://csrc.nist.gov/glossary/term/virtual_network_computing","abbrSyn":[{"text":"VNC","link":"https://csrc.nist.gov/glossary/term/vnc"}],"definitions":null},{"term":"Virtual Network Interface Card","link":"https://csrc.nist.gov/glossary/term/virtual_network_interface_card","abbrSyn":[{"text":"vNIC","link":"https://csrc.nist.gov/glossary/term/vnic"}],"definitions":null},{"term":"Virtual Private Cloud","link":"https://csrc.nist.gov/glossary/term/virtual_private_cloud","abbrSyn":[{"text":"VPC","link":"https://csrc.nist.gov/glossary/term/vpc"}],"definitions":null},{"term":"virtual private network (VPN)","link":"https://csrc.nist.gov/glossary/term/virtual_private_network","abbrSyn":[{"text":"VPN","link":"https://csrc.nist.gov/glossary/term/vpn"}],"definitions":[{"text":"A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under virtual private network ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"Protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated line.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Virtual Private Network ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Virtual Private Network ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under virtual private network ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"Protected information system link utilizing tunneling, security controls (see information assurance (IA)), and endpoint address translation giving the impression of a dedicated line.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Virtual Private Network "}]},{"text":"A logical network that is established at the network layer of the OSI model. The logical network typically provides authentication and data confidentiality services for some subset of a larger physical network.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under Virtual private network (VPN) "}]},{"text":"A data network that enables two or more parties to communicate securely across a public network by creating a private connection, or “tunnel,” between them.","sources":[{"text":"NIST SP 800-47","link":"https://doi.org/10.6028/NIST.SP.800-47","note":" [Superseded]","underTerm":" under Virtual Private Network (VPN) "}]},{"text":"Virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Virtual Private Network "}]},{"text":"A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Virtual Private Network (VPN) ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949"}]}]},{"text":"A virtual network built on top of existing physical networks that can provide a secure communications mechanism for data and IP information transmitted between networks or between different nodes on the same network.","sources":[{"text":"NIST SP 800-77 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-77r1","underTerm":" under Virtual Private Network (VPN) "}]},{"text":"A tunnel that connects the teleworker’s computer to the organization’s network.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Virtual Private Network (VPN) "}]}],"seeAlso":[{"text":"information assurance (IA)","link":"information_assurance"}]},{"term":"Virtual Private Network Consortium","link":"https://csrc.nist.gov/glossary/term/virtual_private_network_consortium","abbrSyn":[{"text":"VPNC","link":"https://csrc.nist.gov/glossary/term/vpnc"}],"definitions":null},{"term":"Virtual Private Networking","link":"https://csrc.nist.gov/glossary/term/virtual_private_networking","abbrSyn":[{"text":"VPN","link":"https://csrc.nist.gov/glossary/term/vpn"}],"definitions":null},{"term":"Virtual Router Redundancy Protocol","link":"https://csrc.nist.gov/glossary/term/virtual_router_redundancy_protocol","abbrSyn":[{"text":"VRRP","link":"https://csrc.nist.gov/glossary/term/vrrp"}],"definitions":null},{"term":"Virtual Smart Card","link":"https://csrc.nist.gov/glossary/term/virtual_smart_card","abbrSyn":[{"text":"VSC","link":"https://csrc.nist.gov/glossary/term/vsc"}],"definitions":null},{"term":"Virtual Tape Library","link":"https://csrc.nist.gov/glossary/term/virtual_tape_library","abbrSyn":[{"text":"VTL","link":"https://csrc.nist.gov/glossary/term/vtl"}],"definitions":null},{"term":"Virtualization","link":"https://csrc.nist.gov/glossary/term/virtualization","definitions":[{"text":"The simulation of the software and/or hardware upon which other software runs.","sources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"},{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190","refSources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"text":"A methodology for emulation or abstraction of hardware resources that enables complete execution stacks including software applications to run on it.","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A"}]},{"text":"The use of an abstraction layer to simulate computing hardware so that multiple operating systems can run on a single computer.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"The simulation of the software and/or hardware upon which other software runs; this simulated environment is called a virtual machine","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","refSources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125","note":" - Adapted"}]}]}]},{"term":"Virtualized Host","link":"https://csrc.nist.gov/glossary/term/virtualized_host","definitions":[{"text":"The physical host on which the virtualization software such as the Hypervisor is installed. Usually, the virtualized host will contain a special hardware platform that assists virtualization - specifically Instruction Set and Memory virtualization.","sources":[{"text":"NIST SP 800-125A","link":"https://doi.org/10.6028/NIST.SP.800-125A"}]}]},{"term":"Virtualized Network Interface","link":"https://csrc.nist.gov/glossary/term/virtualized_network_interface","abbrSyn":[{"text":"VNI","link":"https://csrc.nist.gov/glossary/term/vni"}],"definitions":null},{"term":"Visibility","link":"https://csrc.nist.gov/glossary/term/visibility","abbrSyn":[{"text":"transparency","link":"https://csrc.nist.gov/glossary/term/transparency"}],"definitions":[{"text":"Amount of information that can be gathered about a supplier, product, or service and how far through the supply chain this information can be obtained.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"ISO/IEC 27036-2:2014","note":" - adapted"}]}]},{"text":"A property of openness and accountability throughout the supply chain.  ","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Visibility (also Transparency) ","refSources":[{"text":"ISO/IEC 27036-2:2014","note":" - Adapted"}]}]},{"text":"A property of openness and accountability throughout the supply chain. ","sources":[{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","refSources":[{"text":"ISO/IEC 27036-3 Draft","note":" - Adapted"}]}]}]},{"term":"Visual","link":"https://csrc.nist.gov/glossary/term/visual","abbrSyn":[{"text":"Vi","link":"https://csrc.nist.gov/glossary/term/vi"}],"definitions":null},{"term":"Visual Basic","link":"https://csrc.nist.gov/glossary/term/visual_basic","abbrSyn":[{"text":"VB","link":"https://csrc.nist.gov/glossary/term/vb"}],"definitions":null},{"term":"Visual Basic for Applications","link":"https://csrc.nist.gov/glossary/term/visual_basic_for_applications","abbrSyn":[{"text":"VBA","link":"https://csrc.nist.gov/glossary/term/vba"}],"definitions":null},{"term":"Visual Basic Script","link":"https://csrc.nist.gov/glossary/term/visual_basic_script","abbrSyn":[{"text":"VBS","link":"https://csrc.nist.gov/glossary/term/vbs"},{"text":"VBScript","link":"https://csrc.nist.gov/glossary/term/vbscript"}],"definitions":null},{"term":"Visual Basic.NET","link":"https://csrc.nist.gov/glossary/term/visual_basic_net","abbrSyn":[{"text":"VB.NET","link":"https://csrc.nist.gov/glossary/term/vb_net"}],"definitions":null},{"term":"VLAN","link":"https://csrc.nist.gov/glossary/term/vlan","abbrSyn":[{"text":"Virtual LAN"},{"text":"Virtual Local Area Network","link":"https://csrc.nist.gov/glossary/term/virtual_local_area_network"}],"definitions":[{"text":"A broadcast domain that is partitioned and isolated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN, as if they were attached to the same physical LAN.","sources":[{"text":"NIST SP 1800-15B","link":"https://doi.org/10.6028/NIST.SP.1800-15"}]}]},{"term":"VLTi","link":"https://csrc.nist.gov/glossary/term/vlti","abbrSyn":[{"text":"Virtual Link Tunnel Interconnect","link":"https://csrc.nist.gov/glossary/term/virtual_link_tunnel_interconnect"}],"definitions":null},{"term":"VM","link":"https://csrc.nist.gov/glossary/term/vm","abbrSyn":[{"text":"Virtual machine"},{"text":"Virtual Machine"},{"text":"Virtual Machines","link":"https://csrc.nist.gov/glossary/term/virtual_machines"}],"definitions":[{"text":"A simulated environment created by virtualization.","sources":[{"text":"NIST SP 800-190","link":"https://doi.org/10.6028/NIST.SP.800-190","underTerm":" under Virtual machine ","refSources":[{"text":"NIST SP 800-125","link":"https://doi.org/10.6028/NIST.SP.800-125"}]}]},{"text":"Software that allows a single host to run one or more guest operating systems.","sources":[{"text":"NIST SP 1800-25B","link":"https://doi.org/10.6028/NIST.SP.1800-25","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]},{"text":"NIST SP 1800-26B","link":"https://doi.org/10.6028/NIST.SP.1800-26","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]},{"text":"NIST SP 1800-10B","link":"https://doi.org/10.6028/NIST.SP.1800-10","underTerm":" under Virtual Machine ","refSources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"text":"A virtual data processing system that appears to be at the disposal of a particular user but whose functions are accomplished by sharing the resources of a real data processing system","sources":[{"text":"NISTIR 8006","link":"https://doi.org/10.6028/NIST.IR.8006","underTerm":" under Virtual machine ","refSources":[{"text":"ISO/IEC 2382-1"}]}]}]},{"term":"VMI","link":"https://csrc.nist.gov/glossary/term/vmi","abbrSyn":[{"text":"Virtual Mobile Infrastructure","link":"https://csrc.nist.gov/glossary/term/virtual_mobile_infrastructure"}],"definitions":null},{"term":"VMID","link":"https://csrc.nist.gov/glossary/term/vmid","abbrSyn":[{"text":"Virtual Machine IDentifier","link":"https://csrc.nist.gov/glossary/term/virtual_machine_identifier"}],"definitions":null},{"term":"VMM","link":"https://csrc.nist.gov/glossary/term/vmm","abbrSyn":[{"text":"Virtual Machine Manager"},{"text":"Virtual Machine Monitor"}],"definitions":null},{"term":"VMware Validated Design","link":"https://csrc.nist.gov/glossary/term/vmware_validated_design","abbrSyn":[{"text":"VVD","link":"https://csrc.nist.gov/glossary/term/vvd"}],"definitions":null},{"term":"VMX","link":"https://csrc.nist.gov/glossary/term/vmx","abbrSyn":[{"text":"Virtual Machine Extensions","link":"https://csrc.nist.gov/glossary/term/virtual_machine_extensions"}],"definitions":null},{"term":"VNA","link":"https://csrc.nist.gov/glossary/term/vna","abbrSyn":[{"text":"Vendor Neutral Archive","link":"https://csrc.nist.gov/glossary/term/vendor_neutral_archive"}],"definitions":null},{"term":"VNC","link":"https://csrc.nist.gov/glossary/term/vnc","abbrSyn":[{"text":"Virtual Network Computing","link":"https://csrc.nist.gov/glossary/term/virtual_network_computing"}],"definitions":null},{"term":"VnE","link":"https://csrc.nist.gov/glossary/term/vne","abbrSyn":[{"text":"Vulnerability and Exposure","link":"https://csrc.nist.gov/glossary/term/vulnerability_and_exposure"}],"definitions":null},{"term":"VNet","link":"https://csrc.nist.gov/glossary/term/vnet","abbrSyn":[{"text":"virtual network","link":"https://csrc.nist.gov/glossary/term/virtual_network"}],"definitions":null},{"term":"VNI","link":"https://csrc.nist.gov/glossary/term/vni","abbrSyn":[{"text":"Virtualized Network Interface","link":"https://csrc.nist.gov/glossary/term/virtualized_network_interface"}],"definitions":null},{"term":"vNIC","link":"https://csrc.nist.gov/glossary/term/vnic","abbrSyn":[{"text":"Virtual Network Interface Card","link":"https://csrc.nist.gov/glossary/term/virtual_network_interface_card"}],"definitions":null},{"term":"VNID","link":"https://csrc.nist.gov/glossary/term/vnid","abbrSyn":[{"text":"VXLAN Network Identifier","link":"https://csrc.nist.gov/glossary/term/vxlan_network_identifier"}],"definitions":null},{"term":"VOA","link":"https://csrc.nist.gov/glossary/term/voa","abbrSyn":[{"text":"Voice of the Adversary","link":"https://csrc.nist.gov/glossary/term/voice_of_the_adversary"}],"definitions":null},{"term":"Voice of the Adversary","link":"https://csrc.nist.gov/glossary/term/voice_of_the_adversary","abbrSyn":[{"text":"VOA","link":"https://csrc.nist.gov/glossary/term/voa"}],"definitions":null},{"term":"voice over internet protocol (VoIP)","link":"https://csrc.nist.gov/glossary/term/voip","abbrSyn":[{"text":"Voice over Internet Protocol"},{"text":"Voice Over Internet Protocol"},{"text":"Voice over IP"},{"text":"Voice Over IP"},{"text":"Voice-Over-IP"},{"text":"VoIP"},{"text":"VOIP"}],"definitions":[{"text":"A term used to describe the transmission of packetized voice using the internet protocol (IP) and consists of both signaling and media protocols.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 5000","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"Voice over LTE","link":"https://csrc.nist.gov/glossary/term/voice_over_lte","abbrSyn":[{"text":"VoLTE","link":"https://csrc.nist.gov/glossary/term/volte"}],"definitions":null},{"term":"Volatile Data","link":"https://csrc.nist.gov/glossary/term/volatile_data","definitions":[{"text":"Data on a live system that is lost after a computer is powered down.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Volatile Memory","link":"https://csrc.nist.gov/glossary/term/volatile_memory","definitions":[{"text":"Memory that loses its content when power is turned off or lost.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Voltage at the Common Collector","link":"https://csrc.nist.gov/glossary/term/voltage_at_the_common_collector","abbrSyn":[{"text":"Vcc","link":"https://csrc.nist.gov/glossary/term/vcc"}],"definitions":null},{"term":"VoLTE","link":"https://csrc.nist.gov/glossary/term/volte","abbrSyn":[{"text":"Voice over Long-Term Evolution"},{"text":"Voice over LTE","link":"https://csrc.nist.gov/glossary/term/voice_over_lte"}],"definitions":null},{"term":"Volume Shadowcopy Services","link":"https://csrc.nist.gov/glossary/term/volume_shadowcopy_services","abbrSyn":[{"text":"VSS","link":"https://csrc.nist.gov/glossary/term/vss"}],"definitions":null},{"term":"Voluntary Voting Systems Guidelines","link":"https://csrc.nist.gov/glossary/term/voluntary_voting_systems_guidelines","abbrSyn":[{"text":"VVSG","link":"https://csrc.nist.gov/glossary/term/vvsg"}],"definitions":null},{"term":"VPC","link":"https://csrc.nist.gov/glossary/term/vpc","abbrSyn":[{"text":"Virtual Private Cloud","link":"https://csrc.nist.gov/glossary/term/virtual_private_cloud"}],"definitions":null},{"term":"VPN","link":"https://csrc.nist.gov/glossary/term/vpn","abbrSyn":[{"text":"virtual private network"},{"text":"Virtual Private Network"},{"text":"Virtual Private Networking","link":"https://csrc.nist.gov/glossary/term/virtual_private_networking"}],"definitions":[{"text":"A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under virtual private network ","refSources":[{"text":"RFC 4949","link":"https://doi.org/10.17487/RFC4949","note":" - adapted"}]}]},{"text":"Protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated line.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Virtual Private Network ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","underTerm":" under Virtual Private Network ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under virtual private network ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"A virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks.","sources":[{"text":"NIST SP 800-113","link":"https://doi.org/10.6028/NIST.SP.800-113","underTerm":" under Virtual Private Network "}]},{"text":"Virtual network built on top of existing networks that can provide a secure communications mechanism for data and IP information transmitted between networks.","sources":[{"text":"NIST SP 800-77","link":"https://doi.org/10.6028/NIST.SP.800-77","note":" [Superseded]","underTerm":" under Virtual Private Network "}]}]},{"term":"VPNC","link":"https://csrc.nist.gov/glossary/term/vpnc","abbrSyn":[{"text":"Virtual Private Network Consortium","link":"https://csrc.nist.gov/glossary/term/virtual_private_network_consortium"}],"definitions":null},{"term":"vR","link":"https://csrc.nist.gov/glossary/term/vr","abbrSyn":[{"text":"vSphere Replication","link":"https://csrc.nist.gov/glossary/term/vsphere_replication"}],"definitions":null},{"term":"vRA","link":"https://csrc.nist.gov/glossary/term/vra","abbrSyn":[{"text":"vRealize Automation","link":"https://csrc.nist.gov/glossary/term/vrealize_automation"}],"definitions":null},{"term":"vRB","link":"https://csrc.nist.gov/glossary/term/vrb","abbrSyn":[{"text":"vRealize Business for Cloud","link":"https://csrc.nist.gov/glossary/term/vrealize_business_for_cloud"}],"definitions":null},{"term":"VRDX-SIG","link":"https://csrc.nist.gov/glossary/term/vrdx_sig","abbrSyn":[{"text":"Vulnerability Reporting and Data eXchange SIG","link":"https://csrc.nist.gov/glossary/term/vulnerability_reporting_and_data_exchange_sig"}],"definitions":null},{"term":"vRealize Automation","link":"https://csrc.nist.gov/glossary/term/vrealize_automation","abbrSyn":[{"text":"vRA","link":"https://csrc.nist.gov/glossary/term/vra"}],"definitions":null},{"term":"vRealize Business for Cloud","link":"https://csrc.nist.gov/glossary/term/vrealize_business_for_cloud","abbrSyn":[{"text":"vRB","link":"https://csrc.nist.gov/glossary/term/vrb"}],"definitions":null},{"term":"vRealize Log Insight","link":"https://csrc.nist.gov/glossary/term/vrealize_log_insight","abbrSyn":[{"text":"vRLI","link":"https://csrc.nist.gov/glossary/term/vrli"}],"definitions":null},{"term":"vRealize Operations Manager","link":"https://csrc.nist.gov/glossary/term/vrealize_operations_manager","abbrSyn":[{"text":"vROPS","link":"https://csrc.nist.gov/glossary/term/vrops"}],"definitions":null},{"term":"vRealize Orchestrator","link":"https://csrc.nist.gov/glossary/term/vrealize_orchestrator","abbrSyn":[{"text":"vRO","link":"https://csrc.nist.gov/glossary/term/vro"}],"definitions":null},{"term":"VRF","link":"https://csrc.nist.gov/glossary/term/vrf","abbrSyn":[{"text":"Verification"}],"definitions":[{"text":"Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome).","sources":[{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Verification ","refSources":[{"text":"CNSSI 4009"},{"text":"ISO 9000","note":" - Adapted"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Verification ","refSources":[{"text":"CNSSI 4009"},{"text":"ISO 9000","note":" - Adapted"}]}]},{"text":"The process of testing the media to ensure the information cannot be read.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Verification "}]},{"text":"Internal phase within the NVD where a second, usually more experienced, NVD Analyst verifies the work completed during the Initial Analysis.","sources":[{"text":"NISTIR 8246","link":"https://doi.org/10.6028/NIST.IR.8246","underTerm":" under Verification "}]},{"text":"Process of producing objective evidence that sufficiently demonstrates that the system satisfies its security requirements and security characteristics with the level of assurance that applies to the system.","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under Verification ","refSources":[{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","note":" - §3.4.9, Adapted"}]}]},{"text":"See “Identity Verification”.","sources":[{"text":"FIPS 201","note":" [version unknown]","underTerm":" under Verification "}]}]},{"term":"vRLI","link":"https://csrc.nist.gov/glossary/term/vrli","abbrSyn":[{"text":"vRealize Log Insight","link":"https://csrc.nist.gov/glossary/term/vrealize_log_insight"}],"definitions":null},{"term":"vRO","link":"https://csrc.nist.gov/glossary/term/vro","abbrSyn":[{"text":"vRealize Orchestrator","link":"https://csrc.nist.gov/glossary/term/vrealize_orchestrator"}],"definitions":null},{"term":"vROPS","link":"https://csrc.nist.gov/glossary/term/vrops","abbrSyn":[{"text":"vRealize Operations Manager","link":"https://csrc.nist.gov/glossary/term/vrealize_operations_manager"}],"definitions":null},{"term":"VRP","link":"https://csrc.nist.gov/glossary/term/vrp","abbrSyn":[{"text":"Validated ROA Payload","link":"https://csrc.nist.gov/glossary/term/validated_roa_payload"}],"definitions":[{"text":"Validated ROA Payload contains {prefix, max length, origin AS} information from an X.509 validated ROA.","sources":[{"text":"NIST TN 2060","link":"https://doi.org/10.6028/NIST.TN.2060","underTerm":" under Validated ROA Payload "}]}]},{"term":"VRRP","link":"https://csrc.nist.gov/glossary/term/vrrp","abbrSyn":[{"text":"Virtual Router Redundancy Protocol","link":"https://csrc.nist.gov/glossary/term/virtual_router_redundancy_protocol"}],"definitions":null},{"term":"VSC","link":"https://csrc.nist.gov/glossary/term/vsc","abbrSyn":[{"text":"Virtual Smart Card","link":"https://csrc.nist.gov/glossary/term/virtual_smart_card"}],"definitions":null},{"term":"vsftpd","link":"https://csrc.nist.gov/glossary/term/vsftpd","abbrSyn":[{"text":"Very Secure File Transfer Protocol Daemon","link":"https://csrc.nist.gov/glossary/term/very_secure_file_transfer_protocol_daemon"}],"definitions":null},{"term":"vSphere Distributed Switch","link":"https://csrc.nist.gov/glossary/term/vsphere_distributed_switch","abbrSyn":[{"text":"VDS","link":"https://csrc.nist.gov/glossary/term/vds"}],"definitions":null},{"term":"vSphere Installation Bundle","link":"https://csrc.nist.gov/glossary/term/vsphere_installation_bundle","abbrSyn":[{"text":"VIB","link":"https://csrc.nist.gov/glossary/term/vib"}],"definitions":null},{"term":"vSphere Replication","link":"https://csrc.nist.gov/glossary/term/vsphere_replication","abbrSyn":[{"text":"vR","link":"https://csrc.nist.gov/glossary/term/vr"}],"definitions":null},{"term":"vSphere Update Manager","link":"https://csrc.nist.gov/glossary/term/vsphere_update_manager","abbrSyn":[{"text":"VUM","link":"https://csrc.nist.gov/glossary/term/vum"}],"definitions":null},{"term":"VSS","link":"https://csrc.nist.gov/glossary/term/vss","abbrSyn":[{"text":"Volume Shadowcopy Services","link":"https://csrc.nist.gov/glossary/term/volume_shadowcopy_services"}],"definitions":null},{"term":"VTEP","link":"https://csrc.nist.gov/glossary/term/vtep","abbrSyn":[{"text":"VXLAN Tunnel Endpoint","link":"https://csrc.nist.gov/glossary/term/vxlan_tunnel_endpoint"}],"definitions":null},{"term":"VTL","link":"https://csrc.nist.gov/glossary/term/vtl","abbrSyn":[{"text":"Virtual Tape Library","link":"https://csrc.nist.gov/glossary/term/virtual_tape_library"}],"definitions":null},{"term":"vulnerability analysis","link":"https://csrc.nist.gov/glossary/term/vulnerability_analysis","abbrSyn":[{"text":"vulnerability assessment","link":"https://csrc.nist.gov/glossary/term/vulnerability_assessment"},{"text":"Vulnerability Assessment"}],"definitions":[{"text":"Systematic examination of a system or product or supply chain element to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","underTerm":" under vulnerability assessment ","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Formal description and evaluation of the vulnerabilities in an information system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under vulnerability assessment "},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","underTerm":" under vulnerability assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under vulnerability assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53A","link":"https://doi.org/10.6028/NIST.SP.800-53A"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","underTerm":" under vulnerability assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under vulnerability assessment ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See vulnerability assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5"},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Vulnerability Analysis "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5"}]},{"text":"Systematic examination of an information system or product to determine the adequacy of security and privacy measures, identify security and privacy deficiencies, provide data from which to predict the effectiveness of proposed security and privacy measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"Vulnerability and Exposure","link":"https://csrc.nist.gov/glossary/term/vulnerability_and_exposure","abbrSyn":[{"text":"VnE","link":"https://csrc.nist.gov/glossary/term/vne"}],"definitions":null},{"term":"vulnerability assessment","link":"https://csrc.nist.gov/glossary/term/vulnerability_assessment","abbrSyn":[{"text":"vulnerability analysis","link":"https://csrc.nist.gov/glossary/term/vulnerability_analysis"},{"text":"Vulnerability Analysis"}],"definitions":[{"text":"Systematic examination of a system or product or supply chain element to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"NIST SP 800-161r1","link":"https://doi.org/10.6028/NIST.SP.800-161r1","refSources":[{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","note":" - adapted"}]}]},{"text":"Formal description and evaluation of the vulnerabilities in an information system.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-18 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-18r1","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-37 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-37r1","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]}]},{"text":"Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-37 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-37r2","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"NIST SP 800-161","link":"https://doi.org/10.6028/NIST.SP.800-161","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4"},{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-30 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-30r1","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-39","link":"https://doi.org/10.6028/NIST.SP.800-39","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"}]},{"text":"NISTIR 7622","link":"https://doi.org/10.6028/NIST.IR.7622","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009"},{"text":"NIST SP 800-53A","link":"https://doi.org/10.6028/NIST.SP.800-53A"}]},{"text":"NIST SP 800-160 Vol. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v1","refSources":[{"text":"CNSSI 4009"}]},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"See vulnerability assessment.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under vulnerability analysis ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]},{"text":"NIST SP 800-53 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53r5","underTerm":" under vulnerability analysis "},{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Vulnerability Analysis "},{"text":"NIST SP 800-53A Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-53Ar5","underTerm":" under vulnerability analysis "}]},{"text":"Systematic examination of an information system or product to determine the adequacy of security and privacy measures, identify security and privacy deficiencies, provide data from which to predict the effectiveness of proposed security and privacy measures, and confirm the adequacy of such measures after implementation.","sources":[{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Vulnerability Assessment ","refSources":[{"text":"CNSSI 4009","note":" - Adapted"}]}]}]},{"term":"Vulnerability Disclosure Policy","link":"https://csrc.nist.gov/glossary/term/vulnerability_disclosure_policy","abbrSyn":[{"text":"VDP","link":"https://csrc.nist.gov/glossary/term/vdp"}],"definitions":null},{"term":"Vulnerability Disclosure Program Office","link":"https://csrc.nist.gov/glossary/term/vulnerability_disclosure_program_office","abbrSyn":[{"text":"VDPO","link":"https://csrc.nist.gov/glossary/term/vdpo"}],"definitions":[{"text":"The entity with which an agency coordinates internally to resolve reported vulnerabilities.","sources":[{"text":"NIST SP 800-216","link":"https://doi.org/10.6028/NIST.SP.800-216"}]}]},{"term":"Vulnerability Management","link":"https://csrc.nist.gov/glossary/term/vulnerability_management","abbrSyn":[{"text":"Capability, Vulnerability Management","link":"https://csrc.nist.gov/glossary/term/capability_vulnerability_management"}],"definitions":[{"text":"An ISCM capability that identifies vulnerabilities [Common Vulnerabilities and Exposures (CVEs)] on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1","underTerm":" under Capability, Vulnerability Management "}]},{"text":"See Capability, Vulnerability Management.","sources":[{"text":"NISTIR 8011 Vol. 1","link":"https://doi.org/10.6028/NIST.IR.8011-1"}]}]},{"term":"Vulnerability Reporting and Data eXchange SIG","link":"https://csrc.nist.gov/glossary/term/vulnerability_reporting_and_data_exchange_sig","abbrSyn":[{"text":"VRDX-SIG","link":"https://csrc.nist.gov/glossary/term/vrdx_sig"}],"definitions":null},{"term":"vulnerability scanner","link":"https://csrc.nist.gov/glossary/term/vulnerability_scanner","definitions":[{"text":"(As used in this volume) A network tool (hardware and/or software) that scans network devices to identify generally known and organization specific CVEs. It may do this based on a wide range of signature strategies.","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]},{"text":"A tool (hardware and/or software) used to identify hosts/host attributes and associated vulnerabilities (CVEs, CWEs, and others).","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Vulnerability Scanning","link":"https://csrc.nist.gov/glossary/term/vulnerability_scanning","definitions":[{"text":"A technique used to identify hosts/host attributes and associated vulnerabilities.","sources":[{"text":"NIST SP 800-115","link":"https://doi.org/10.6028/NIST.SP.800-115"}]}]},{"term":"VUM","link":"https://csrc.nist.gov/glossary/term/vum","abbrSyn":[{"text":"vSphere Update Manager","link":"https://csrc.nist.gov/glossary/term/vsphere_update_manager"}],"definitions":null},{"term":"VVD","link":"https://csrc.nist.gov/glossary/term/vvd","abbrSyn":[{"text":"VMware Validated Design","link":"https://csrc.nist.gov/glossary/term/vmware_validated_design"}],"definitions":null},{"term":"VVSG","link":"https://csrc.nist.gov/glossary/term/vvsg","abbrSyn":[{"text":"Voluntary Voting Systems Guidelines","link":"https://csrc.nist.gov/glossary/term/voluntary_voting_systems_guidelines"}],"definitions":null},{"term":"VXLAN","link":"https://csrc.nist.gov/glossary/term/vxlan","abbrSyn":[{"text":"Virtual Extended Local Area Network"},{"text":"Virtual Extensible LAN"},{"text":"Virtual eXtensible Local Area Network","link":"https://csrc.nist.gov/glossary/term/virtual_extensible_local_area_network"},{"text":"Virtual Extensible Local Area Network"}],"definitions":null},{"term":"VXLAN Network Identifier","link":"https://csrc.nist.gov/glossary/term/vxlan_network_identifier","abbrSyn":[{"text":"VNID","link":"https://csrc.nist.gov/glossary/term/vnid"}],"definitions":null},{"term":"VXLAN Tunnel Endpoint","link":"https://csrc.nist.gov/glossary/term/vxlan_tunnel_endpoint","abbrSyn":[{"text":"VTEP","link":"https://csrc.nist.gov/glossary/term/vtep"}],"definitions":null},{"term":"W3C","link":"https://csrc.nist.gov/glossary/term/w3c","abbrSyn":[{"text":"World Wide Web Consortium","link":"https://csrc.nist.gov/glossary/term/world_wide_web_consortium"}],"definitions":null},{"term":"WAAP","link":"https://csrc.nist.gov/glossary/term/waap","abbrSyn":[{"text":"web application and API protection","link":"https://csrc.nist.gov/glossary/term/web_application_and_api_protection"}],"definitions":null},{"term":"WaaS","link":"https://csrc.nist.gov/glossary/term/w_aa_s","abbrSyn":[{"text":"Windows as a Service","link":"https://csrc.nist.gov/glossary/term/windows_as_a_service"}],"definitions":null},{"term":"WAAS","link":"https://csrc.nist.gov/glossary/term/waas","abbrSyn":[{"text":"Wide Area Augmentation System","link":"https://csrc.nist.gov/glossary/term/wide_area_augmentation_system"}],"definitions":null},{"term":"WAF","link":"https://csrc.nist.gov/glossary/term/waf","abbrSyn":[{"text":"Web Application Firewall","link":"https://csrc.nist.gov/glossary/term/web_application_firewall"}],"definitions":null},{"term":"Wallet","link":"https://csrc.nist.gov/glossary/term/wallet","definitions":[{"text":"Software used to store and manage asymmetric-keys and addresses used for transactions.","sources":[{"text":"NISTIR 8202","link":"https://doi.org/10.6028/NIST.IR.8202"}]},{"text":"An application used to generate, manage, store or use private and public keys. A wallet can be implemented as a software or hardware module.","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"ISO 22739:2020","link":"https://www.iso.org/standard/73771.html"}]}]}]},{"term":"WAN","link":"https://csrc.nist.gov/glossary/term/wan","abbrSyn":[{"text":"wide area network","link":"https://csrc.nist.gov/glossary/term/wide_area_network"}],"definitions":[{"text":"A physical or logical network that provides data communications to a larger number of independent users than are typically served by a local area network (LAN) and that is usually spread over a larger geographic area than that of a LAN. ","sources":[{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under wide area network "}]}]},{"term":"wander","link":"https://csrc.nist.gov/glossary/term/wander","definitions":[{"text":"The long-term variations—random walk frequency noise—of the significant instants of a digital signal from their ideal position in time (where long-term implies that these variations are of frequency less than 10 Hz).","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"ITU-T G.810","link":"https://www.itu.int/rec/T-REC-G.810/en","note":" - Adapted"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"ITU-T G.810","link":"https://www.itu.int/rec/T-REC-G.810/en","note":" - adapted"}]}]}]},{"term":"WAP","link":"https://csrc.nist.gov/glossary/term/wap","abbrSyn":[{"text":"Web Application Proxy","link":"https://csrc.nist.gov/glossary/term/web_application_proxy"},{"text":"Wireless Access Point"},{"text":"Wireless Application Protocol"}],"definitions":[{"text":"A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Wireless Application Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Wireless Application Protocol "}]}]},{"term":"WAP identity module","link":"https://csrc.nist.gov/glossary/term/wap_identity_module","definitions":[{"text":"a security module implemented in the SIM that provides a trusted environment for using WAP related applications and services on a mobile device via a WAP gateway.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under WAP Identity Module "}]}]},{"term":"WAR","link":"https://csrc.nist.gov/glossary/term/war","abbrSyn":[{"text":"Web Application Archive","link":"https://csrc.nist.gov/glossary/term/web_application_archive"},{"text":"Web Archive","link":"https://csrc.nist.gov/glossary/term/web_archive"}],"definitions":null},{"term":"Warfighting Mission Area","link":"https://csrc.nist.gov/glossary/term/warfighting_mission_area","abbrSyn":[{"text":"WMA","link":"https://csrc.nist.gov/glossary/term/wma"}],"definitions":null},{"term":"warm site","link":"https://csrc.nist.gov/glossary/term/warm_site","definitions":[{"text":"An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1"}]},{"text":"NIST SP 800-34 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-34r1","underTerm":" under Warm Site "}]}]},{"term":"WaSP","link":"https://csrc.nist.gov/glossary/term/wasp","abbrSyn":[{"text":"Web Standards Project","link":"https://csrc.nist.gov/glossary/term/web_standards_project"}],"definitions":null},{"term":"Watering Hole","link":"https://csrc.nist.gov/glossary/term/watering_hole","definitions":[{"text":"Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.","sources":[{"text":"NIST SP 1800-21B","link":"https://doi.org/10.6028/NIST.SP.1800-21","refSources":[{"text":"ICS-CERT Monitor","link":"https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdf"}]}]}]},{"term":"watering hole attack","link":"https://csrc.nist.gov/glossary/term/watering_hole_attack","definitions":[{"text":"In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.","sources":[{"text":"NIST SP 800-150","link":"https://doi.org/10.6028/NIST.SP.800-150","underTerm":" under Watering Hole Attack "}]}]},{"term":"Wavelet Scalar Quantization","link":"https://csrc.nist.gov/glossary/term/wavelet_scalar_quantization","abbrSyn":[{"text":"WSQ","link":"https://csrc.nist.gov/glossary/term/wsq"}],"definitions":null},{"term":"WAYF","link":"https://csrc.nist.gov/glossary/term/wayf","abbrSyn":[{"text":"Where Are You From?","link":"https://csrc.nist.gov/glossary/term/where_are_you_from"}],"definitions":null},{"term":"WD","link":"https://csrc.nist.gov/glossary/term/wd","abbrSyn":[{"text":"Working Draft","link":"https://csrc.nist.gov/glossary/term/working_draft"}],"definitions":null},{"term":"WDV","link":"https://csrc.nist.gov/glossary/term/wdv","abbrSyn":[{"text":"WORM Disk Volume","link":"https://csrc.nist.gov/glossary/term/worm_disk_volume"}],"definitions":null},{"term":"weakest judgment algorithm","link":"https://csrc.nist.gov/glossary/term/weakest_judgment_algorithm","definitions":[{"text":"An inter-level judgment conflict resolution algorithm where the weakest judgment is taken as the result.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Weakly Bound Credentials","link":"https://csrc.nist.gov/glossary/term/weakly_bound_credentials","definitions":[{"text":"Credentials that are bound to a subscriber in a manner than can be modified without invalidating the credential.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"Credentials that describe the binding between a user and token in a manner than can be modified without invalidating the credential. (For more discussion, see Section 7.1.1.)","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]"}]}]},{"term":"weakness","link":"https://csrc.nist.gov/glossary/term/weakness","definitions":[{"text":"Defect or characteristic that may lead to undesirable behavior.","sources":[{"text":"NIST SP 800-160v1r1","link":"https://doi.org/10.6028/NIST.SP.800-160v1r1","refSources":[{"text":"ISO/SAE 21434:2021","link":"https://www.iso.org/standard/70918.html"}]}]},{"text":"(As used in this volume) Poor coding practices, as exemplified by CWEs","sources":[{"text":"NISTIR 8011 Vol. 4","link":"https://doi.org/10.6028/NIST.IR.8011-4"}]}]},{"term":"Weapons System","link":"https://csrc.nist.gov/glossary/term/weapons_system","definitions":[{"text":"A 'weapons system' is a combination of one or more weapons with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self- sufficiency.","sources":[{"text":"NIST SP 800-59","link":"https://doi.org/10.6028/NIST.SP.800-59","refSources":[{"text":"DoD JP 1-02","link":"https://www.jcs.mil/Doctrine/"}]}]},{"text":"A combination of one or more weapons with all related equipment, materials, services, personnel, and means of delivery and deployment (if applicable) required for self-sufficiency.","sources":[{"text":"NIST SP 800-60 Vol. 1 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v1r1"},{"text":"NIST SP 800-60 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-60v2r1"}]}]},{"term":"web application and API protection","link":"https://csrc.nist.gov/glossary/term/web_application_and_api_protection","abbrSyn":[{"text":"WAAP","link":"https://csrc.nist.gov/glossary/term/waap"}],"definitions":null},{"term":"Web Application Archive","link":"https://csrc.nist.gov/glossary/term/web_application_archive","abbrSyn":[{"text":"WAR","link":"https://csrc.nist.gov/glossary/term/war"}],"definitions":null},{"term":"Web Application Firewall","link":"https://csrc.nist.gov/glossary/term/web_application_firewall","abbrSyn":[{"text":"WAF","link":"https://csrc.nist.gov/glossary/term/waf"}],"definitions":null},{"term":"Web Application Proxy","link":"https://csrc.nist.gov/glossary/term/web_application_proxy","abbrSyn":[{"text":"WAP","link":"https://csrc.nist.gov/glossary/term/wap"}],"definitions":null},{"term":"Web Archive","link":"https://csrc.nist.gov/glossary/term/web_archive","abbrSyn":[{"text":"WAR","link":"https://csrc.nist.gov/glossary/term/war"}],"definitions":null},{"term":"Web Browser","link":"https://csrc.nist.gov/glossary/term/web_browser","definitions":[{"text":"Client software used to view Web content.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2"}]},{"text":"A software program that allows a user to locate, access, and display web pages.","sources":[{"text":"NIST SP 1800-16B","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16C","link":"https://doi.org/10.6028/NIST.SP.1800-16"},{"text":"NIST SP 1800-16D","link":"https://doi.org/10.6028/NIST.SP.1800-16"}]}]},{"term":"web bug","link":"https://csrc.nist.gov/glossary/term/web_bug","definitions":[{"text":"Malicious code, invisible to a user, placed on web sites in such a way that it allows third parties to track use of web servers and collect information about the user, including internet protocol (IP) address, host name, browser type and version, operating system name and version, and web browser cookie.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A tiny image, invisible to a user, placed on Web pages in such a way to enable third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and cookies.","sources":[{"text":"NIST SP 800-28 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-28ver2","underTerm":" under Web Bug "}]}]},{"term":"Web Ontology Language for Web Services","link":"https://csrc.nist.gov/glossary/term/web_ontology_language_for_web_services","abbrSyn":[{"text":"OWL-S","link":"https://csrc.nist.gov/glossary/term/owl_s"}],"definitions":null},{"term":"Web Portal","link":"https://csrc.nist.gov/glossary/term/web_portal","definitions":[{"text":"Provides a single point of entry into the SOA for requester entities, enabling them to access Web services transparently from any device at virtually any location.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Apache Portals Project home page","link":"http://portals.apache.org/"}]}]}]},{"term":"Web Proxy Auto Discovery","link":"https://csrc.nist.gov/glossary/term/web_proxy_auto_discovery","abbrSyn":[{"text":"WPAD","link":"https://csrc.nist.gov/glossary/term/wpad"}],"definitions":null},{"term":"Web Security Appliance","link":"https://csrc.nist.gov/glossary/term/web_security_appliance","abbrSyn":[{"text":"WSA","link":"https://csrc.nist.gov/glossary/term/wsa"}],"definitions":null},{"term":"Web Server","link":"https://csrc.nist.gov/glossary/term/web_server","definitions":[{"text":"A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an “intranet server.”","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]},{"text":"A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an “intranet server”.","sources":[{"text":"NIST SP 800-45 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-45ver2"}]}]},{"term":"Web Server Administrator","link":"https://csrc.nist.gov/glossary/term/web_server_administrator","definitions":[{"text":"The Web server equivalent of a system administrator. Web server administrators are system architects responsible for the overall design, implementation, and maintenance of Web servers. They may or may not be responsible for Web content, which is traditionally the responsibility of the Webmaster.","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}]},{"term":"Web Service","link":"https://csrc.nist.gov/glossary/term/web_service","definitions":[{"text":"A software component or system designed to support interoperable machine- or application- oriented interaction over a network. A Web service has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Open Grid Services Architecture Glossary of Terms","link":"https://www.ogf.org/documents/GFD.44.pdf"}]}]}]},{"term":"Web Service Interoperability (WS-I) Basic Profile","link":"https://csrc.nist.gov/glossary/term/web_service_interoperability_basic_profile","definitions":[{"text":"A set of standards and clarifications to standards that vendors must follow for basic interoperability with SOAP products.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Interoperability Organization (WS-I) Basic Profile Version 1.1","link":"http://www.ws-i.org/Profiles/BasicProfile-1.1-2004-08-24.html"}]}]}]},{"term":"Web Services","link":"https://csrc.nist.gov/glossary/term/web_services","abbrSyn":[{"text":"WS","link":"https://csrc.nist.gov/glossary/term/ws"}],"definitions":null},{"term":"Web Services Description Language (WSDL)","link":"https://csrc.nist.gov/glossary/term/web_services_description_language","abbrSyn":[{"text":"WSDL","link":"https://csrc.nist.gov/glossary/term/wsdl"}],"definitions":[{"text":"An XML format for describing network services as a set of endpoints operating on messages containing either document- oriented or procedure-oriented information. WSDL complements the UDDI standard by providing a uniform way of describing the abstract interface and protocol bindings and deployment details of arbitrary network services.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Description Language (WSDL) 1.1","link":"https://www.w3.org/TR/wsdl"},{"text":"Oregon Statewide Automated Child Welfare Information System (SACWIS) Glossary"}]}]}]},{"term":"Web Services Interoperability","link":"https://csrc.nist.gov/glossary/term/web_services_interoperability","abbrSyn":[{"text":"WS-I","link":"https://csrc.nist.gov/glossary/term/ws_i"}],"definitions":null},{"term":"Web Services Security (WS -Security)","link":"https://csrc.nist.gov/glossary/term/web_services_security","definitions":[{"text":"A mechanism for incorporating security information into SOAP messages. WS-Security uses binary tokens for authentication, digital signatures for integrity, and content-level encryption for confidentiality.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"IBM Web Services Security (WS-Security) Version 1.1"}]}]}]},{"term":"Web Services Security for Java","link":"https://csrc.nist.gov/glossary/term/web_services_security_for_java","abbrSyn":[{"text":"WSS4J","link":"https://csrc.nist.gov/glossary/term/wss4j"}],"definitions":null},{"term":"Web Standards Project","link":"https://csrc.nist.gov/glossary/term/web_standards_project","abbrSyn":[{"text":"WaSP","link":"https://csrc.nist.gov/glossary/term/wasp"}],"definitions":null},{"term":"Webmaster","link":"https://csrc.nist.gov/glossary/term/webmaster","definitions":[{"text":"A person responsible for the implementation of a Web site. Webmasters must be proficient in HTML and one or more scripting and interface languages, such as JavaScript and Perl. They may or may not be responsible for the underlying server, which is traditionally the responsibility of the Web administrator (see above).","sources":[{"text":"NIST SP 800-44 Version 2","link":"https://doi.org/10.6028/NIST.SP.800-44ver2"}]}],"seeAlso":[{"text":"Web administrator","link":"web_administrator"}]},{"term":"Website","link":"https://csrc.nist.gov/glossary/term/website","definitions":[{"text":"A set of related web pages that are prepared and maintained as a collection in support of a single purpose.","sources":[{"text":"NISTIR 7693","link":"https://doi.org/10.6028/NIST.IR.7693"}]}]},{"term":"Well-formed","link":"https://csrc.nist.gov/glossary/term/well_formed","definitions":[{"text":"An SCAP-conformant data stream or stream component.","sources":[{"text":"NIST SP 800-126 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-126r3"},{"text":"NIST SP 800-126 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-126r2"}]}]},{"term":"Well-Formed CPE Name","link":"https://csrc.nist.gov/glossary/term/well_formed_cpe_name","definitions":[{"text":"A logical construct that constitutes an unordered list of A-V pairs that collectively describe or identify one or more operating systems, software applications, or hardware devices. Unordered means that there is no prescribed order in which A-V pairs should be listed, and there is no specified relationship (hierarchical, set-theoretic, or otherwise) among attributes. WFNs must satisfy the criteria specified in the CPE Naming specification [CPE23-N:5.2]. For a full description and usage constraints on WFN logical attribute values, see Section 5 of the CPE Naming specification [CPE23-N:5].","sources":[{"text":"NISTIR 7696","link":"https://doi.org/10.6028/NIST.IR.7696"}]}]},{"term":"WEP","link":"https://csrc.nist.gov/glossary/term/wep","abbrSyn":[{"text":"Wired Equivalent Privacy"}],"definitions":null},{"term":"Western Information Security and Privacy Research Laboratory","link":"https://csrc.nist.gov/glossary/term/western_information_security_and_privacy_research_laboratory","abbrSyn":[{"text":"WHISPERLAB","link":"https://csrc.nist.gov/glossary/term/whisperlab"}],"definitions":null},{"term":"WFA","link":"https://csrc.nist.gov/glossary/term/wfa","abbrSyn":[{"text":"Wi-Fi Alliance","link":"https://csrc.nist.gov/glossary/term/wi_fi_alliance"}],"definitions":null},{"term":"WG","link":"https://csrc.nist.gov/glossary/term/wg","abbrSyn":[{"text":"Working Group","link":"https://csrc.nist.gov/glossary/term/working_group"}],"definitions":null},{"term":"WGS 84","link":"https://csrc.nist.gov/glossary/term/wgs_84","abbrSyn":[{"text":"World Geodetic System – 1984"},{"text":"World Geodetic System 1984","link":"https://csrc.nist.gov/glossary/term/world_geodetic_system_1984"}],"definitions":[{"text":"An Earth-centered, Earth-fixed terrestrial reference system and geodetic datum. WGS 84 is based on a consistent set of constants and model parameters that describe the Earth’s size, shape, gravity, and geomagnetic fields. WGS 84 is the standard U.S. Department of Defense definition of a global reference system for geospatial information and is the reference system for GPS. It is consistent with the International Terrestrial Reference System (ITRS).","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","underTerm":" under World Geodetic System 1984 ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","underTerm":" under World Geodetic System 1984 ","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"whaling","link":"https://csrc.nist.gov/glossary/term/whaling","definitions":[{"text":"A specific kind of phishing that targets high-ranking members of organizations.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Where Are You From?","link":"https://csrc.nist.gov/glossary/term/where_are_you_from","abbrSyn":[{"text":"WAYF","link":"https://csrc.nist.gov/glossary/term/wayf"}],"definitions":null},{"term":"WHISPERLAB","link":"https://csrc.nist.gov/glossary/term/whisperlab","abbrSyn":[{"text":"Western Information Security and Privacy Research Laboratory","link":"https://csrc.nist.gov/glossary/term/western_information_security_and_privacy_research_laboratory"}],"definitions":null},{"term":"White Box Testing","link":"https://csrc.nist.gov/glossary/term/white_box_testing","abbrSyn":[{"text":"Comprehensive Testing"}],"definitions":[{"text":"A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137","underTerm":" under Comprehensive Testing ","refSources":[{"text":"NISTIR 7298","link":"https://doi.org/10.6028/NIST.IR.7298"}]},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]","underTerm":" under Comprehensive Testing "}]},{"text":"See Comprehensive Testing.","sources":[{"text":"NIST SP 800-137","link":"https://doi.org/10.6028/NIST.SP.800-137"},{"text":"NIST SP 800-53A Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53Ar4","note":" [Superseded]"}]},{"text":"(also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing).","sources":[{"text":"NIST SP 800-192","link":"https://doi.org/10.6028/NIST.SP.800-192"}]}],"seeAlso":[{"text":"comprehensive testing","link":"comprehensive_testing"}]},{"term":"White Team","link":"https://csrc.nist.gov/glossary/term/white_team","definitions":[{"text":"1. The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of their enterprise’s use of information systems. In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"2. Can also refer to a small group of people who have prior knowledge of unannounced Red Team activities. The White Team acts as observers during the Red Team activity and ensures the scope of testing does not exceed a pre-defined threshold.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"whitelist","link":"https://csrc.nist.gov/glossary/term/whitelist","definitions":[{"text":"A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system. \nAlso known as “clean word list”.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","underTerm":" under white list ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","underTerm":" under Whitelist ","refSources":[{"text":"NIST SP 800-94","link":"https://doi.org/10.6028/NIST.SP.800-94","note":" - Adapted"}]},{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under Whitelist ","refSources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128"}]}]},{"text":"A list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications that are authorized to be present or active on a system according to a well-defined baseline.","sources":[{"text":"NIST SP 800-128","link":"https://doi.org/10.6028/NIST.SP.800-128","refSources":[{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167"}]},{"text":"NIST SP 800-167","link":"https://doi.org/10.6028/NIST.SP.800-167"}]},{"text":"A list of discrete entities, such as hosts or applications, that are known to be benign and are approved for use within an organization and/or information system.","sources":[{"text":"NIST SP 800-179","link":"https://doi.org/10.6028/NIST.SP.800-179","note":" [Superseded]","underTerm":" under Whitelist ","refSources":[{"text":"NISTIR 7298 Rev. 2","link":"https://doi.org/10.6028/NIST.IR.7298r2"}]}]},{"text":"An approved list or register of entities that are provided a particular privilege, service, mobility, access or recognition.","sources":[{"text":"NISTIR 7621 Rev. 1","link":"https://doi.org/10.6028/NIST.IR.7621r1","underTerm":" under Whitelist ","refSources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","note":" - “whitelisting”"}]}]},{"text":"A list of email senders known to be benign, such as a user’s coworkers, friends, and family.","sources":[{"text":"NIST SP 800-114","link":"https://doi.org/10.6028/NIST.SP.800-114","note":" [Superseded]","underTerm":" under Whitelist "}]}],"seeAlso":[{"text":"clean word list","link":"clean_word_list"}]},{"term":"whitelisting","link":"https://csrc.nist.gov/glossary/term/whitelisting","definitions":[{"text":"An implementation of a default deny all or allow by exception policy across an enterprise environment, and a clear, concise, timely process for adding exceptions when required for mission accomplishments.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 1011","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"text":"An approved list or register of entities that are provided a particular privilege, service, mobility, access or recognition.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"A process used to identify software programs that are authorized to execute on a system or authorized Universal Resource Locators (URL)/websites.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"},{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]},{"text":"The process used to identify: (i) software programs that are authorized to execute on an information system; or (ii) authorized Universal Resource Locators (URL)/websites.","sources":[{"text":"NIST SP 800-53 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-53r4","note":" [Superseded]","underTerm":" under Whitelisting "}]}]},{"term":"Wide Area Augmentation System","link":"https://csrc.nist.gov/glossary/term/wide_area_augmentation_system","abbrSyn":[{"text":"WAAS","link":"https://csrc.nist.gov/glossary/term/waas"}],"definitions":null},{"term":"WIDPS","link":"https://csrc.nist.gov/glossary/term/widps","abbrSyn":[{"text":"Wireless Intrusion Detection and Prevention System","link":"https://csrc.nist.gov/glossary/term/wireless_intrusion_detection_and_prevention_system"}],"definitions":null},{"term":"WIDS","link":"https://csrc.nist.gov/glossary/term/wids","abbrSyn":[{"text":"Wireless Intrusion Detection System"}],"definitions":null},{"term":"Wi-Fi","link":"https://csrc.nist.gov/glossary/term/wi_fi","abbrSyn":[{"text":"Wireless","link":"https://csrc.nist.gov/glossary/term/wireless"},{"text":"Wireless Fidelity"}],"definitions":[{"text":"a generic term that refers to a wireless local area network that observes the IEEE 802.11 protocol.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","refSources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","refSources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"}]},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Wireless Fidelity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Wireless Fidelity "}]}]},{"term":"Wi-Fi Alliance","link":"https://csrc.nist.gov/glossary/term/wi_fi_alliance","abbrSyn":[{"text":"WFA","link":"https://csrc.nist.gov/glossary/term/wfa"}],"definitions":null},{"term":"Wi-Fi Multimedia","link":"https://csrc.nist.gov/glossary/term/wi_fi_multimedia","abbrSyn":[{"text":"WMM","link":"https://csrc.nist.gov/glossary/term/wmm"}],"definitions":null},{"term":"Wi-Fi Protected Access","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_access","abbrSyn":[{"text":"WPA","link":"https://csrc.nist.gov/glossary/term/wpa"}],"definitions":null},{"term":"Wi-Fi Protected Access version 3","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_access_version_3","abbrSyn":[{"text":"WPA3","link":"https://csrc.nist.gov/glossary/term/wpa3"}],"definitions":null},{"term":"Wi-Fi Protected Setup","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_setup","abbrSyn":[{"text":"WPS","link":"https://csrc.nist.gov/glossary/term/wps"}],"definitions":null},{"term":"WiMAX","link":"https://csrc.nist.gov/glossary/term/wimax","abbrSyn":[{"text":"Worldwide Interoperability for Microwave Access","link":"https://csrc.nist.gov/glossary/term/worldwide_interoperability_for_microwave_access"}],"definitions":[{"text":"A wireless metropolitan area network (WMAN) technology based on the IEEE 802.16 family of standards used for a variety of purposes, including, but not limited to, fixed last-mile broadband access, long-range wireless backhaul, and access layer technology for mobile wireless subscribers operating on telecommunications networks.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]"}]}]},{"term":"WinCE","link":"https://csrc.nist.gov/glossary/term/wince","abbrSyn":[{"text":"Windows CE","link":"https://csrc.nist.gov/glossary/term/windows_ce"}],"definitions":null},{"term":"Windows as a Service","link":"https://csrc.nist.gov/glossary/term/windows_as_a_service","abbrSyn":[{"text":"WaaS","link":"https://csrc.nist.gov/glossary/term/w_aa_s"}],"definitions":null},{"term":"Windows CE","link":"https://csrc.nist.gov/glossary/term/windows_ce","abbrSyn":[{"text":"WinCE","link":"https://csrc.nist.gov/glossary/term/wince"}],"definitions":null},{"term":"Windows Management Instrumentation","link":"https://csrc.nist.gov/glossary/term/windows_management_instrumentation","abbrSyn":[{"text":"WMI","link":"https://csrc.nist.gov/glossary/term/wmi"}],"definitions":null},{"term":"Windows NT File System","link":"https://csrc.nist.gov/glossary/term/windows_nt_file_system","abbrSyn":[{"text":"NTFS","link":"https://csrc.nist.gov/glossary/term/ntfs"}],"definitions":null},{"term":"Windows Online Troubleshooting Service","link":"https://csrc.nist.gov/glossary/term/windows_online_troubleshooting_service","abbrSyn":[{"text":"WOTS","link":"https://csrc.nist.gov/glossary/term/wots"}],"definitions":null},{"term":"Windows Preinstallation Environment","link":"https://csrc.nist.gov/glossary/term/windows_preinstallation_environment","abbrSyn":[{"text":"WinPE","link":"https://csrc.nist.gov/glossary/term/win_pe"}],"definitions":null},{"term":"Windows Remote Management","link":"https://csrc.nist.gov/glossary/term/windows_remote_management","abbrSyn":[{"text":"WinRM","link":"https://csrc.nist.gov/glossary/term/winrm"}],"definitions":null},{"term":"Windows Scripting Host","link":"https://csrc.nist.gov/glossary/term/windows_scripting_host","abbrSyn":[{"text":"WSH","link":"https://csrc.nist.gov/glossary/term/wsh"}],"definitions":null},{"term":"Windows Server Update Services","link":"https://csrc.nist.gov/glossary/term/windows_server_update_services","abbrSyn":[{"text":"WSUS","link":"https://csrc.nist.gov/glossary/term/wsus"}],"definitions":null},{"term":"WinPE","link":"https://csrc.nist.gov/glossary/term/win_pe","abbrSyn":[{"text":"Windows Preinstallation Environment","link":"https://csrc.nist.gov/glossary/term/windows_preinstallation_environment"}],"definitions":null},{"term":"WinRM","link":"https://csrc.nist.gov/glossary/term/winrm","abbrSyn":[{"text":"Windows Remote Management","link":"https://csrc.nist.gov/glossary/term/windows_remote_management"}],"definitions":null},{"term":"WINS","link":"https://csrc.nist.gov/glossary/term/wins","abbrSyn":[{"text":"World Institute of Nuclear Security","link":"https://csrc.nist.gov/glossary/term/world_institute_of_nuclear_security"}],"definitions":null},{"term":"Winternitz One-Time Signature Plus","link":"https://csrc.nist.gov/glossary/term/winternitz_one_time_signature_plus","abbrSyn":[{"text":"WOTS+","link":"https://csrc.nist.gov/glossary/term/wots_plus"}],"definitions":null},{"term":"Wiping","link":"https://csrc.nist.gov/glossary/term/wiping","definitions":[{"text":"Overwriting media or portions of media with random or constant values to hinder the collection of data.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"Wireless","link":"https://csrc.nist.gov/glossary/term/wireless","abbrSyn":[{"text":"WiFi"}],"definitions":null},{"term":"wireless access point (WAP)","link":"https://csrc.nist.gov/glossary/term/wireless_access_point","abbrSyn":[{"text":"WAP","link":"https://csrc.nist.gov/glossary/term/wap"}],"definitions":[{"text":"A device that allows wireless devices to connect to a wired network using wi-fi, or related standards.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"wireless application protocol (WAP)","link":"https://csrc.nist.gov/glossary/term/wireless_application_protocol","abbrSyn":[{"text":"WAP","link":"https://csrc.nist.gov/glossary/term/wap"}],"definitions":[{"text":"A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1","underTerm":" under Wireless Application Protocol (WAP) "},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Wireless Application Protocol "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Wireless Application Protocol "}]}]},{"term":"Wireless Fidelity (WiFi)","link":"https://csrc.nist.gov/glossary/term/wireless_fidelity","abbrSyn":[{"text":"WiFi"},{"text":"Wi-Fi","link":"https://csrc.nist.gov/glossary/term/wi_fi"}],"definitions":[{"text":"A term describing a wireless local area network that observes the IEEE 802.11 protocol.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"}]},{"text":"a generic term that refers to a wireless local area network that observes the IEEE 802.11 protocol.","sources":[{"text":"NIST SP 1800-27B","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Wi-Fi ","refSources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"}]},{"text":"NIST SP 1800-27C","link":"https://doi.org/10.6028/NIST.SP.1800-27","underTerm":" under Wi-Fi ","refSources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"}]},{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Wireless Fidelity "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Wireless Fidelity "}]}]},{"term":"Wireless Intrusion Detection and Prevention System","link":"https://csrc.nist.gov/glossary/term/wireless_intrusion_detection_and_prevention_system","abbrSyn":[{"text":"WIDPS","link":"https://csrc.nist.gov/glossary/term/widps"}],"definitions":null},{"term":"wireless intrusion detection system (WIDS)","link":"https://csrc.nist.gov/glossary/term/wireless_intrusion_detection_system","abbrSyn":[{"text":"WIDS","link":"https://csrc.nist.gov/glossary/term/wids"}],"definitions":[{"text":"A commercial wireless technology that assists designated personnel with the monitoring of specific parts of the radio frequency (RF) spectrum to identify unauthorized wireless transmissions and/or activities.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"DoD 8420.1","link":"https://www.esd.whs.mil/Directives/issuances/dodi/"}]}]}]},{"term":"Wireless LAN Controller","link":"https://csrc.nist.gov/glossary/term/wireless_lan_controller","abbrSyn":[{"text":"WLC","link":"https://csrc.nist.gov/glossary/term/wlc"}],"definitions":null},{"term":"Wireless Local Area Network (WLAN)","link":"https://csrc.nist.gov/glossary/term/wireless_local_area_network","abbrSyn":[{"text":"WLAN","link":"https://csrc.nist.gov/glossary/term/wlan"}],"definitions":[{"text":"A group of wireless access points and associated infrastructure within a limited geographic area, such as an office building or building campus, that is capable of radio communications. WLANs are usually implemented as extensions of existing wired LANs to provide enhanced user mobility.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]},{"text":"A group of wireless APs and associated infrastructure within a limited geographic area, such as an office building or building campus, that is capable of radio communications. WLANs are usually implemented as extensions of existing wired LANs to provide enhanced user mobility.","sources":[{"text":"NIST SP 800-48 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-48r1","note":" [Withdrawn]"}]}]},{"term":"Wireless Markup Language","link":"https://csrc.nist.gov/glossary/term/wireless_markup_language","definitions":[{"text":"a stripped down version of HTML to allow mobile devices to access Web sites and pages that have been converted from HTML to the more basic text format supported.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250"},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387"}]}]},{"term":"Wireless Metropolitan Area Network","link":"https://csrc.nist.gov/glossary/term/wireless_metropolitan_area_network","abbrSyn":[{"text":"WMAN","link":"https://csrc.nist.gov/glossary/term/wman"}],"definitions":null},{"term":"Wireless Network Management","link":"https://csrc.nist.gov/glossary/term/wireless_network_management","abbrSyn":[{"text":"WNM","link":"https://csrc.nist.gov/glossary/term/wnm"}],"definitions":null},{"term":"Wireless Personal Area Network (WPAN)","link":"https://csrc.nist.gov/glossary/term/wireless_personal_area_network","abbrSyn":[{"text":"WPAN","link":"https://csrc.nist.gov/glossary/term/wpan"}],"definitions":[{"text":"A small-scale wireless network that requires little or no infrastructure and operates within a short range. A WPAN is typically used by a few devices in a single room instead of connecting the devices with cables.","sources":[{"text":"NIST SP 800-121 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-121r2"},{"text":"NIST SP 800-121 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-121r1","note":" [Superseded]"}]}]},{"term":"Wireless Personal Area Networks","link":"https://csrc.nist.gov/glossary/term/wireless_personal_area_networks","abbrSyn":[{"text":"WPANs","link":"https://csrc.nist.gov/glossary/term/wpans"}],"definitions":null},{"term":"wireless power transfer","link":"https://csrc.nist.gov/glossary/term/wireless_power_transfer","abbrSyn":[{"text":"WPT","link":"https://csrc.nist.gov/glossary/term/wpt"}],"definitions":null},{"term":"wireless technology","link":"https://csrc.nist.gov/glossary/term/wireless_technology","definitions":[{"text":"Technology that permits the transfer of information between separated points without physical connection. \nNote: Currently wireless technologies use infrared, acoustic, radio frequency, and optical.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]},{"text":"Technology that permits the transfer of information between separated points without physical connection. Wireless technologies include microwave, packet radio (ultra-high frequency or very high frequency), 802.11x, and Bluetooth.","sources":[{"text":"NIST SP 800-171 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-171r2","note":" [Superseded]"}]},{"text":"Technology that permits the transfer of information between separated points without physical connection.","sources":[{"text":"NIST SP 800-171 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-171r1","note":" [Superseded]"}]}]},{"term":"Wireless Vulnerabilities and Exploits","link":"https://csrc.nist.gov/glossary/term/wireless_vulnerabilities_and_exploits","abbrSyn":[{"text":"WVE","link":"https://csrc.nist.gov/glossary/term/wve"}],"definitions":null},{"term":"Wireless Wide Area Network","link":"https://csrc.nist.gov/glossary/term/wireless_wide_area_network","abbrSyn":[{"text":"WWAN","link":"https://csrc.nist.gov/glossary/term/wwan"}],"definitions":null},{"term":"witness","link":"https://csrc.nist.gov/glossary/term/witness","definitions":[{"text":"An appropriately cleared (if applicable) and designated individual, other than the COMSEC Account Manager, who observes and testifies to the inventory or destruction of COMSEC material.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"CNSSI 4005","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]}]},{"term":"WLAN","link":"https://csrc.nist.gov/glossary/term/wlan","abbrSyn":[{"text":"wireless local area network"},{"text":"Wireless Local Area Network"}],"definitions":null},{"term":"WLC","link":"https://csrc.nist.gov/glossary/term/wlc","abbrSyn":[{"text":"Wireless LAN Controller","link":"https://csrc.nist.gov/glossary/term/wireless_lan_controller"}],"definitions":null},{"term":"WLM","link":"https://csrc.nist.gov/glossary/term/wlm","abbrSyn":[{"text":"Workload Management","link":"https://csrc.nist.gov/glossary/term/workload_management"}],"definitions":null},{"term":"WLS","link":"https://csrc.nist.gov/glossary/term/wls","abbrSyn":[{"text":"Workload Service","link":"https://csrc.nist.gov/glossary/term/workload_service"}],"definitions":null},{"term":"WMA","link":"https://csrc.nist.gov/glossary/term/wma","abbrSyn":[{"text":"Warfighting Mission Area","link":"https://csrc.nist.gov/glossary/term/warfighting_mission_area"}],"definitions":null},{"term":"WMAN","link":"https://csrc.nist.gov/glossary/term/wman","abbrSyn":[{"text":"Wireless Metropolitan Area Network","link":"https://csrc.nist.gov/glossary/term/wireless_metropolitan_area_network"}],"definitions":null},{"term":"WMI","link":"https://csrc.nist.gov/glossary/term/wmi","abbrSyn":[{"text":"Windows Management Instrumentation","link":"https://csrc.nist.gov/glossary/term/windows_management_instrumentation"}],"definitions":null},{"term":"WMM","link":"https://csrc.nist.gov/glossary/term/wmm","abbrSyn":[{"text":"Wi-Fi Multimedia","link":"https://csrc.nist.gov/glossary/term/wi_fi_multimedia"}],"definitions":null},{"term":"WNM","link":"https://csrc.nist.gov/glossary/term/wnm","abbrSyn":[{"text":"Wireless Network Management","link":"https://csrc.nist.gov/glossary/term/wireless_network_management"}],"definitions":null},{"term":"Word","link":"https://csrc.nist.gov/glossary/term/word","definitions":[{"text":"A group of 32 bits that is treated either as a single entity or as an array of 4 bytes.","sources":[{"text":"FIPS 197","link":"https://doi.org/10.6028/NIST.FIPS.197-upd1","note":" [NIST FIPS 197-upd1]"}]},{"text":"A predefined substring consisting of a fixed pattern/template (e.g., 010,  0110).","sources":[{"text":"NIST SP 800-22 Rev. 1a","link":"https://doi.org/10.6028/NIST.SP.800-22r1a"}]}]},{"term":"work factor","link":"https://csrc.nist.gov/glossary/term/work_factor","definitions":[{"text":"Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Work Role","link":"https://csrc.nist.gov/glossary/term/work_role","definitions":[{"text":"A way of describing a grouping of work for which someone is responsible or accountable.","sources":[{"text":"NIST SP 800-181 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-181r1"}]},{"text":"A grouping of work for which an individual or team is responsible or accountable.","sources":[{"text":"NIST IR 8355","link":"https://doi.org/10.6023/NIST.IR.8355"}]}]},{"term":"workcraft identify","link":"https://csrc.nist.gov/glossary/term/workcraft_identify","definitions":[{"text":"Synonymous with tradecraft identity.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Workflow Management System","link":"https://csrc.nist.gov/glossary/term/workflow_management_system","definitions":[{"text":"A computerized information system that is responsible for scheduling and synchronizing the various tasks within the workflow, in accordance with specified task dependencies, and for sending each task to the respective processing entity (e.g., Web server or database server). The data resources that a task uses are called work items.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316"}]}]},{"term":"Working Draft","link":"https://csrc.nist.gov/glossary/term/working_draft","abbrSyn":[{"text":"WD","link":"https://csrc.nist.gov/glossary/term/wd"}],"definitions":null},{"term":"working folder","link":"https://csrc.nist.gov/glossary/term/working_folder","definitions":[{"text":"The Windows folder that contains all the ISCMAx assessment files to be merged into an organizational assessment.","sources":[{"text":"NISTIR 8212","link":"https://doi.org/10.6028/NIST.IR.8212"}]}]},{"term":"Working Group","link":"https://csrc.nist.gov/glossary/term/working_group","abbrSyn":[{"text":"WG","link":"https://csrc.nist.gov/glossary/term/wg"}],"definitions":null},{"term":"Working State","link":"https://csrc.nist.gov/glossary/term/working_state","definitions":[{"text":"A subset of the internal state that is used by a DRBG mechanism to produce pseudorandom bits at a given point in time. The working state (and thus, the internal state) is updated to the next state prior to producing another string of pseudorandom bits.","sources":[{"text":"NIST SP 800-90A Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-90Ar1"}]}]},{"term":"Workload Management","link":"https://csrc.nist.gov/glossary/term/workload_management","abbrSyn":[{"text":"WLM","link":"https://csrc.nist.gov/glossary/term/wlm"}],"definitions":null},{"term":"Workload Service","link":"https://csrc.nist.gov/glossary/term/workload_service","abbrSyn":[{"text":"WLS","link":"https://csrc.nist.gov/glossary/term/wls"}],"definitions":null},{"term":"World Geodetic System 1984","link":"https://csrc.nist.gov/glossary/term/world_geodetic_system_1984","abbrSyn":[{"text":"WGS 84","link":"https://csrc.nist.gov/glossary/term/wgs_84"},{"text":"WGS-84"}],"definitions":[{"text":"An Earth-centered, Earth-fixed terrestrial reference system and geodetic datum. WGS 84 is based on a consistent set of constants and model parameters that describe the Earth’s size, shape, gravity, and geomagnetic fields. WGS 84 is the standard U.S. Department of Defense definition of a global reference system for geospatial information and is the reference system for GPS. It is consistent with the International Terrestrial Reference System (ITRS).","sources":[{"text":"NISTIR 8323","link":"https://doi.org/10.6028/NIST.IR.8323","note":" [Superseded]","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]},{"text":"NIST IR 8323r1","link":"https://doi.org/10.6028/NIST.IR.8323r1","refSources":[{"text":"USG FRP (2021)","link":"https://www.transportation.gov/pnt/radionavigation-systems-planning"}]}]}]},{"term":"World Institute of Nuclear Security","link":"https://csrc.nist.gov/glossary/term/world_institute_of_nuclear_security","abbrSyn":[{"text":"WINS","link":"https://csrc.nist.gov/glossary/term/wins"}],"definitions":null},{"term":"World Wide Web","link":"https://csrc.nist.gov/glossary/term/world_wide_web","abbrSyn":[{"text":"WWW","link":"https://csrc.nist.gov/glossary/term/www"}],"definitions":null},{"term":"World Wide Web Consortium","link":"https://csrc.nist.gov/glossary/term/world_wide_web_consortium","abbrSyn":[{"text":"W3C","link":"https://csrc.nist.gov/glossary/term/w3c"}],"definitions":null},{"term":"World Wide Web Publishing Service","link":"https://csrc.nist.gov/glossary/term/world_wide_web_publishing_service","abbrSyn":[{"text":"WSVC","link":"https://csrc.nist.gov/glossary/term/wsvc"}],"definitions":null},{"term":"Worldwide Interoperability for Microwave Access","link":"https://csrc.nist.gov/glossary/term/worldwide_interoperability_for_microwave_access","abbrSyn":[{"text":"WiMAX","link":"https://csrc.nist.gov/glossary/term/wimax"}],"definitions":[{"text":"A wireless metropolitan area network (WMAN) technology based on the IEEE 802.16 family of standards used for a variety of purposes, including, but not limited to, fixed last-mile broadband access, long-range wireless backhaul, and access layer technology for mobile wireless subscribers operating on telecommunications networks.","sources":[{"text":"NIST SP 800-127","link":"https://doi.org/10.6028/NIST.SP.800-127","note":" [Withdrawn]","underTerm":" under WiMAX "}]}]},{"term":"World-Wide Name","link":"https://csrc.nist.gov/glossary/term/world_wide_name","note":"(used in FC SAN)","abbrSyn":[{"text":"WWN","link":"https://csrc.nist.gov/glossary/term/wwn"}],"definitions":null},{"term":"WORM Disk Volume","link":"https://csrc.nist.gov/glossary/term/worm_disk_volume","abbrSyn":[{"text":"WDV","link":"https://csrc.nist.gov/glossary/term/wdv"}],"definitions":null},{"term":"WOTS","link":"https://csrc.nist.gov/glossary/term/wots","abbrSyn":[{"text":"Windows Online Troubleshooting Service","link":"https://csrc.nist.gov/glossary/term/windows_online_troubleshooting_service"}],"definitions":null},{"term":"WOTS+","link":"https://csrc.nist.gov/glossary/term/wots_plus","abbrSyn":[{"text":"Winternitz One-Time Signature Plus","link":"https://csrc.nist.gov/glossary/term/winternitz_one_time_signature_plus"}],"definitions":null},{"term":"WPA","link":"https://csrc.nist.gov/glossary/term/wpa","abbrSyn":[{"text":"Wi-Fi Protected Access","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_access"}],"definitions":null},{"term":"WPA2","link":"https://csrc.nist.gov/glossary/term/wpa2","abbrSyn":[{"text":"Wi-Fi Protected Access - 2"},{"text":"Wi-Fi Protected Access 2","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_access_2"},{"text":"Wi-Fi Protected Access II"},{"text":"Wi-Fi Protected Access version 2"}],"definitions":null},{"term":"WPA3","link":"https://csrc.nist.gov/glossary/term/wpa3","abbrSyn":[{"text":"Wi-Fi Protected Access version 3","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_access_version_3"}],"definitions":null},{"term":"WPAD","link":"https://csrc.nist.gov/glossary/term/wpad","abbrSyn":[{"text":"Web Proxy Auto Discovery","link":"https://csrc.nist.gov/glossary/term/web_proxy_auto_discovery"}],"definitions":null},{"term":"WPAN","link":"https://csrc.nist.gov/glossary/term/wpan","abbrSyn":[{"text":"Wireless Personal Area Network"}],"definitions":null},{"term":"WPANs","link":"https://csrc.nist.gov/glossary/term/wpans","abbrSyn":[{"text":"Wireless Personal Area Networks","link":"https://csrc.nist.gov/glossary/term/wireless_personal_area_networks"}],"definitions":null},{"term":"WPS","link":"https://csrc.nist.gov/glossary/term/wps","abbrSyn":[{"text":"Wi-Fi Protected Setup","link":"https://csrc.nist.gov/glossary/term/wi_fi_protected_setup"}],"definitions":null},{"term":"WPT","link":"https://csrc.nist.gov/glossary/term/wpt","abbrSyn":[{"text":"wireless power transfer","link":"https://csrc.nist.gov/glossary/term/wireless_power_transfer"}],"definitions":null},{"term":"Wrapped keying material","link":"https://csrc.nist.gov/glossary/term/wrapped_keying_material","definitions":[{"text":"Keying material that has been encrypted and its integrity protected using an approved key wrapping algorithm and a key wrapping key in order to disguise the value of the underlying plaintext key.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]}]},{"term":"wrapping function","link":"https://csrc.nist.gov/glossary/term/wrapping_function","definitions":[{"text":"The keyed, length-preserving permutation that is applied to an enlarged form of the plaintext within the authenticated-encryption function to produce the ciphertext.","sources":[{"text":"NIST SP 800-38F","link":"https://doi.org/10.6028/NIST.SP.800-38F"}]}]},{"term":"Write","link":"https://csrc.nist.gov/glossary/term/write","definitions":[{"text":"Fundamental operations of an information system that results only in the flow of information from an actor to storage media.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1"}]}]},{"term":"Write Once, Read Many","link":"https://csrc.nist.gov/glossary/term/write_once_read_many","abbrSyn":[{"text":"WORM"}],"definitions":[{"text":"Write-Once Read Many. \nAlso see CD-R.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under WORM "}]}]},{"term":"Write Protection","link":"https://csrc.nist.gov/glossary/term/write_protection","definitions":[{"text":"Hardware or software methods of preventing data from being written to a disk or other medium.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]}]},{"term":"Write-Blocker","link":"https://csrc.nist.gov/glossary/term/write_blocker","definitions":[{"text":"A device that allows investigators to examine media while preventing data writes from occurring on the subject media.","sources":[{"text":"NIST SP 800-101 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-101r1"},{"text":"NIST SP 800-72","link":"https://doi.org/10.6028/NIST.SP.800-72"}]},{"text":"A tool that prevents all computer storage media connected to a computer from being written to or modified.","sources":[{"text":"NIST SP 800-86","link":"https://doi.org/10.6028/NIST.SP.800-86"}]}]},{"term":"WS","link":"https://csrc.nist.gov/glossary/term/ws","abbrSyn":[{"text":"Web Services","link":"https://csrc.nist.gov/glossary/term/web_services"},{"text":"workstation","link":"https://csrc.nist.gov/glossary/term/workstation"}],"definitions":[{"text":"A computer used for tasks such as programming, engineering, and design.","sources":[{"text":"NIST SP 800-82 Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-82r2","note":" [Superseded]","underTerm":" under workstation ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]},{"text":"NIST SP 800-82r3","link":"https://doi.org/10.6028/NIST.SP.800-82r3","underTerm":" under workstation ","refSources":[{"text":"NISTIR 6859","link":"https://doi.org/10.6028/NIST.IR.6859"}]}]}]},{"term":"WSA","link":"https://csrc.nist.gov/glossary/term/wsa","abbrSyn":[{"text":"Web Security Appliance","link":"https://csrc.nist.gov/glossary/term/web_security_appliance"}],"definitions":null},{"term":"WSDL","link":"https://csrc.nist.gov/glossary/term/wsdl","abbrSyn":[{"text":"Web Services Description Language"}],"definitions":null},{"term":"WSH","link":"https://csrc.nist.gov/glossary/term/wsh","abbrSyn":[{"text":"Windows Scripting Host","link":"https://csrc.nist.gov/glossary/term/windows_scripting_host"}],"definitions":null},{"term":"WS-I","link":"https://csrc.nist.gov/glossary/term/ws_i","abbrSyn":[{"text":"Web Services Interoperability","link":"https://csrc.nist.gov/glossary/term/web_services_interoperability"}],"definitions":null},{"term":"WSQ","link":"https://csrc.nist.gov/glossary/term/wsq","abbrSyn":[{"text":"Wavelet Scalar Quantization","link":"https://csrc.nist.gov/glossary/term/wavelet_scalar_quantization"}],"definitions":null},{"term":"WSS4J","link":"https://csrc.nist.gov/glossary/term/wss4j","abbrSyn":[{"text":"Web Services Security for Java","link":"https://csrc.nist.gov/glossary/term/web_services_security_for_java"}],"definitions":null},{"term":"WSUS","link":"https://csrc.nist.gov/glossary/term/wsus","abbrSyn":[{"text":"Windows Server Update Services","link":"https://csrc.nist.gov/glossary/term/windows_server_update_services"}],"definitions":null},{"term":"WSVC","link":"https://csrc.nist.gov/glossary/term/wsvc","abbrSyn":[{"text":"World Wide Web Publishing Service","link":"https://csrc.nist.gov/glossary/term/world_wide_web_publishing_service"}],"definitions":null},{"term":"WVE","link":"https://csrc.nist.gov/glossary/term/wve","abbrSyn":[{"text":"Wireless Vulnerabilities and Exploits","link":"https://csrc.nist.gov/glossary/term/wireless_vulnerabilities_and_exploits"}],"definitions":null},{"term":"WWAN","link":"https://csrc.nist.gov/glossary/term/wwan","abbrSyn":[{"text":"Wireless Wide Area Network","link":"https://csrc.nist.gov/glossary/term/wireless_wide_area_network"}],"definitions":null},{"term":"WWN","link":"https://csrc.nist.gov/glossary/term/wwn","abbrSyn":[{"text":"World-Wide Name","link":"https://csrc.nist.gov/glossary/term/world_wide_name"}],"definitions":null},{"term":"WWW","link":"https://csrc.nist.gov/glossary/term/www","abbrSyn":[{"text":"World Wide Web","link":"https://csrc.nist.gov/glossary/term/world_wide_web"}],"definitions":null},{"term":"x ´ y","link":"https://csrc.nist.gov/glossary/term/x_prime_y","definitions":[{"text":"The product of x and y.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"X.509 certificate","link":"https://csrc.nist.gov/glossary/term/x_509_certificate","definitions":[{"text":"The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]"},{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5"},{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]"}]},{"text":"The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T[9] X.509 standard. Most commonly (including in this document), an X.509 certificate refers to the X.509 public-key certificate.","sources":[{"text":"NIST SP 800-57 Part 2 Rev.1","link":"https://doi.org/10.6028/NIST.SP.800-57pt2r1"}]},{"text":"Public key certificates that contain three nested elements: 1) the tamper-evident envelope (digitally signed by the source), 2) the basic certificate content (e.g., identifying information and public key), and 3) extensions that contain optional certificate information.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]"}]}]},{"term":"X.509 public key certificate","link":"https://csrc.nist.gov/glossary/term/x_509_public_key_certificate","definitions":[{"text":"The public key for a user (or device) and a name for the user (or device), together with some other information, rendered unforgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard. \nAlso known as X.509 Certificate.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" - Adapted"}]}]},{"text":"A digital certificate containing a public key for an entity and a name for that entity, together with some other information that is rendered un-forgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 4","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r4","note":" [Superseded]","underTerm":" under X.509 public-key certificate "}]},{"text":"A digital certificate containing a public key for an entity and a unique name for that entity together with some other information that is rendered un-forgeable by the digital signature of the certification authority that issued the certificate, which is encoded in the format defined in the ISO/ITU-T X.509 standard.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 5","link":"https://doi.org/10.6028/NIST.SP.800-57pt1r5","underTerm":" under X.509 public-key certificate "}]},{"text":"A digital certificate containing a public key for entity and a name for the entity, together with some other information that is rendered un- forgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 standard.","sources":[{"text":"NIST SP 800-57 Part 1 Rev. 3","link":"https://doi.org/10.6028/NIST.SP.800-57p1r3","note":" [Superseded]","underTerm":" under X.509 public-key certificate "}]}]},{"term":"XACML","link":"https://csrc.nist.gov/glossary/term/xacml","abbrSyn":[{"text":"eXtensible Access Control Markup Language"},{"text":"Extensible Access Control Markup Language"}],"definitions":[{"text":"A general purpose language for specifying access control policies.","sources":[{"text":"NISTIR 7316","link":"https://doi.org/10.6028/NIST.IR.7316","underTerm":" under Extensible Access Control Markup Language "}]}]},{"term":"XAE","link":"https://csrc.nist.gov/glossary/term/xae","abbrSyn":[{"text":"eXtended Automation Engineering","link":"https://csrc.nist.gov/glossary/term/extended_automation_engineering"}],"definitions":null},{"term":"XAP","link":"https://csrc.nist.gov/glossary/term/xap","abbrSyn":[{"text":"XML Administration Protocol","link":"https://csrc.nist.gov/glossary/term/xml_administration_protocol"}],"definitions":null},{"term":"XAUTH","link":"https://csrc.nist.gov/glossary/term/xauth","abbrSyn":[{"text":"Extended Authentication","link":"https://csrc.nist.gov/glossary/term/extended_authentication"}],"definitions":null},{"term":"XCCDF","link":"https://csrc.nist.gov/glossary/term/xccdf","abbrSyn":[{"text":"eXtensible Configuration Checklist Description Format"},{"text":"Extensible Configuration Checklist Description Format"}],"definitions":null},{"term":"XCCDF Content","link":"https://csrc.nist.gov/glossary/term/xccdf_content","definitions":[{"text":"A file conforming to the XCCDF schema.","sources":[{"text":"NISTIR 7511 Rev. 4","link":"https://doi.org/10.6028/NIST.IR.7511r4"}]}]},{"term":"XDR","link":"https://csrc.nist.gov/glossary/term/xdr","abbrSyn":[{"text":"Extended Detection and Response","link":"https://csrc.nist.gov/glossary/term/extended_detection_and_response"},{"text":"External Data Representation","link":"https://csrc.nist.gov/glossary/term/external_data_representation"}],"definitions":null},{"term":"XEX Tweakable Block Cipher with Ciphertext Stealing","link":"https://csrc.nist.gov/glossary/term/xex_tweakable_block_cipher_with_ciphertext_stealing","abbrSyn":[{"text":"XTS","link":"https://csrc.nist.gov/glossary/term/xts"}],"definitions":null},{"term":"XFC","link":"https://csrc.nist.gov/glossary/term/xfc","abbrSyn":[{"text":"extreme fast charging","link":"https://csrc.nist.gov/glossary/term/extreme_fast_charging"}],"definitions":null},{"term":"XIP","link":"https://csrc.nist.gov/glossary/term/xip","abbrSyn":[{"text":"eXecute In Place","link":"https://csrc.nist.gov/glossary/term/execute_in_place"}],"definitions":null},{"term":"XKMS","link":"https://csrc.nist.gov/glossary/term/xkms","abbrSyn":[{"text":"XML Key Management Service","link":"https://csrc.nist.gov/glossary/term/xml_key_management_service"}],"definitions":null},{"term":"XLSX","link":"https://csrc.nist.gov/glossary/term/xlsx","abbrSyn":[{"text":"Microsoft Excel Workbook File","link":"https://csrc.nist.gov/glossary/term/microsoft_excel_workbook_file"}],"definitions":null},{"term":"XML","link":"https://csrc.nist.gov/glossary/term/xml","abbrSyn":[{"text":"eXtensible Markup Language"},{"text":"Extensible Markup Language"},{"text":"EXtensible Markup Language"}],"definitions":[{"text":"a flexible text format designed to describe data for electronic publishing.","sources":[{"text":"NISTIR 7250","link":"https://doi.org/10.6028/NIST.IR.7250","underTerm":" under Extensible Markup Language "},{"text":"NISTIR 7387","link":"https://doi.org/10.6028/NIST.IR.7387","underTerm":" under Extensible Markup Language "}]}]},{"term":"XML Administration Protocol","link":"https://csrc.nist.gov/glossary/term/xml_administration_protocol","abbrSyn":[{"text":"XAP","link":"https://csrc.nist.gov/glossary/term/xap"}],"definitions":null},{"term":"XML Encryption","link":"https://csrc.nist.gov/glossary/term/xml_encryption","definitions":[{"text":"A process/mechanism for encrypting and decrypting XML documents or parts of documents. World Wide Web Consortium (W3C) XML Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95"}]}]},{"term":"XML Information Security Marking (XML-ISM)","link":"https://csrc.nist.gov/glossary/term/xml_information_security_marking","abbrSyn":[{"text":"XML-ISM","link":"https://csrc.nist.gov/glossary/term/xml_ism"}],"definitions":[{"text":"Provides definitions of and implementation of the XML attributes used as containers for Controlled Access Program Coordination Office (CAPCO)-defined sensitivity and classification markings to be applied to all or part of an XML document. The markings are implemented using ICML.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Intelligence Community Metatdata Working Group Information Security Marking v2.0.2","link":"https://www.icmwg.org/ic_security/index.asp"}]}]}]},{"term":"XML Key Management Service","link":"https://csrc.nist.gov/glossary/term/xml_key_management_service","abbrSyn":[{"text":"XKMS","link":"https://csrc.nist.gov/glossary/term/xkms"}],"definitions":null},{"term":"XML Schema","link":"https://csrc.nist.gov/glossary/term/xml_schema","definitions":[{"text":"A language for describing the defining the structure, content and semantics of XML documents.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"World Wide Web Consortium (W3C): Extensible Markup Language (XML)","link":"https://www.w3.org/XML/"}]}]}]},{"term":"XML Signature","link":"https://csrc.nist.gov/glossary/term/xml_signature","definitions":[{"text":"A mechanism for ensuring the origin and integrity of XML documents. XML Signatures provide integrity, message authentication, or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"World Wide Web Consortium (W3C): Extensible Markup Language (XML)","link":"https://www.w3.org/XML/"}]}]}]},{"term":"XML Style Sheet","link":"https://csrc.nist.gov/glossary/term/xml_style_sheet","abbrSyn":[{"text":"XSL","link":"https://csrc.nist.gov/glossary/term/xsl"}],"definitions":null},{"term":"XML-ISM","link":"https://csrc.nist.gov/glossary/term/xml_ism","abbrSyn":[{"text":"XML Information Security Marking"}],"definitions":null},{"term":"XMPP Standards Foundation","link":"https://csrc.nist.gov/glossary/term/xmpp_standards_foundation","abbrSyn":[{"text":"XSF","link":"https://csrc.nist.gov/glossary/term/xsf"}],"definitions":null},{"term":"XMSS","link":"https://csrc.nist.gov/glossary/term/xmss","abbrSyn":[{"text":"eXtended Merkle Signature Scheme","link":"https://csrc.nist.gov/glossary/term/extended_merkle_signature_scheme"}],"definitions":null},{"term":"XMSSMT","link":"https://csrc.nist.gov/glossary/term/xmss_mt","abbrSyn":[{"text":"Multi-tree XMSS","link":"https://csrc.nist.gov/glossary/term/multi_tree_xmss"}],"definitions":null},{"term":"XOF","link":"https://csrc.nist.gov/glossary/term/xof","abbrSyn":[{"text":"eXtendable-Output Function"},{"text":"Extendable-Output Functions","link":"https://csrc.nist.gov/glossary/term/extendable_output_functions"}],"definitions":null},{"term":"XOFs","link":"https://csrc.nist.gov/glossary/term/xofs","abbrSyn":[{"text":"Extendable-Output Functions","link":"https://csrc.nist.gov/glossary/term/extendable_output_functions"}],"definitions":null},{"term":"XPath","link":"https://csrc.nist.gov/glossary/term/xpath","definitions":[{"text":"Used to define the parts of an XML document, using path expressions.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary","link":"https://www.developer.com/services/article.php/1485771/Web-Services-Glossary.htm"}]}]}]},{"term":"XPN","link":"https://csrc.nist.gov/glossary/term/xpn","abbrSyn":[{"text":"eXtended Packet Number","link":"https://csrc.nist.gov/glossary/term/extended_packet_number"}],"definitions":null},{"term":"XQuery","link":"https://csrc.nist.gov/glossary/term/xquery","definitions":[{"text":"Provides functionality to query an XML document.","sources":[{"text":"NIST SP 800-95","link":"https://doi.org/10.6028/NIST.SP.800-95","refSources":[{"text":"Web Services Glossary","link":"https://www.developer.com/services/article.php/1485771/Web-Services-Glossary.htm"}]}]}]},{"term":"XRES","link":"https://csrc.nist.gov/glossary/term/xres","abbrSyn":[{"text":"Expected result","link":"https://csrc.nist.gov/glossary/term/expected_result"}],"definitions":null},{"term":"XrML","link":"https://csrc.nist.gov/glossary/term/xrml","abbrSyn":[{"text":"eXtensible Rights Markup Language","link":"https://csrc.nist.gov/glossary/term/extensible_rights_markup_language"}],"definitions":null},{"term":"XRP","link":"https://csrc.nist.gov/glossary/term/xrp","abbrSyn":[{"text":"Ripple","link":"https://csrc.nist.gov/glossary/term/ripple"}],"definitions":null},{"term":"XSF","link":"https://csrc.nist.gov/glossary/term/xsf","abbrSyn":[{"text":"XMPP Standards Foundation","link":"https://csrc.nist.gov/glossary/term/xmpp_standards_foundation"}],"definitions":null},{"term":"XSL","link":"https://csrc.nist.gov/glossary/term/xsl","abbrSyn":[{"text":"XML Style Sheet","link":"https://csrc.nist.gov/glossary/term/xml_style_sheet"}],"definitions":null},{"term":"XSLT","link":"https://csrc.nist.gov/glossary/term/xslt","abbrSyn":[{"text":"eXtensible Stylesheet Language Transformation","link":"https://csrc.nist.gov/glossary/term/extensible_stylesheet_language_transformation"},{"text":"Extensible Stylesheet Language Translation"}],"definitions":null},{"term":"XSS","link":"https://csrc.nist.gov/glossary/term/xss","abbrSyn":[{"text":"Cross-site Scripting"},{"text":"Cross-Site Scripting"}],"definitions":[{"text":"Cross-Site Scripting is a security flaw found in some Web applications that enables unauthorized parties to cause client-side scripts to be executed by other users of the Web application.","sources":[{"text":"NISTIR 7711","link":"https://doi.org/10.6028/NIST.IR.7711","underTerm":" under Cross-Site Scripting "}]}]},{"term":"XTS","link":"https://csrc.nist.gov/glossary/term/xts","abbrSyn":[{"text":"XEX Tweakable Block Cipher with Ciphertext Stealing","link":"https://csrc.nist.gov/glossary/term/xex_tweakable_block_cipher_with_ciphertext_stealing"},{"text":"xor-encrypt-xor (XEX) Based Tweaked-Codebook Mode with Ciphertext Stealing"}],"definitions":null},{"term":"xy","link":"https://csrc.nist.gov/glossary/term/xy","definitions":[{"text":"The product of x and y.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2"}]}]},{"term":"YAML","link":"https://csrc.nist.gov/glossary/term/yaml","abbrSyn":[{"text":"YAML Ain't Markup Language","link":"https://csrc.nist.gov/glossary/term/yaml_aint_markup_language"},{"text":"Yet Another Markup Language","link":"https://csrc.nist.gov/glossary/term/yet_another_markup_language"}],"definitions":null},{"term":"YAML Ain't Markup Language","link":"https://csrc.nist.gov/glossary/term/yaml_aint_markup_language","abbrSyn":[{"text":"YAML","link":"https://csrc.nist.gov/glossary/term/yaml"}],"definitions":null},{"term":"YANG","link":"https://csrc.nist.gov/glossary/term/yang","abbrSyn":[{"text":"Yet Another Next Generation","link":"https://csrc.nist.gov/glossary/term/yet_another_next_generation"}],"definitions":null},{"term":"Yet Another Markup Language","link":"https://csrc.nist.gov/glossary/term/yet_another_markup_language","abbrSyn":[{"text":"YAML","link":"https://csrc.nist.gov/glossary/term/yaml"}],"definitions":null},{"term":"Yet Another Next Generation","link":"https://csrc.nist.gov/glossary/term/yet_another_next_generation","abbrSyn":[{"text":"YANG","link":"https://csrc.nist.gov/glossary/term/yang"}],"definitions":null},{"term":"zero day attack","link":"https://csrc.nist.gov/glossary/term/zero_day_attack","definitions":[{"text":"An attack that exploits a previously unknown hardware, firmware, or software vulnerability.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"},{"text":"NISTIR 8011 Vol. 3","link":"https://doi.org/10.6028/NIST.IR.8011-3","underTerm":" under Zero-Day Attack "}]}]},{"term":"zero fill","link":"https://csrc.nist.gov/glossary/term/zero_fill","definitions":[{"text":"To fill unused storage locations in an information system with a numeric value of zero.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Zero Trust","link":"https://csrc.nist.gov/glossary/term/zero_trust","abbrSyn":[{"text":"ZT","link":"https://csrc.nist.gov/glossary/term/zt"}],"definitions":[{"text":"A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.","sources":[{"text":"NIST SP 800-207","link":"https://doi.org/10.6028/NIST.SP.800-207"}]}]},{"term":"Zero Trust Architecture","link":"https://csrc.nist.gov/glossary/term/zero_trust_architecture","abbrSyn":[{"text":"ZTA","link":"https://csrc.nist.gov/glossary/term/zta"}],"definitions":[{"text":"A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The zero trust security model eliminates implicit trust in any one element, component, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under zero trust architecture ","refSources":[{"text":"E.O. 14028","link":"https://www.federalregister.gov/d/2021-10460"}]}]},{"text":"An enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.","sources":[{"text":"NIST SP 800-207","link":"https://doi.org/10.6028/NIST.SP.800-207"}]}]},{"term":"zero trust network access","link":"https://csrc.nist.gov/glossary/term/zero_trust_network_access","abbrSyn":[{"text":"ZTNA","link":"https://csrc.nist.gov/glossary/term/ztna"}],"definitions":null},{"term":"zeroization","link":"https://csrc.nist.gov/glossary/term/zeroization","abbrSyn":[{"text":"Destroy"}],"definitions":[{"text":"An action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered.","sources":[{"text":"FIPS 186-5","link":"https://doi.org/10.6028/NIST.FIPS.186-5","underTerm":" under Destroy "}]},{"text":"A method of erasing electronically stored data, cryptographic keys, and credentials service providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"FIPS 140-2","link":"https://doi.org/10.6028/NIST.FIPS.140-2"}]}]},{"text":"In this Recommendation, to destroy is an action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered.","sources":[{"text":"NIST SP 800-56A Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Ar2","note":" [Superseded]","underTerm":" under Destroy "}]},{"text":"A method of erasing electronically stored data, cryptographic keys, and critical stored parameters by altering or deleting the contents of the data storage to prevent recovery of the data.","sources":[{"text":"NIST SP 800-57 Part 2","link":"https://doi.org/10.6028/NIST.SP.800-57p2","note":" [Superseded]","underTerm":" under Zeroization "}]},{"text":"In this Recommendation, an action applied to a key or a piece of secret data. After a key or a piece of secret data is destroyed, no information about its value can be recovered. Also known as zeroization in FIPS 140.","sources":[{"text":"NIST SP 800-56B Rev. 2","link":"https://doi.org/10.6028/NIST.SP.800-56Br2","underTerm":" under Destroy "}]},{"text":"A method of sanitization that renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.","sources":[{"text":"NIST SP 800-88 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-88r1","underTerm":" under Destroy "}]},{"text":"An action applied to a key or a piece of (secret) data. In this Recommendation, after a key or a piece of data is destroyed, no information about its value can be recovered.","sources":[{"text":"NIST SP 800-56B Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-56Br1","note":" [Superseded]","underTerm":" under Destroy "}]}]},{"term":"zeroize","link":"https://csrc.nist.gov/glossary/term/zeroize","definitions":[{"text":"To remove or eliminate the key from a cryptographic equipment or fill device.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm","refSources":[{"text":"NSA/CSS Manual Number 3-16 (COMSEC)"}]}]},{"text":"Overwrite a memory location with data consisting entirely of bits with the value zero so that the data is destroyed and not recoverable. This is often contrasted with deletion methods that merely destroy reference to data within a file system rather than the data itself.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3","underTerm":" under Zeroize "},{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Zeroize "}]}]},{"term":"Zero-Knowledge Password Protocol","link":"https://csrc.nist.gov/glossary/term/zero_knowledge_password_protocol","definitions":[{"text":"A password-based authentication protocol that allows a claimant to authenticate to a verifier without revealing the password to the verifier. Examples of such protocols are EKE, SPEKE and SRP.","sources":[{"text":"NIST SP 800-63-3","link":"https://doi.org/10.6028/NIST.SP.800-63-3"}]},{"text":"A password based authentication protocol that allows a claimant to authenticate to a Verifier without revealing the password to the Verifier. Examples of such protocols are EKE, SPEKE and SRP.","sources":[{"text":"NIST SP 800-63-2","link":"https://doi.org/10.6028/NIST.SP.800-63-2","note":" [Superseded]","underTerm":" under Zero-knowledge Password Protocol "}]}]},{"term":"Zero-Knowledge Proof","link":"https://csrc.nist.gov/glossary/term/zero_knowledge_proof","abbrSyn":[{"text":"ZKP","link":"https://csrc.nist.gov/glossary/term/zkp"}],"definitions":[{"text":"A cryptographic scheme where a prover is able to convince a verifier that a statement is true, without providing any more information than that single bit (that is, that the statement is true rather than false).","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"ZKP","link":"https://csrc.nist.gov/glossary/term/zkp","abbrSyn":[{"text":"Zero-Knowledge Proof","link":"https://csrc.nist.gov/glossary/term/zero_knowledge_proof"}],"definitions":[{"text":"A cryptographic scheme where a prover is able to convince a verifier that a statement is true, without providing any more information than that single bit (that is, that the statement is true rather than false).","sources":[{"text":"NISTIR 8301","link":"https://doi.org/10.6028/NIST.IR.8301","underTerm":" under Zero-Knowledge Proof ","refSources":[{"text":"Taxonomic Approach to Blockchain IDMS","link":"https://doi.org/10.6028/NIST.CSWP.01142020"}]}]}]},{"term":"zone of control","link":"https://csrc.nist.gov/glossary/term/zone_of_control","definitions":[{"text":"Three dimensional space surrounding equipment that processes classified and/or controlled unclassified information (CUI) within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists.","sources":[{"text":"CNSSI 4009-2015","link":"https://www.cnss.gov/CNSS/issuances/Instructions.cfm"}]}]},{"term":"Zone Signing Key (ZSK)","link":"https://csrc.nist.gov/glossary/term/zone_signing_key","abbrSyn":[{"text":"ZSK","link":"https://csrc.nist.gov/glossary/term/zsk"}],"definitions":[{"text":"An authentication key that corresponds to a private key used to sign a zone. Typically a zone signing key will be part of the same DNSKEY RRSet as the key signing key whose corresponding private key signs this DNSKEY RRSet, but the zone signing key is used for a slightly different purpose and may differ from the key signing key in other ways, such as validity lifetime. Designating an authentication key as a zone signing key is purely an operational issue: DNSSEC validation does not distinguish between zone signing keys and other DNSSEC authentication keys, and it is possible to use a single key as both a key signing key and a zone signing key. See also “key signing key.”","sources":[{"text":"NIST SP 800-81-2","link":"https://doi.org/10.6028/NIST.SP.800-81-2"}]}],"seeAlso":[{"text":"key signing key"},{"text":"Key Signing Key (KSK)","link":"key_signing_key"}]},{"term":"ZSK","link":"https://csrc.nist.gov/glossary/term/zsk","abbrSyn":[{"text":"Zone Signing Key"}],"definitions":null},{"term":"ZT","link":"https://csrc.nist.gov/glossary/term/zt","abbrSyn":[{"text":"Zero Trust","link":"https://csrc.nist.gov/glossary/term/zero_trust"}],"definitions":[{"text":"A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.","sources":[{"text":"NIST SP 800-207","link":"https://doi.org/10.6028/NIST.SP.800-207","underTerm":" under Zero Trust "}]}]},{"term":"ZTA","link":"https://csrc.nist.gov/glossary/term/zta","abbrSyn":[{"text":"zero trust architecture"},{"text":"Zero Trust Architecture","link":"https://csrc.nist.gov/glossary/term/zero_trust_architecture"}],"definitions":[{"text":"A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The zero trust security model eliminates implicit trust in any one element, component, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.","sources":[{"text":"NIST SP 800-160 Vol. 2 Rev. 1","link":"https://doi.org/10.6028/NIST.SP.800-160v2r1","underTerm":" under zero trust architecture ","refSources":[{"text":"E.O. 14028","link":"https://www.federalregister.gov/d/2021-10460"}]}]},{"text":"An enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.","sources":[{"text":"NIST SP 800-207","link":"https://doi.org/10.6028/NIST.SP.800-207","underTerm":" under Zero Trust Architecture "}]}]},{"term":"ZTNA","link":"https://csrc.nist.gov/glossary/term/ztna","abbrSyn":[{"text":"zero trust network access","link":"https://csrc.nist.gov/glossary/term/zero_trust_network_access"}],"definitions":null}]} \ No newline at end of file diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.zip b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.zip new file mode 100644 index 00000000..450b086d Binary files /dev/null and b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download/glossary-export.zip differ diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/fetchNistContent.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/fetchNistContent.mjs new file mode 100644 index 00000000..b47ecd3f --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchNistContent/fetchNistContent.mjs @@ -0,0 +1,88 @@ +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import downloadFile from '../../../modules-js-node/downloadFile.mjs'; +import unzipFile from '../../../modules-js-node/unzipFile.mjs'; +import path from 'path'; +import fs from 'fs'; +import { config as configDotEnv } from 'dotenv'; +configDotEnv(); + +console.log('Nist: Fetching external content...'); + +// CONFIG +const url = 'https://csrc.nist.gov/csrc/media/glossary/glossary-export.zip'; +const dir = './fetchExternalContent/fetchExternalGlossaries/fetchNistContent/download' +const filename = 'glossary-export.zip'; +const fullPath = path.join(dir, filename); // Use path.join for better compatibility +const overview = './static/json/overview.json'; + +const sourceJsonFullPath = dir + '/' + 'glossary-export.json'; `` +const filteredJsonFullPath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, 'terms-definitions-nist.json'); + +// END CONFIG + + + + +function filterJson(overviewPath, sourceJsonPath, filteredJsonPath) { + try { + // Read and parse the overview JSON + const overviewData = JSON.parse(fs.readFileSync(overviewPath, 'utf8')); + const terms = overviewData.values.slice(1).map(row => row[5]); + + // Read and parse the source JSON, with additional error handling for BOM + let sourceJsonRaw = fs.readFileSync(sourceJsonPath, 'utf8'); + if (sourceJsonRaw.charCodeAt(0) === 0xFEFF) { + sourceJsonRaw = sourceJsonRaw.slice(1); // Remove BOM + } + const sourceJsonData = JSON.parse(sourceJsonRaw); + + // Filter the terms, assign the appropriate 'definition', add 'organisation', rename 'link' to 'url', and add 'anchor' + const filteredTerms = sourceJsonData.parentTerms.filter(termObj => terms.includes(termObj.term)).map(termObj => { + if (termObj.definitions && termObj.definitions.length > 0 && termObj.definitions[0].text) { + termObj.definition = termObj.definitions[0].text; + } else { + termObj.definition = "Term found but the definition does not exist yet."; + } + termObj.organisation = "Nist"; + if (termObj.link) { + termObj.url = termObj.link; + delete termObj.link; + } + delete termObj.definitions; + termObj.anchor = termObj.term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + return termObj; + }); + + // Write only the filteredTerms array to the file + fs.writeFileSync(filteredJsonPath, JSON.stringify(filteredTerms, null, 4)); + + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filteredJsonPath, filteredJsonPath); + + } catch (error) { + console.error(`An error occurred: ${error.message}`); + } +} + +// Main function to run the tasks sequentially +async function main() { + try { + await downloadFile(url, fullPath); // Wait for download to complete + + // The function unzipFile is not asynchronous.It doesn't return a Promise, + // and the AdmZip library's extractAllTo method works synchronously. + // That means the JavaScript engine will automatically wait for unzipFile + // to complete before moving on to the next operation. + // Therefore, using await is not necessary in this specific instance. + unzipFile(fullPath, dir); // Then unzip + + // Usage + filterJson(overview, sourceJsonFullPath, filteredJsonFullPath); + + console.log('Download, unzip and processing completed'); + } catch (err) { + console.error('An error occurred:', err); + } +} + +main(); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/ToIPGlossaryWorkspace_PublicVersion_.html b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/ToIPGlossaryWorkspace_PublicVersion_.html new file mode 100644 index 00000000..d5e7c466 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/ToIPGlossaryWorkspace_PublicVersion_.html @@ -0,0 +1 @@ +

ToIP Glossary Workspace[a][b]

The purpose of this document is to enable collaboration on terminology between members of the Trust Over IP (ToIP) Foundation and any other community working on decentralized digital trust infrastructure. The goal is to foster a common understanding of specific concepts that are defined and labeled with a word or phrase (a term). We hope this effort will also serve as a common ground for developing mental models that explain the relationships between concepts and their terms.

ALL VIEWERS HAVE COMMENT PERMISSION. IF YOU WISH TO REQUEST EDIT PERMISSION, please email ToIP Concepts and Terminology Working Group Co-Chair drummond.reed@gendigital.com to request permission. Be sure to share the email address you use to access Google docs.

RULES FOR THIS WORKSPACE

These formatting rules will enable the contents of this document to be programmatically ingested into the Terminology Engine being developed by the ToIP Concepts and Terminology WG. This tooling enables production-quality glossaries to be generated for any ​​deliverable from the ToIP Foundation or from any other terms community who wants to use the open source Terminology Engine with this glossary or any other terminology source.

  1. Terms. All proposed terms MUST be Heading 1 paragraphs in alphabetical order.
  1. A term is a word (e.g. “identity”) or a short phrase (e.g., “identity provider”).
  1. Relations. If a term represents a relation between two concepts (entity classes), it MUST be followed by a phrase in parentheses () that identify such classes, e.g., “owner (of an entity)”.
  2. Capitalization. All terms MUST be lowercase unless the term is a proper noun (e.g. “ToIP”).
  3. Format of entries. A term MUST be followed on the next line by exactly one of the following:
  1. A synonym link.
  2. A definition.
  1. Synonym links. If a term is proposed to be a synonym for another term, it MUST be followed by a single line in the form “See: synonym term.where synonym term is a link followed by a period. This means that all acronyms are treated as synonym terms in this glossary.
  1. That single line MAY be followed by one additional property: the Note property, described below. This is for the rare case when it is helpful to add more description about the use of a particular acronym, e.g., “SSI”.
  1. Definitions. A definition MUST follow these rules:
  1. One sentence (the criterion) that MUST enable the reader to determine whether or not something is an instance (example) of that term.
  2. Another (optional) sentence (or two), that provides an example or other guidance that SHOULD enable readers to make proper judgments when using the criterion.
  3. If the definition of a term uses another term in the glossary, the referenced term MUST link to its definition (hint: highlight the word(s) to link, hit Command-K, and choose the first suggestion on the list).
  1. Optional properties. A defined term MAY include any of the following optional properties. Each MUST start on a new line and all properties MUST appear in the following order:
  1. TODO
  2. Source:
  3. Also known as:
  4. See also:
  5. Contrast with:
  6. Mental model:
  7. Supporting definitions:
  8. For more information:
  9. Note:
  1. TODO. To mark a term for which the definition still needs to be discussed by one or more terms communities, make the temporary definition the single word “TODO”. Follow this by one or more lines of text explaining:
  1. The terms communities working on (or who need to be consulted about) the definition.
  2. One or more references that point to the state of affairs in that discussion.
  3. All TODOs are expected to be resolved (or removed) before the glossary is complete.
  1. Source. If the definition is taken verbatim from an existing source, the definition MUST be followed by a reference in the form “Source: link.” where the link is a URL to the source definition.
  1. If the source definition includes links to other terms in the source material, any such term that appears in this glossary MUST be converted to an internal link in this document (hint: highlight the word(s) to link, hit Command-K, and choose the first suggestion on the list).
  1. Also known as. If a term is the target of a synonym (other than an acronym), it MAY include a reference in the form “Also known as: synonym termwhere synonym term is a link followed by a period.
  1. AKA terms MAY link to external definitions or in some cases no definition at all.
  1. See also. To propose one or more terms that describe a related concept (but NOT relations between concepts), add “See also: term 1, term 2.” where each term is a link.
  1. If there is more than one see also term, they MUST be separated with a comma.
  2. The final see also term MUST be followed by a period.
  1. Contrast with. To propose contrasting terms (especially antonyms), add “Contrast with: contrasting term 1, contrasting term 2.” where each contrasting term is a link.
  1. If there is more than one contrasting term, they MUST be separated with a comma.
  2. The final contrasting term MUST be followed by a period.
  1. Mental models. If there is a mental model associated with this term, add “Mental model: link.” where the link is to the authoritative mental model document.
  2. Supporting definitions. If the definition of a term can be further supported by showing one or more alternative definitions from existing sources (see the table below), the following rules apply:
  1. The supporting definitions must be preceded by a single separate line with the heading “Supporting definitions:”
  2. Each supporting definition MUST be preceded by the name of the source as listed in the table below.
  3. The name of the source MUST be linked to the source definition.
  4. The name of the source MUST be followed by a colon and the source definition.
  5. The source definition MUST end in a period.
  6. Any links in the source definitions MUST continue to point to their original targets, i.e., they should NOT be updated to point to those same terms in this glossary.
  1. For more information. To propose additional information about a term, add “For more information, see: link, link.” where link is a hyperlink to the recommended resource.
  1. If there is more than one link, each link MUST be separated with a comma.
  2. The final link MUST be followed by a period.
  1. Notes. To propose a note about a term, add “Note: text.” where the text explains the note. The text MUST be a single paragraph and MUST end with a period.

DEFINITION SOURCES

If you reference a supporting definition for a term from an existing source (e.g., Wikipedia, specification, industry glossary, etc.), please:

  1. Add it to the table below.
  2. Give the source glossary a short name.
  3. Include linking instructions for that source.

Short Name

Source Glossary

Linking Instructions

Wikipedia

Wikipedia

Link directly to the Wikipedia page for the term.

eSSIF-Lab

eSSIF-Lab Glossary

Link directly to the term in the glossary.

NIST-CSRC

NIST Computer Security Resource Center Glossary

Link directly to the term in the glossary.

PEMC IGR

Kantara Privacy Enhancing Mobile Credentials Implementors Guidance Report

Direct link.

W3C DID

W3C Decentralized Identifiers (DIDs) 1.0

Use this link: W3C DID.

W3C VC

W3C VC Data Model 1.1

Use this link: W3C VC.

Ethereum

Ethereum.org Glossary

Link directly to the ethereum.org web page.

Merriam-
Webster

Merriam-Webster Dictionary

Link directly to the term in the dictionary.

CLUSTER TERMS

Hyperlinking within this glossary reveals that certain terms are highly cross-referenced. These 20 cluster terms make good starting points for exploring the glossary as a whole.

AAL

See: authenticator assurance level.

ABAC

See: attribute-based access control.

access control

The process of granting or denying specific requests for obtaining and using information and related information processing services.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

accreditation (of an entity)

The independent, third-party evaluation of an entity, by a conformity assessment body (such as certification body, inspection body or laboratory) against recognised standards, conveying formal demonstration of its impartiality and competence to carry out specific conformity assessment tasks (such as certification, inspection and testing).

Source: Wikipedia.

accreditation body

A legal entity that performs accreditation.

See also: certification body.

ACDC

See: Authentic Chained Data Container.

action

Something that is actually done (a 'unit of work' that is executed) by a single actor (on behalf of a given party), as a single operation, in a specific context.

Source: eSSIF-Lab.

actor

An entity that can act (do things/execute actions), e.g. people, machines, but not organizations. A digital agent can serve as an actor acting on behalf of its principal.

Source: eSSIF-Lab.

address

See: network address.

administering authority

See: administering body.

administering body

A legal entity delegated by a governing body to administer the operation of a governance framework and governed infrastructure for a digital trust ecosystem, such as one or more trust registries.

Also known as: administering authority.

agency

In the context of decentralized digital trust infrastructure, the empowering of a party to act independently of its own accord, and in particular to empower the party to employ an agent to act on the party’s behalf.

agent

An actor that is executing an action on behalf of a party (called the principal of that actor). In the context of decentralized digital trust infrastructure, the term “agent” is most frequently used to mean a digital agent.

Source: eSSIF-Lab.

See also: wallet.

Note: In a ToIP context, an agent is frequently assumed to have privileged access to the wallet(s) of its principal. In market parlance, a mobile app performing the actions of an agent is often simply called a wallet or a digital wallet.

AID

See autonomic identifier.

anonymous

An adjective describing when the identity of a natural person or other actor is unknown.

See also: pseudonym.

anycast

Anycast is a network addressing and routing methodology in which a single IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and name servers, to bring their content closer to end users.

Source: Wikipedia.

See also: broadcast, multicast, unicast.

anycast address

A network address (especially an IP address) used for anycast routing of network transmissions.

appraisability (of a communications endpoint)

The ability for a communication endpoint identified with a verifiable identifier to be appraised for the set of its properties that enable a relying party or a verifier to make a trust decision about communicating with that endpoint.

See also: trust basis, verifiability.

appropriate friction

A user-experience design principle for information systems (such as digital wallets) specifying that the level of attention required of the holder for a particular transaction should provide a reasonable opportunity for an informed choice by the holder.

Source: PEMC IGR.

attestation

The issue of a statement, based on a decision, that fulfillment of specified requirements has been demonstrated. In the context of decentralized digital trust infrastructure, an attestation usually has a digital signature so that it is cryptographically verifiable.

Source: NIST-CSRC.

attribute

An identifiable set of data that describes an entity, which is the subject of the attribute.

See also: property.

Supporting definitions:

eSSIF-Lab: Data that represents a characteristic that a party (the owner of the attribute) has attributed to an entity (which is the subject of that attribute).

Note: An identifier is an attribute that uniquely identifies an entity within some context.

attribute-based access control

An access control approach in which access is mediated based on attributes associated with subjects (requesters) and the objects to be accessed. Each object and subject has a set of associated attributes, such as location, time of creation, access rights, etc. Access to an object is authorized or denied depending upon whether the required (e.g., policy-defined) correlation can be made between the attributes of that object and of the requesting subject.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.

audit (of system controls)

Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.

Source: NIST-CSRC.

audit log

An audit log is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, event, or device.

Source: Wikipedia.

Also known as: audit trail.

See also: key event log.

auditor (of an entity)

The party responsible for performing an audit. Typically an auditor must be accredited.

See also: human auditable.

assurance level

A level of confidence in a claim that may be relied on by others. Different types of assurance levels are defined for different types of trust assurance mechanisms. Examples include authenticator assurance level, federation assurance level, and identity assurance level.

authentication (of a user, process, or device)

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

Source: NIST-CSRC.

See also: authenticator, verifiable message.

Supporting definitions:

Wikipedia: The act of proving an assertion, such as the identity of a computer system user.

authenticator (of an entity)

Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity.

Source: NIST-CSRC.

authenticator assurance level

A measure of the strength of an authentication mechanism and, therefore, the confidence in it.

Source: NIST-CSRC.

See also: federation assurance level, identity assurance level, identity binding.

Note: In NIST SP 800-63-3, AAL is defined in terms of three levels: AAL1 (Some confidence), AAL2 (High confidence), AAL3 (Very high confidence).

Authentic Chained Data Container

A digital data structure designed for both cryptographic verification and chaining of data containers. ACDC may be used for digital credentials.

For more information, see: ToIP ACDC Task Force.

authenticity

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

Source: NIST-CSRC.

See also: confidentiality, correlation privacy, cryptographic verifiability.

authorization

The process of verifying that a requested action or service is approved for a specific entity.

Source: NIST-CSRC.

See also: permission.

authorized organizational representative

A person who has the authority to make claims, sign documents or otherwise commit resources on behalf of an organization.

Source: Law Insider

authorization graph

A graph of the authorization relationships between different entities in a trust community. In a digital trust ecosystem, the governing body is typically the trust root of an authorization graph. In some cases, an authorization graph can be traversed by making queries to one or more trust registries.

See also: governance graph, reputation graph, trust graph.

authoritative source

A source of information that a relying party considers to be authoritative for that information. In ToIP architecture, the trust registry authorized by the governance framework for a trust community is typically considered an authoritative source by the members of that trust community. A system of record is an authoritative source for the data records it holds. A trust root is an authoritative source for the beginning of a trust chain.

authority

A party of which certain decisions, ideas, rules etc. are followed by other parties.

Source: eSSIF-Lab.

autonomic identifier

The specific type of self-certifying identifier specified by the KERI specifications.

Also known as: AID.

biometric

A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.

Source: NIST

blockchain

A distributed digital ledger of cryptographically-signed transactions that are grouped into blocks. Each block is cryptographically linked to the previous one (making it tamper evident) after validation and undergoing a consensus decision. As new blocks are added, older blocks become more difficult to modify (creating tamper resistance). New blocks are replicated across copies of the ledger within the network, and any conflicts are resolved automatically using established rules.

Source: NIST-CSRC

Supporting definitions:

Wikipedia: A distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree, where data nodes are represented by leaves). Since each block contains information about the previous block, they effectively form a chain (compare linked list data structure), with each additional block linking to the ones before it. Consequently, blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

broadcast

In computer networking, telecommunication and information theory, broadcasting is a method of transferring a message to all recipients simultaneously. Broadcast delivers a message to all nodes in the network using a one-to-all association; a single datagram (or packet) from one sender is routed to all of the possibly multiple endpoints associated with the broadcast address. The network automatically replicates datagrams as needed to reach all the recipients within the scope of the broadcast, which is generally an entire network subnet.

Source: Wikipedia.

See also: anycast, multicast, unicast.

Supporting definitions:

NIST-CSRC: Transmission to all devices in a network without any acknowledgment by the receivers.

broadcast address

A broadcast address is a network address used to transmit to all devices connected to a multiple-access communications network. A message sent to a broadcast address may be received by all network-attached hosts. In contrast, a multicast address is used to address a specific group of devices, and a unicast address is used to address a single device. For network layer communications, a broadcast address may be a specific IP address.

Source: Wikipedia.

C2PA

See: Coalition for Content Provenance and Authenticity.

CA

See: certificate authority.

CAI

See: Content Authenticity Initiative.

certification authority

See: certificate authority.

certificate authority

The entity in a public key infrastructure (PKI) that is responsible for issuing public key certificates and exacting compliance to a PKI policy.

Source: NIST-CSRC.

Also known as: certification authority.

Supporting definitions:

Wikipedia: In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.[1] The format of these certificates is specified by the X.509 or EMV standard.

certification (of a party)

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Source: NIST-CSRC.

certification body

A legal entity that performs certification.

For more information: https://en.wikipedia.org/wiki/Professional_certification 

chain of trust

See: trust chain.

chained credentials

Two or more credentials linked together to create a trust chain between the credentials that is cryptographically verifiable.

Note: ACDCs are a type of digital credential that explicitly supports chaining.

chaining

See: trust chain.

channel

See: communication channel.

ciphertext

Encrypted (enciphered) data. The confidential form of the plaintext that is the output of the encryption function.

Source: NIST-CSRC.

claim

An assertion about a subject, typically expressed as an attribute or property of the subject. It is called a “claim” because the assertion is always made by some party, called the issuer of the claim, and the validity of the claim must be judged by the verifier. 

Supporting definitions:

W3C VC: An assertion made about a subject.

Wikipedia: A claim is a statement that one subject, such as a person or organization, makes about itself or another subject. For example, the statement can be about a name, group, buying preference, ethnicity, privilege, association or capability.

Note: If the issuer of the claim is also the subject of the claim, the claim is self-asserted.

Coalition for Content Provenance and Authenticity

C2PA is a Joint Development Foundation project of the Linux Foundation that addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content.

Also known as: C2PA.

See also: Content Authenticity Initiative.

communication

The transmission of information.

Source: Wikipedia.

See also: ToIP communication.

communication endpoint

A type of communication network node. It is an interface exposed by a communicating party or by a communication channel. An example of the latter type of a communication endpoint is a publish-subscribe topic or a group in group communication systems.

Source: Wikipedia.

See also: ToIP endpoint.

communication channel

A communication channel refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel in telecommunications and computer networking. A channel is used for information transfer of, for example, a digital bit stream, from one or several senders to one or several receivers.

Source: Wikipedia.

See also: ToIP channel.

Supporting definitions:

eSSIF-Lab: a (digital or non-digital) means by which two actors can exchange messages with one another.

communication metadata

Metadata that describes the sender, receiver, routing, handling, or contents of a communication. Communication metadata is often observable even if the contents of the communication are encrypted.

See also: correlation privacy.

communication session

A finite period for which a communication channel is instantiated and maintained, during which certain properties of that channel, such as authentication of the participants, are in effect. A session has a beginning, called the session initiation, and an ending, called the session termination.

Supporting definitions:

NIST-CSRC: A persistent interaction between a subscriber and an end point, either a relying party or a Credential Service Provider. A session begins with an authentication event and ends with a session termination event. A session is bound by use of a session secret that the subscriber’s software (a browser, application, or operating system) can present to the relying party or the Credential Service Provider in lieu of the subscriber’s authentication credentials.

Wikipedia: In computer science and networking in particular, a session is a time-delimited two-way link, a practical (relatively high) layer in the TCP/IP protocol enabling interactive expression and information exchange between two or more communication devices or ends – be they computers, automated systems, or live active users (see login session). A session is established at a certain point in time, and then ‘torn down’ - brought to an end - at some later point. An established communication session may involve more than one message in each direction. A session is typically stateful, meaning that at least one of the communicating parties needs to hold current state information and save information about the session history to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses. An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However, any unidirectional transmission does not define a session.

complex password

A password that meets certain security requirements, such as minimum length, inclusion of different character types, non-repetition of characters, and so on.

Supporting definitions:

Science Direct: According to Microsoft, complex passwords consist of at least seven characters, including three of the following four character types: uppercase letters, lowercase letters, numeric digits, and non-alphanumeric characters such as & $ * and !

compliance

In the context of decentralized digital trust infrastructure, the extent to which a system, actor, or party conforms to the requirements of a governance framework or trust framework that pertains to that particular entity.

See also: Governance, Risk Management, and Compliance.

Supporting definitions:

eSSIF-Lab: The state of realization of a set of conformance criteria or normative framework of a party.

concept

An abstract idea that enables the classification of entities, i.e., a mental construct that enables an instance of a class of entities to be distinguished from entities that are not an instance of that class. A concept can be identified with a term.

Supporting definitions:

eSSIF-Lab: the ideas/thoughts behind a classification of entities (what makes entities in that class 'the same').

Wikipedia: A concept is defined as an abstract idea. It is understood to be a fundamental building block underlying principles, thoughts and beliefs. Concepts play an important role in all aspects of cognition.

confidential computing

Hardware-enabled features that isolate and process encrypted data in memory so that the data is at less risk of exposure and compromise from concurrent workloads or the underlying system and platform.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.

confidentiality

In a communications context, a type of privacy protection in which messages use encryption or other privacy-preserving technologies so that only authorized parties have access.

See also: authenticity, correlation privacy.

Supporting definitions:

NIST-CSRC: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Wikipedia: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.

connection

A communication channel established between two communication endpoints. A connection may be ephemeral or persistent.

See also: ToIP connection.

Content Authenticity Initiative

The Content Authenticity Initiative (CAI) is an association founded in November 2019 by Adobe, the New York Times and Twitter. The CAI promotes an industry standard for provenance metadata defined by the C2PA. The CAI cites curbing disinformation as one motivation for its activities.

Source: Wikipedia.

Also known as: CAI.

controller (of a key, vault, wallet, agent, or device)

In the context of digital communications, the entity in control of sending and receiving digital communications. In the context of decentralized digital trust infrastructure, the entity in control of the cryptographic keys necessary to perform cryptographically verifiable actions using a digital agent and digital wallet. In a ToIP context, the entity in control of a ToIP endpoint.

See also: device controller, DID controller, ToIP controller.

Supporting definitions:

eSSIF-Lab: the role that an actor performs as it is executing actions on that entity for the purpose of ensuring that the entity will act/behave, or be used, in a particular way.

consent management

A system, process or set of policies under which a person agrees to share personal data for specific usages. A consent management system will typically create a record of such consent.

Supporting definitions:

Wikipedia: Consent management is a system, process or set of policies for allowing consumers and patients to determine what health information they are willing to permit their various care providers to access. It enables patients and consumers to affirm their participation in e-health initiatives and to establish consent directives to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy policies.

controlled document

A governance document whose authority is derived from a primary document.

correlation privacy

In a communications context, a type of privacy protection in which messages use encryption, hashes, or other privacy-preserving technologies to avoid the use of identifiers or other content that unauthorized parties may use to correlate the sender and/or receiver(s).

See also: authenticity, confidentiality.

counterparty

From the perspective of one party, the other party in a transaction, such as a financial transaction.

See also: first party, second party, third party.

Supporting definitions:

Wikipedia: A counterparty (sometimes contraparty) is a legal entity, unincorporated entity, or collection of entities to which an exposure of financial risk may exist.

credential

A container of claims describing one or more subjects. A credential is generated by the issuer of the credential and given to the holder of the credential. A credential typically includes a signature or some other means of proving its authenticity. A credential may be either a physical credential or a digital credential.

See also: verifiable credential.

Supporting definitions:

eSSIF-Lab: data, representing a set of assertions (claims, statements), authored and signed by, or on behalf of, a specific party.

W3C VC: A set of one or more claims made by an issuer.

credential family

A set of related digital credentials defined by a governing body (typically in a governance framework) to empower transitive trust decisions among the participants in a digital trust ecosystem.

credential governance framework

A governance framework for a credential family. A credential governance framework may be included within or referenced by an ecosystem governance framework.

credential offer

A protocol request invoked by an issuer to offer to issue a digital credential to the  holder of a digital wallet. If the request is invoked by the holder, it is called an issuance request.

credential request

See: issuance request.

credential schema

A data schema describing the structure of a digital credential. The W3C Verifiable Credentials Data Model Specification defines a set of requirements for credential schemas.

criterion

In the context of terminology, a written description of a concept that anyone can evaluate to determine whether or not an entity is an instance or example of that concept. Evaluation leads to a yes/no result.

cryptographic binding

Associating two or more related elements of information using cryptographic techniques.

Source: NIST-CSRC.

cryptographic key

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Symmetric cryptography refers to the practice of the same key being used for both encryption and decryption. Asymmetric cryptography has separate keys for encrypting and decrypting. These keys are known as the public keys and private keys, respectively.

Source: Wikipedia.

See also: controller.

cryptographic trust

A specialized type of technical trust that is achieved using cryptographic algorithms.

Contrast with: human trust.

cryptographic verifiability

The property of being cryptographically verifiable.

Contrast with: human auditability.

cryptographically verifiable

A property of a data structure that has been digitally signed using a private key such that the digital signature can be verified using the public key. Verifiable data, verifiable messages, verifiable credentials, and verifiable data registries are all cryptographically verifiable. Cryptographic verifiability is a primary goal of the ToIP Technology Stack.

Contrast with: human auditable.

cryptographically bound

A state in which two or more elements of information have a cryptographic binding.

custodial wallet

A digital wallet that is directly in the custody of a principal, i.e., under the principal’s direct personal or organizational control. A digital wallet that is in the custody of a third party is called a non-custodial wallet.

custodian

A third party that has been assigned rights and duties in a custodianship arrangement for the purpose of hosting and safeguarding a principal’s private keys, digital wallet and digital assets on the principal’s behalf. Depending on the custodianship arrangement, the custodian may act as an exchange and provide additional services, such as staking, lending, account recovery, or security features.

Contrast with: guardian, zero-knowledge service provider.

See also: custodial wallet.

Supporting definitions:

NIST-CSRC: A third-party entity that holds and safeguards a user’s private keys or digital assets on their behalf. Depending on the system, a custodian may act as an exchange and provide additional services, such as staking, lending, account recovery, or security features.

Note: While a custodian technically has the necessary access to in theory impersonate the principal, in most cases a custodian is expressly prohibited from taking any action on the principal’s account unless explicitly authorized by the principal. This is what distinguishes custodianship from guardianship.

custodianship arrangement

The informal terms or formal legal agreement under which a custodian agrees to provide service to a principal.

dark pattern

A design pattern, mainly in user interfaces, that has the effect of deceiving individuals into making choices that are advantageous to the designer.

Source: Kantara PEMC Implementors Guidance Report

Also known as: deceptive pattern.

data

In the pursuit of knowledge, data is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted. A datum is an individual value in a collection of data.

Source: Wikipedia.

See also: verifiable data.

Supporting definitions:

eSSIF-Lab: something (tangible) that can be used to communicate a meaning (which is intangible/information).

datagram

See: data packet.

data packet

In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network such as the Internet. A packet consists of control information and user data; the latter is also known as the payload. Control information provides data for delivering the payload (e.g., source and destination network addresses, error detection codes, or sequencing information). Typically, control information is found in packet headers and trailers.

Source: Wikipedia.

data schema

A description of the structure of a digital document or object, typically expressed in a machine-readable language in terms of constraints on the structure and content of documents or objects of that type. A credential schema is a particular type of data schema.

Supporting definitions:

Wikipedia: An XML schema is a description of a type of XML document, typically expressed in terms of constraints on the structure and content of documents of that type, above and beyond the basic syntactical constraints imposed by XML itself. These constraints are generally expressed using some combination of grammatical rules governing the order of elements, Boolean predicates that the content must satisfy, data types governing the content of elements and attributes, and more specialized rules such as uniqueness and referential integrity constraints.

data subject

The natural person that is described by personal data. Data subject is the term used by the EU General Data Protection Regulation.

data vault

See: digital vault.

decentralized identifier

A globally unique persistent identifier that does not require a centralized registration authority and is often generated and/or registered cryptographically. The generic format of a DID is defined in section 3.1 DID Syntax of the W3C Decentralized Identifiers (DIDs) 1.0 specification. A specific DID scheme is defined in a DID method specification.

Source: W3C DID.

Also known as: DID.

See also: DID method, DID URL.

decentralized identity

A digital identity architecture in which a digital identity is established via the control of a set of cryptographic keys in a digital wallet so that the controller is not dependent on any external identity provider or other third party.

See also: federated identity, self-sovereign identity.

Decentralized Identity Foundation

A non-profit project of the Linux Foundation chartered to develop the foundational components of an open, standards-based, decentralized identity ecosystem for people, organizations, apps, and devices.

See also: OpenWallet Foundation, ToIP Foundation.

For more information, see: http://identity.foundation/ 

Decentralized Web Node

A decentralized personal and application data storage and message relay node, as defined in the DIF Decentralized Web Node specification. Users may have multiple nodes that replicate their data between them.

Source: DIF DWN Specification.

Also known as: DWN.

For more information, see: https://identity.foundation/decentralized-web-node/spec/ 

deceptive pattern

See: dark pattern.

decryption

The process of changing ciphertext into plaintext using a cryptographic algorithm and key. The opposite of encryption.

Source: NIST-CSRC.

deep link

In the context of the World Wide Web, deep linking is the use of a hyperlink that links to a specific, generally searchable or indexed, piece of web content on a website (e.g. "https://example.com/path/page"), rather than the website's home page (e.g., "https://example.com"). The URL contains all the information needed to point to a particular item. Deep linking is different from mobile deep linking, which refers to directly linking to in-app content using a non-HTTP URI.

See also: out-of-band introduction.

Source: Wikipedia.

definition

A textual statement defining the meaning of a term by specifying criterion that enable the concept identified by the term to be distinguished from all other concepts within the intended scope.

Supporting definitions:

eSSIF-Lab: a text that helps parties to have the same understanding about the meaning of (and concept behind) a term, ideally in such a way that these parties can determine whether or not they make the same distinction.

Wikipedia: A definition is a statement of the meaning of a term (a word, phrase, or other set of symbols). Definitions can be classified into two large categories: intensional definitions (which try to give the sense of a term), and extensional definitions (which try to list the objects that a term describes). Another important category of definitions is the class of ostensive definitions, which convey the meaning of a term by pointing out examples. A term may have many different senses and multiple meanings, and thus require multiple definitions.

delegation

TODO

delegation credential

TODO

dependent

An entity for the caring for and/or protecting/guarding/defending of which a guardianship arrangement has been established with a guardian.

Source: eSSIF-Lab

See also: custodian.

Mental Model: eSSIF-Lab Guardianship

device controller

The controller of a device capable of digital communications, e.g., a smartphone, tablet, laptop, IoT device, etc.

dictionary

A dictionary is a listing of lexemes (words or terms) from the lexicon of one or more specific languages, often arranged alphabetically, which may include information on definitions, usage, etymologies, pronunciations, translation, etc. It is a lexicographical reference that shows inter-relationships among the data. Unlike a glossary, a dictionary may provide multiple definitions of a term depending on its scope or context.

Source: Wikipedia.

DID

See: decentralized identifier.

DID controller

An entity that has the capability to make changes to a DID document. A DID might have more than one DID controller. The DID controller(s) can be denoted by the optional controller property at the top level of the DID document. Note that a DID controller might be the DID subject.

Source: W3C DID.

See also: controller.

DID document

A set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID. A DID document might have one or more different representations as defined in section 6 of the W3C Decentralized Identifiers (DIDs) 1.0 specification.

Source: W3C DID.

DID method

A definition of how a specific DID method scheme is implemented. A DID method is defined by a DID method specification, which specifies the precise operations by which DIDs and DID documents are created, resolved, updated, and deactivated.

Source: W3C DID.

For more information: https://www.w3.org/TR/did-core/#methods 

DID subject

The entity identified by a DID and described by a DID document. Anything can be a DID subject: person, group, organization, physical thing, digital thing, logical thing, etc.

Source: W3C DID.

See also: subject.

DID URL

A DID plus any additional syntactic component that conforms to the definition in section 3.2 of the W3C Decentralized Identifiers (DIDs) 1.0 specification. This includes an optional DID path (with its leading / character), optional DID query (with its leading ? character), and optional DID fragment (with its leading # character).

Source: W3C DID.

digital agent

In the context of ​​decentralized digital trust infrastructure, an agent (specifically a type of software agent) that operates in conjunction with a digital wallet.

Note: In a ToIP context, a digital agent is frequently assumed to have privileged access to the digital wallet(s) of its principal. In market parlance, a mobile app that performs the actions of a digital agent is often simply called a wallet or a digital wallet.

digital asset

A digital asset is anything that exists only in digital form and comes with a distinct usage right. Data that do not possess that right are not considered assets.

Source: Wikipedia.

See also: digital credential.

digital certificate

See: public key certificate.

digital credential

A credential in digital form that is signed with a digital signature and held in a digital wallet. A digital credential is issued to a holder by an issuer; a proof of the credential is presented by the holder to a verifier.

See also: issuance request, presentation request, verifiable credential.

Contrast with: physical credential.

Supporting definitions:

Wikipedia: Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person.

digital ecosystem

A digital ecosystem is a distributed, adaptive, open socio-technical system with properties of self-organization, scalability and sustainability inspired from natural ecosystems. Digital ecosystem models are informed by knowledge of natural ecosystems, especially for aspects related to competition and collaboration among diverse entities.

Source: Wikipedia.

See also: digital trust ecosystem, trust community.

digital identity

An identity expressed in a digital form for the purpose representing the identified entity within a computer system or digital network.

Supporting definitions:

eSSIF-Lab: Digital data that enables a specific entity to be distinguished from all others in a specific context.

Wikipedia: Digital identity refers to the information utilized by computer systems to represent external entities, including a person, organization, application, or device. When used to describe an individual, it encompasses a person's compiled information and plays a crucial role in automating access to computer-based services, verifying identity online, and enabling computers to mediate relationships between entities.

digital rights management

Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) like access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM technologies govern the use, modification and distribution of copyrighted works (e.g. software, multimedia content) and of systems that enforce these policies within devices.

Source: Wikipedia.

Also known as: DRM.

digital trust ecosystem

A digital ecosystem in which the participants are one or more interoperating trust communities. Governance of the various roles of governed parties within a digital trust ecosystem (e.g., issuers, holders, verifiers, certification bodies, auditors) is typically managed by a governing body using a governance framework as recommended in the ToIP Governance Stack. Many digital trust ecosystems will also maintain one or more trust lists and/or trust registries.

digital trust utility

An information system, network, distributed database, or blockchain designed to provide one or more supporting services to higher level components of decentralized digital trust infrastructure. In the ToIP stack, digital trust utilities are at Layer 1. A verifiable data registry is one type of digital trust utility.

digital signature

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created by a known sender (authenticity), and that the message was not altered in transit (integrity).

Source: Wikipedia.

Supporting definitions:

NIST-CSRC: The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation.

digital vault

A secure container for data whose controller is the principal. A digital vault is most commonly used in conjunction with a digital wallet and a digital agent. A digital vault may be implemented on a local device or in the cloud; multiple digital vaults may be used by the same principal across different devices and/or the cloud; if so they may use some type of synchronization. If the capability is supported, data may flow into or out of the digital vault automatically based on subscriptions approved by the controller.

Also known as: data vault, encrypted data vault.

See also: enterprise data vault, personal data vault, virtual vault.

For more information, see: https://en.wikipedia.org/wiki/Personal_data_service, https://digitalbazaar.github.io/encrypted-data-vaults/

digital wallet

A user agent, optionally including a hardware component, capable of securely storing and processing cryptographic keys, digital credentials, digital assets and other sensitive private data that enables the controller to perform cryptographically verifiable operations. A non-custodial wallet is directly in the custody of a principal. A custodial wallet is in the custody of a third party. Personal wallets are held by individual persons; enterprise wallets are held by organizations or other legal entities.

See also: digital agent, key management system, wallet engine.

Supporting definitions:

eSSIF-Lab: a component that implements the capability to securely store data as requested by colleague agents, and to provide stored data to colleague agents or peer agents, all in compliance with the rules of its principal's wallet policy.

Wikipedia: A digital wallet, also known as an e-wallet, is an electronic device, online service, or software program that allows one party to make electronic transactions with another party bartering digital currency units for goods and services. This can include purchasing items either online or at the point of sale in a brick and mortar store, using either mobile payment (on a smartphone or other mobile device) or (for online buying only) using a laptop or other personal computer. Money can be deposited in the digital wallet prior to any transactions or, in other cases, an individual's bank account can be linked to the digital wallet. Users might also have their driver's license, health card, loyalty card(s) and other ID documents stored within the wallet. The credentials can be passed to a merchant's terminal wirelessly via near field communication (NFC).

Note: In market parlance, a mobile app that performs the actions of a digital agent and has access to a set of cryptographic keys is often simply called a wallet or a digital wallet.

distributed ledger

A distributed ledger (also called a shared ledger or distributed ledger technology or DLT) is the consensus of replicated, shared, and synchronized digital data that is geographically spread (distributed) across many sites, countries, or institutions. In contrast to a centralized database, a distributed ledger does not require a central administrator, and consequently does not have a single (central) point-of-failure. In general, a distributed ledger requires a peer-to-peer (P2P) computer network and consensus algorithms so that the ledger is reliably replicated across distributed computer nodes (servers, clients, etc.). The most common form of distributed ledger technology is the blockchain, which can either be on a public or private network.

Source: Wikipedia.

domain

See: security domain.

See also: trust domain.

DRM

See: digital rights management.

DWN

See: Decentralized Web Node.

ecosystem

See: digital ecosystem.

ecosystem governance framework

A governance framework for a digital trust ecosystem. An ecosystem governance framework may incorporate, aggregate, or reference other types of governance frameworks such as a credential governance framework or a utility governance framework.

eIDAS

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016-2018.

Source: Wikipedia.

encrypted data vault

See: digital vault.

encryption

Cryptographic transformation of data (called plaintext) into a form (called ciphertext) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called decryption, which is a transformation that restores encrypted data to its original state.

Source: NIST-CSRC.

end-to-end encryption

Encryption that is applied to a communication before it is transmitted from the sender’s communication endpoint and cannot be decrypted until after it is received at the receiver’s communication endpoint. When end-to-end encryption is used, the communication cannot be decrypted in transit no matter how many intermediary systems are involved in the routing process.

Supporting definitions:

Wikipedia: End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves.

End-to-End Principle

The end-to-end principle is a design framework in computer networking. In networks designed according to this principle, guaranteeing certain application-specific features, such as reliability and security, requires that they reside in the communicating end nodes of the network. Intermediary nodes, such as gateways and routers, that exist to establish the network, may implement these to improve efficiency but cannot guarantee end-to-end correctness.

Source: Wikipedia.

For more information, see: https://trustoverip.org/permalink/Design-Principles-for-the-ToIP-Stack-V1.0-2022-11-17.pdf 

endpoint

See: communication endpoint.

See also: ToIP endpoint.

endpoint system

The system that operates a communications endpoint. In the context of the ToIP stack, an endpoint system is one of three types of systems defined in the ToIP Technology Architecture Specification.

See also: intermediary system, supporting system.

enterprise data vault

A digital vault whose controller is an organization.

enterprise wallet

A digital wallet whose holder is an organization.

Contrast with: personal wallet.

entity

Someone or something that is known to exist.

Source: eSSIF-Lab.

ephemeral connection

A connection that only exists for the duration of a single communication session or transaction.

Contrast with: persistent connection.

expression language

A language for creating a computer-interpretable (machine-readable) representation of specific knowledge.

Source: Wikipedia.

FAL

See: federation assurance level.

federated identity

A digital identity architecture in which a digital identity established on one computer system, network, or trust domain is linked to other computer systems, networks, or trust domains for the purpose of identifying the same entity across those domains.

See also: decentralized identity, self-sovereign identity.

Supporting definitions:

NIST-CSRC; A process that allows for the conveyance of identity and authentication information across a set of networked systems.

Wikipedia: A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

federation

A group of organizations that collaborate to establish a common trust framework or governance framework for the exchange of identity data in a federated identity system.

See also: trust community

Supporting definitions:

NIST-CSRC: A collection of realms (domains) that have established trust among themselves. The level of trust may vary, but typically includes authentication and may include authorization.

federation assurance level

A category that describes the federation protocol used to communicate an assertion containing authentication and attribute information (if applicable) to a relying party, as defined in NIST SP 800-63-3 in terms of three levels: FAL 1 (Some confidence), FAL 2 (High confidence), FAL 3 (Very high confidence).

Source: NIST-CSRC.

See also: authenticator assurance level, identity assurance level.

fiduciary

A fiduciary is a person who holds a legal or ethical relationship of trust with one or more other parties (person or group of persons). Typically, a fiduciary prudently takes care of money or other assets for another person. One party, for example, a corporate trust company or the trust department of a bank, acts in a fiduciary capacity to another party, who, for example, has entrusted funds to the fiduciary for safekeeping or investment. In a fiduciary relationship, one person, in a position of vulnerability, justifiably vests confidence, good faith, reliance, and trust in another whose aid, advice, or protection is sought in some matter.

Source: Wikipedia.

first party

The party who initiates a trust relationship, connection, or transaction with a second party.

See also: third party, fourth party.

foundational identity

A set of identity data, such as a credential, issued by an authoritative source for the legal identity of the subject. Birth certificates, passports, driving licenses, and other forms of government ID documents are considered foundational identity documents. Foundational identities are often used to provide identity binding for functional identities.

Contrast with: functional identity.

fourth party

A party that is not directly involved in the trust relationship between a first party and a second party, but provides supporting services exclusively to the first party (in contrast with a third party, who in most cases provides supporting services to the second party). In its strongest form, a fourth party has a fiduciary relationship with the first party.

functional identity

A set of identity data, such as a credential, that is issued not for the purpose of establishing a foundational identity for the subject, but for the purpose of establishing other attributes, qualifications, or capabilities of the subject. Loyalty cards, library cards, and employee IDs are all examples of functional identities. Foundational identities are often used to provide identity binding for functional identities.

gateway

A gateway is a piece of networking hardware or software used in telecommunications networks that allows data to flow from one discrete network to another. Gateways are distinct from routers or switches in that they communicate using more than one protocol to connect multiple networks[1][2] and can operate at any of the seven layers of the open systems interconnection model (OSI).

See also: intermediary.

Source: Wikipedia.

GDPR

See: General Data Protection Regulation.

General Data Protection Regulation

The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business.

Source: Wikipedia.

Also known as: GDPR.

glossary

A glossary (from Ancient Greek: γλῶσσα, glossa; language, speech, wording), also known as a vocabulary or clavis, is an alphabetical list of terms in a particular domain of knowledge (scope) together with the definitions for those terms. Unlike a dictionary, a glossary has only one definition for each term.

Source: Wikipedia.

governance

The act or process of governing or overseeing the realization of (the results associated with) a set of objectives by the owner of these objectives, in order to ensure they will be fit for the purposes that this owner intends to use them for.

Source: eSSIF-Lab.

Governance, Risk Management, and Compliance

Governance, risk management, and compliance (GRC) are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization's structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures, etc.)

Source: Wikipedia.

Also known as: GRC.

governance diamond

A term that refers to the addition of a governing body to the standard trust triangle of issuers, holders, and verifiers of credentials. The resulting combination of four parties represents the basic structure of a digital trust ecosystem.

governance document

A document with at least one identifier that specifies governance requirements for a trust community.

Note: A governance document is a component of a governance framework.

governance framework

A collection of one or more governance documents published by the governing body of a trust community.

Also known as: trust framework.

Note: In the digital identity industry specifically, a governance framework is better known as a trust framework. ToIP-conformant governance frameworks conform to the ToIP Governance Architecture Specification and follow the ToIP Governance Metamodel.

governance graph

A graph of the governance relationships between entities with a trust community. A governance graph shows which nodes are the governing bodies and which are the governed parties. In some cases, a governance graph can be traversed by making queries to one or more trust registries.Note: a party can play both roles and also be a participant in multiple governance frameworks.

See also: authorization graph, reputation graph, trust graph.

governance requirement

A requirement such as a policy, rule, or technical specification specified in a governance document.

See also: technical requirement.

governed use case

A use case specified in a governance document that results in specific governance requirements within that governance framework. Governed use cases may optionally be discovered via a trust registry authorized by the relevant governance framework.

governed party

A party whose role(s) in a trust community is governed by the governance requirements in a governance framework.

governed information

Any information published under the authority of a governing body for the purpose of governing a trust community. This includes its governance framework and any information available via an authorized trust registry.

governing authority

See: governing body.

governing body

The party (or set of parties) authoritative for governing a trust community, usually (but not always) by developing, publishing, maintaining, and enforcing a governance framework. A governing body may be a government, a formal legal entity of any kind, an informal group of any kind, or an individual. A governing body may also delegate operational responsibilities to an administering body.

Also known as: governing authority.

GRC

See: Governance, Risk Management, and Compliance.

guardian

A party that has been assigned rights and duties in a guardianship arrangement for the purpose of caring for, protecting, guarding, and defending the entity that is the dependent in that guardianship arrangement. In the context of decentralized digital trust infrastructure, a guardian is issued guardianship credentials into their own digital wallet in order to perform such actions on behalf of the dependent as are required by this role.

Source: eSSIF-Lab

See also: custodian, zero-knowledge service provider.

Mental Model: eSSIF-Lab Guardianship

Supporting definitions:

Wikipedia: A legal guardian is a person who has been appointed by a court or otherwise has the legal authority (and the corresponding duty) to make decisions relevant to the personal and property interests of another person who is deemed incompetent, called a ward.

For more information, see: On Guardianship in Self-Sovereign Identity V2.0 (April, 2023).

Note: A guardian is a very different role than a custodian, who does not take any actions on behalf of a principal unless explicitly authorized.

guardianship arrangement

A guardianship arrangement (in a jurisdiction) is the specification of a set of rights and duties between legal entities of the jurisdiction that enforces these rights and duties, for the purpose of caring for, protecting, guarding, and defending one or more of these entities. At a minimum, the entities participating in a guardianship arrangement are the guardian and the dependent.

Source: eSSIF-Lab

See also: custodianship arrangement.

Mental Model: eSSIF-Lab Guardianship

For more information, see: On Guardianship in Self-Sovereign Identity V2.0 (April, 2023).

guardianship credential

A digital credential issued by a governing body to a guardian to empower the guardian to undertake the rights and duties of a guardianship arrangement on behalf of a dependent.

hardware security module

A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing.

Source: NIST-CSRC.

Also known as: HSM.

Supporting definitions:

NIST-CSRC: A physical computing device that provides tamper-evident and intrusion-resistant safeguarding and management of digital keys and other secrets, as well as crypto-processing. FIPS 140-2 specifies requirements for HSMs.

Wikipedia: A physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

hash

The result of applying a hash function to a message.

Source: NIST-CSRC.

Also known as: hash output, hash result, hash value.

hash function

An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message. Approved hash functions satisfy the following properties: one-way (it is computationally infeasible to find any input that maps to any pre-specified output); and collision resistant (it is computationally infeasible to find any two distinct inputs that map to the same output).

Source: NIST-CSRC.

holder (of a claim or credential)

A role an agent performs by serving as the controller of the cryptographic keys and digital credentials in a digital wallet. The holder makes issuance requests for credentials and responds to presentation requests for credentials. A holder is usually, but not always, a subject of the credentials they are holding.

See also: issuer, verifier.

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

Supporting definitions:

eSSIF-Lab: a component that implements the capability to handle presentation requests from a peer agent, produce the requested data (a presentation) according to its principal's holder-policy, and send that in response to the request.

W3C VC: A role an entity might perform by possessing one or more verifiable credentials and generating presentations from them. A holder is usually, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories.

holder binding

The process of creating and verifying a relationship between the holder of a digital wallet and the wallet itself. Holder binding is related to but NOT the same as subject binding.

host

A host is any hardware device that has the capability of permitting access to a network via a user interface, specialized software, network address, protocol stack, or any other means. Some examples include, but are not limited to, computers, personal electronic devices, thin clients, and multi-functional devices.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: A network host is a computer or other device connected to a computer network. A host may work as a server offering information resources, services, and applications to users or other hosts on the network. Hosts are assigned at least one network address. A computer participating in networks that use the Internet protocol suite may also be called an IP host. Specifically, computers participating in the Internet are called Internet hosts. Internet hosts and other IP hosts have one or more IP addresses assigned to their network interfaces.

hourglass model

An architectural model for layered systems—and specifically for the protocol layers in a protocol stack—in which a diversity of supporting protocols and services at the lower layers are able to support a great diversity of protocols and applications at the higher layers through the use of a single protocol in the spanning layer in the middle—the “neck” of the hourglass.

See also: trust spanning protocol.

For more information, see: https://trustoverip.org/permalink/Design-Principles-for-the-ToIP-Stack-V1.0-2022-11-17.pdf and https://cacm.acm.org/magazines/2019/7/237714-on-the-hourglass-model/abstract 

Note: The Internet’s TCP/IP stack follows the hourglass model, and it is the design model for the ToIP stack.

HSM

See: hardware security module.

human auditability

See: human auditable.

Contrast with: cryptographic verifiability.

human auditable

A process or procedure whose compliance with the policies in a trust framework or governance framework can only be verified by a human performing an audit. Human auditability is a primary goal of the ToIP Governance Stack.

Contrast with: cryptographically verifiable.

human experience

The processes, patterns and rituals of acquiring knowledge or skill from doing, seeing, or feeling things as a natural person. In the context of decentralized digital trust infrastructure, the direct experience of a natural person using trust applications to make trust decisions within one or more digital trust ecosystems.

Note: Human experience includes social experiences (e.g., rituals, behaviors, ceremonies and rites of passage), as well as customer experience, worker or employee experience, and user experience.

human-readable

Information that can be processed by a human but that is not intended to be machine-readable.

human trust

A level of assurance in a trust relationship that can be achieved only via human evaluation of applicable trust factors.

Contrast with: technical trust.

IAL

See: identity assurance level.

identification

The action of a party obtaining the set of identity data necessary to serve as that party’s identity for a specific entity.

Note: The act of identification of a specific entity is relational to each party that needs to perform that action. Therefore each party may end up with their own set of identity data that meets their specific requirements for their specific scope.

identifier

A single attribute—typically a character string—that uniquely identifies an entity within a specific context (which may be a global context). Examples include the name of a party, the URL of an organization, or a serial number for a man-made thing.

Supporting definitions:

eSSIF-Lab: a character string that is being used for the identification of some entity (yet may refer to 0, 1, or more entities, depending on the context within which it is being used).

identity

A collection of attributes or other identity data that describe an entity and enable it to be distinguished from all other entities within a specific scope of identification. Identity attributes may include one or more identifiers for an entity, however it is possible to establish an identity without using identifiers.

Supporting definitions:

eSSIF-Lab: the combined knowledge about that entity of all parties, i.e. the union of all partial identities of which that entity is the subject.

Note: Identity is relational to the party performing the identification. For example, if 100 different parties have an identity for the same entity, each of them may hold a different set of identity data enabling identification of that entity.

identity assurance level

A category that conveys the degree of confidence that a person’s claimed identity is their real identity, for example as defined in NIST SP 800-63-3 in terms of three levels: IAL 1 (Some confidence), IAL 2 (High confidence), IAL 3 (Very high confidence).

Source: NIST-CSRC.

See also: authenticator assurance level, federation assurance level.

identity binding

The process of associating a set of identity data, such as a credential, with its subject, such as a natural person. The strength of an identity binding is one factor in determining an authenticator assurance level.

See also: identity assurance level, identity proofing.

identity data

The set of data held by a party in order to provide an identity for a specific entity.

identity document

A physical or digital document containing identity data. A credential is a specialized form of identity document. Birth certificates, bank statements, and utility bills can all be considered identity documents.

identity proofing

The process of a party gathering sufficient identity data to establish an identity for a particular subject at a particular identity assurance level.

See also: identity binding.

Supporting definitions:

NIST-CSRC: The process of providing sufficient information (e.g., identity history, credentials, documents) to establish an identity.

identity provider

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Source: Wikipedia.

Note: The term “identity provider” is used in federated identity systems because it is a required component of their architecture. By contrast, decentralized identity and self-sovereign identity systems do not use the term because they are architected to enable entities to create and control their own digital identities without the need to depend on an external provider.

IDP

See: identity provider.

impersonation

In the context of cybersecurity, impersonation is when an attacker pretends to be another person in order to commit fraud or some other digital crime.

Supporting definitions:

Wikipedia: An impersonator is someone who imitates or copies the behavior or actions of another. As part of a criminal act such as identity theft, the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information, or to gain property not belonging to them. Also known as social engineering and impostors.

integrity (of a data structure)

In IT security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner.

Source: Wikipedia.

intermediary system

A system that operates at ToIP Layer 2, the trust spanning layer of the ToIP stack, in order to route ToIP messages between endpoint systems. A supporting system is one of three types of systems defined in the ToIP Technology Architecture Specification.

See also: endpoint system, supporting system.

Internet Protocol

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite (also known as the TCP/IP suite) for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.

Source: Wikipedia.

Also known as: IP.

See also: Transmission Control Protocol, User Datagram Protocol.

Internet protocol suite

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP).

Source: Wikipedia

Also known as: TCP/IP.

See also: protocol stack.

IP

See: Internet Protocol.

IP address

An Internet Protocol address (IP address) is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification, and location addressing.

Source: Wikipedia.

issuance

The action of an issuer producing and transmitting a digital credential to a holder. A holder may request issuance by submitting an issuance request.

See also: presentation, revocation.

issuance request

A protocol request invoked by the holder of a digital wallet to obtain a digital credential from an issuer.

See also: presentation request.

issuer (of a claim or credential)

A role an agent performs to package and digitally sign a set of claims, typically in the form of a digital credential, and transmit them to a holder.

See also: verifier, holder.

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

Supporting definitions:

eSSIF-Lab: a component that implements the capability to construct credentials from data objects, according to the content of its principal's issuer-Policy (specifically regarding the way in which the credential is to be digitally signed), and pass it to the wallet-component of its principal allowing it to be issued.

W3C VC: A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder.

jurisdiction

The composition of: a) a legal system (legislation, enforcement thereof, and conflict resolution), b) a party that governs that legal system, c) a scope within which that legal system is operational, and d) one or more objectives for the purpose of which the legal system is operated.

Source: eSSIF-Lab

Mental model: eSSIF-Lab Jurisdictions

KATE

See: keys-at-the-edge.

KERI

See: Key Event Receipt Infrastructure.

key

See: cryptographic key.

key establishment

A process that results in the sharing of a key between two or more entities, either by transporting a key from one entity to another (key transport) or generating a key from information shared by the entities (key agreement).

Source: NIST-CSRC.

key event

An event in the history of the usage of a cryptographic key pair. There are multiple types of key events. The inception event is when the key pair is first generated. A rotation event is when the key pair is changed to a new key pair. In some key management systems (such as KERI), key events are tracked in a key event log.

key event log

An ordered sequence of records of key events.

Note: Key event logs are a fundamental data structure in KERI.

Key Event Receipt Infrastructure

A decentralized permissionless key management architecture.

Also known as: KERI.

For more information, see: https://keri.one/, ToIP ACDC Task Force

key management system

A system for the management of cryptographic keys and their metadata (e.g., generation, distribution, storage, backup, archive, recovery, use, revocation, and destruction). An automated key management system may be used to oversee, automate, and secure the key management process. A key management is often protected by implementing it within the trusted execution environment (TEE) of a device. An example is the Secure Enclave on Apple iOS devices.

Also known as: KMS.

Source: NIST-CRSC.

keys-at-the-edge

A key management architecture in which keys are stored on a user’s local edge devices, such as a smartphone, tablet, or laptop, and then used in conjunction with a secure protocol to unlock a key management system (KMS) and/or a digital vault in the cloud. This approach can enable the storage and sharing of large data structures that are not feasible on edge devices. This architecture can also be used in conjunction with confidential computing to enable cloud-based digital agents to safely carry out “user not present” operations.

Also known as: KATE.

KMS

See: key management system.

knowledge

The (intangible) sum of what is known by a specific party, as well as the familiarity, awareness or understanding of someone or something by that party.

Source: eSSIF-Lab.

Laws of Identity

A set of seven “laws” written by Kim Cameron, former Chief Identity Architect of Microsoft (1941-2021), to describe the dynamics that cause digital identity systems to succeed or fail in various contexts. His goal was to define the requirements for a unifying identity metasystem that can offer the Internet the identity layer it needs.

For more information, see: https://www.identityblog.com/?p=352.

Layer 1

See: ToIP Layer 1.

Layer 2

See: ToIP Layer 2.

Layer 3

See: ToIP Layer 3.

Layer 4

See: ToIP Layer 4.

legal entity

An entity that is not a natural person but is recognized as having legal rights and responsibilities. Examples include corporations, partnerships, sole proprietorships, non-profit organizations, associations, and governments. (In some cases even natural systems such as rivers are treated as legal entities.)

See also: Legal Entity Identifier, legal person, organization.

Legal Entity Identifier

The Legal Entity Identifier (LEI) is a unique global identifier for legal entities participating in financial transactions. Also known as an LEI code or LEI number, its purpose is to help identify legal entities on a globally accessible database. Legal entities are organisations such as companies or government entities that participate in financial transactions.

Source: Wikipedia.

Note: LEIs are administered by the Global Legal Entity Identifier Foundation (GLEIF).

legal identity

A set of identity data considered authoritative to identify a party for purposes of legal accountability under one or more jurisdictions.

See also: foundational identity, functional identity.

legal person

In law, a legal person is any person or 'thing' that can do the things a human person is usually able to do in law – such as enter into contracts, sue and be sued, own property, and so on.[3][4][5] The reason for the term "legal person" is that some legal persons are not people: companies and corporations are "persons" legally speaking (they can legally do most of the things an ordinary person can do), but they are not people in a literal sense (human beings).

Source: Wikipedia.

Contrast with: natural person.

See also: legal entity, organization.

legal system

A system in which policies and rules are defined, and mechanisms for their enforcement and conflict resolution are (implicitly or explicitly) specified. Legal systems are not just defined by governments; they can also be defined by a governance framework.

Source: eSSIF-Lab

LEI

See: Legal Entity Identifier.

level of assurance

See: assurance level.

liveness detection

Any technique used to detect a presentation attack by determining whether the source of a biometric sample is a live human being or a fake representation. This is typically accomplished using algorithms that analyze biometric sensor data to detect whether the source is live or reproduced.

Also known as: proof of presence.

locus of control

The set of computing systems under a party’s direct control, where messages and data do not cross trust boundaries.

machine-readable

Information written in a computer language or expression language so that it can be read and processed by a computing device.

Contrast with: human-readable.

man-made thing

A thing generated by human activity of some kind. Man-made things include both active things, such as cars or drones, and passive things, such as chairs or trousers.

Source: Sovrin Foundation Glossary V3

Contrast with: natural thing.

Note: Active things are the equivalent of non-human actors in the eSSIF-Lab mental model Parties, Actors, Actions. Also see Appendix B and Appendix C of the Sovrin Glossary.

mandatory

A requirement that must be implemented in order for an implementer to be in compliance. In ToIP governance frameworks, a mandatory requirement is expressed using a MUST or REQUIRED keyword as defined in IETF RFC 2119.

See also: recommended, optional.

For more information, see: https://www.rfc-editor.org/rfc/rfc2119.

metadata

Information describing the characteristics of data including, for example, structural metadata describing data structures (e.g., data format, syntax, and semantics) and descriptive metadata describing data contents (e.g., information security labels).

Source: NIST-CSRC.

See also: communication metadata.

Supporting definitions:

Wikipedia: Metadata (or metainformation) is "data that provides information about other data", but not the content of the data itself, such as the text of a message or the image itself.

message

A discrete unit of communication intended by the source for consumption by some recipient or group of recipients.

Source: Wikipedia.

See also: ToIP message, verifiable message.

mobile deep link

In the context of mobile apps, deep linking consists of using a uniform resource identifier (URI) that links to a specific location within a mobile app rather than simply launching the app. Deferred deep linking allows users to deep link to content even if the app is not already installed. Depending on the mobile device platform, the URI required to trigger the app may be different.

Source: Wikipedia.

MPC

See: multi-party computation.

multicast

In computer networking, multicast is group communication where data transmission is addressed (using a multicast address) to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with physical layer point-to-multipoint communication.

Source: Wikipedia.

See also: anycast, broadcast, unicast.

multicast address

A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service.

Source: Wikipedia.

See also: broadcast address, unicast address.

multi-party computation

Secure multi-party computation (also known as secure computation, multi-party computation (MPC) or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Unlike traditional cryptographic tasks, where cryptography assures security and integrity of communication or storage and the adversary is outside the system of participants (an eavesdropper on the sender and receiver), the cryptography in this model protects participants' privacy from each other.

Source: Wikipedia.

Also known as: MPC, secure multi-party computation.

multi-party control

A variant of multi-party computation where multiple parties must act in concert to meet a control requirement without revealing each other’s data. All parties are privy to the output of the control, but no party learns anything about the others.

multi-signature

A cryptographic signature scheme where the process of signing information (e.g., a transaction) is distributed among multiple private keys.

Source: NIST-CSRC.

natural person

A person (in legal meaning, i.e., one who has its own legal personality) that is an individual human being, distinguished from the broader category of a legal person, which may be a private (i.e., business entity or non-governmental organization) or public (i.e., government) organization.

Source: Wikipedia.

See also: legal entity, party.

Contrast with: legal person

natural thing

A thing that exists in the natural world independently of humans. Although natural things may form part of a man-made thing, natural things are mutually exclusive with man-made things.

Source: Sovrin Foundation Glossary V3.

Contrast with: man-made thing.

For more information see: Appendix B and Appendix C of the Sovrin Glossary

Note: Natural things (those recognized to have legal rights) can be parties but never actors in the eSSIF-Lab mental model Parties, Actors, Actions.

network address

A network address is an identifier for a node or host on a telecommunications network. Network addresses are designed to be unique identifiers across the network, although some networks allow for local, private addresses, or locally administered addresses that may not be unique. Special network addresses are allocated as broadcast or multicast addresses. A network address designed to address a single device is called a unicast address.

Source: Wikipedia.

node

In telecommunications networks, a node (Latin: nodus, ‘knot’) is either a redistribution point or a communication endpoint. The definition of a node depends on the network and protocol layer referred to. A physical network node is an electronic device that is attached to a network, and is capable of creating, receiving, or transmitting information over a communication channel.

Source: Wikipedia.

non-custodial wallet

A digital wallet that is directly in the control of the holder, usually because the holder is the device controller of the device hosting the digital wallet (smartcard, smartphone, tablet, laptop, desktop, car, etc.) A digital wallet that is in the custody of a third party is called a custodial wallet.

objective

Something toward which a party (its owner) directs effort (an aim, goal, or end of action).

Source: eSSIF-Lab.

OOBI

See: out-of-band introduction.

OpenWallet Foundation

A non-profit project of the Linux Foundation chartered to build a world-class open source wallet engine.

See also: Decentralized Identity Foundation, ToIP Foundation.

For more information, see: https://openwallet.foundation/ 

operational circumstances

In the context of privacy protection, this term denotes the context in which privacy trade-off decisions are made. It includes the regulatory environment and other non-technical factors that bear on what reasonable privacy expectations might be.

Source: PEMC IGR

optional

A requirement that is not mandatory or recommended to implement in order for an implementer to be in compliance, but which is left to the implementer’s choice. In ToIP governance frameworks, an optional requirement is expressed using a MAY or OPTIONAL keyword as defined in IETF RFC 2119.

See also: mandatory, recommended.

For more information, see: https://www.rfc-editor.org/rfc/rfc2119.

organization

A party that consists of a group of parties who agree to be organized into a specific form in order to better achieve a common set of objectives. Examples include corporations, partnerships, sole proprietorships, non-profit organizations, associations, and governments.

See also: legal entity, legal person.

Supporting definitions:

eSSIF-Lab: a party that is capable of setting objectives and making sure these are realized by actors that it has onboarded and/or by (vetted) parties that are committed to contribute to these objectives.

organizational authority

A type of authority where the party asserting its right is an organization.

out-of-band introduction

A process by which two or more entities exchange VIDs in order to form a cryptographically verifiable connection (e.g., a ToIP connection), such as by scanning a QR code (in person or remotely) or clicking a deep link.

Also known as: OOBI.

owner (of an entity)

The role that a party performs when it is exercising its legal, rightful or natural title to control a specific entity.

Source: eSSIF-Lab.

See also: controller.

P2P

See: peer-to-peer.

party

An entity that sets its objectives, maintains its knowledge, and uses that knowledge to pursue its objectives in an autonomous (sovereign) manner. Humans and organizations are the typical examples.

Source: eSSIF-Lab.

See also: first party, second party, third party, natural person

password

A string of characters (letters, numbers and other symbols) that are used to authenticate an identity, verify access authorization or derive cryptographic keys.

Source: NIST-CSRC.

See also: complex password.

peer

In the context of digital networks, an actor on the network that has the same status, privileges, and communications options as the other actors on the network.

See also: peer-to-peer.

Supporting definitions:

eSSIF-Lab: the actor with whom/which this other actor is communicating in that communication session.

peer-to-peer

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. This forms a peer-to-peer network of nodes.

Source: Wikipedia.

permission

Authorization to perform some action on a system.

Source: NIST-CSRC.

persistent connection

A connection that is able to persist across multiple communication sessions. In a ToIP context, a persistent connection is established when two ToIP endpoints exchange verifiable identifiers that they can use to re-establish the connection with each other whenever it is needed.

Contrast with: ephemeral connection.

personal data

Any information relating to an identified or identifiable natural person (called a data subject under GDPR).

Source: NIST-CSRC.

personal data store

See: personal data vault.

Note: In the market, the term “personal data store” has also been used to generally mean a combination of the functions of a personal digital agent, personal wallet, and personal data vault.

personal data vault

A digital vault whose controller is a natural person.

personal wallet

A digital wallet whose holder is a natural person.

Contrast with: enterprise wallet.

personally identifiable information

Information (any form of data) that can be used to directly or indirectly identify or re-identify an individual person either singly or in combination within a single record or in correlation with other records. This information can be one or more attributes/fields/properties in a record (e.g., date-of-birth) or one or more records (e.g., medical records).

Source: NIST-CSRC

Also known as: PII.

See also: personal data, sensitive data.

physical credential

A credential in a physical form such as paper, plastic, or metal.

Contrast with: digital credential.

PII

See: personally identifiable information.

PKI

See: public key infrastructure.

plaintext

Unencrypted information that may be input to an encryption operation. Once encrypted, it becomes ciphertext.

Source: NIST-CSRC.

policy

Statements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component. Policies may be human-readable or machine-readable or both.

Source: NIST-CSRC

See also: governance framework, governance requirement, rule.

PoP

See: proof of personhood.

presentation

A verifiable message that a holder may send to a verifier containing proofs of one or more claims derived from one or more digital credentials from one or more issuers as a response to a specific presentation request from a  verifier.

Supporting definitions:

eSSIF-Lab: A (signed) digital message that a holder component may send to a verifier component that contains data derived from one or more verifiable credentials (that (a colleague component of) the holder component has received from issuer components of one or more parties), as a response to a specific presentation request of a  verifier component.

presentation attack

A type of cybersecurity attack in which the attacker attempts to defeat a biometric liveness detection system by providing false inputs.

Supporting definitions:

NIST-CSRC: Presentation to the biometric data capture subsystem with the goal of interfering with the operation of the biometric system.

presentation request

A protocol request sent by the verifier to the holder of a digital wallet to request a presentation.

See also: issuance request.

primary document

The governance document at the root of a governance framework. The primary document specifies the other controlled documents in the governance framework.

principal

The party for whom, or on behalf of whom, an actor is executing an action (this actor is then called an agent of that party).

Source: eSSIF-Lab

Principles of SSI

A set of principles for self-sovereign identity systems originally defined by the Sovrin Foundation and republished by the ToIP Foundation.

For more information, see: https://sovrin.org/principles-of-ssi/ and https://trustoverip.org/wp-content/uploads/2021/10/ToIP-Principles-of-SSI.pdf 

privacy policy

A statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data.

Source: Wikipedia

See also: security policy.

private key

In public key cryptography, the cryptographic key which must be kept secret by the controller in order to maintain security.

Supporting definitions:

NIST-CSRC: The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.

proof

A digital object that enables cryptographic verification of either: a) the claims from one or more digital credentials, or b) facts about claims that do not reveal the data  itself (e.g., proof of the subject being over/under a specific age without revealing a birthdate).

See also: zero-knowledge proof.

proof of control

See: proof of possession.

proof of personhood

Proof of personhood (PoP) is a means of resisting malicious attacks on peer-to-peer networks, particularly, attacks that utilize multiple fake identities, otherwise known as a Sybil attack. Decentralized online platforms are particularly vulnerable to such attacks by their very nature, as notionally democratic and responsive to large voting blocks. In PoP, each unique human participant obtains one equal unit of voting power, and any associated rewards.

Source: Wikipedia.

Also known as: PoP.

proof of possession

A verification process whereby a level of assurance is obtained that the owner of a key pair actually controls the private key associated with the public key.

Source: NIST-CSRC.

proof of presence

See: liveness detection.

property

In the context of digital communication, an attribute of a digital object or data structure, such as a DID document or a schema.

See also: attribute, claim.

protected data

Data that is not publicly available but requires some type of access control to gain access.

protocol layer

In modern protocol design, protocols are layered to form a protocol stack. Layering is a design principle that divides the protocol design task into smaller steps, each of which accomplishes a specific part, interacting with the other parts of the protocol only in a small number of well-defined ways. Layering allows the parts of a protocol to be designed and tested without a combinatorial explosion of cases, keeping each design relatively simple.

Source: Wikipedia.

See also: hourglass model, ToIP stack.

protocol stack

The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the suite is the definition of the communication protocols, and the stack is the software implementation of them.

Source: Wikipedia

See also: protocol layer.

pseudonym

A pseudonym is a fictitious name that a person assumes for a particular purpose, which differs from their original or true name (orthonym). This also differs from a new name that entirely or legally replaces an individual's own. Many pseudonym holders use pseudonyms because they wish to remain anonymous, but anonymity is difficult to achieve and often fraught with legal issues.

Source: Wikipedia.

public key

Drummond Reed: In public key cryptography, the cryptographic key that can be freely shared with anyone by the controller without compromising security. A party’s public key must be verified as authoritative in order to verify their digital signature.

Supporting definitions:

NIST-CSRC: The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.

public key certificate

A set of data that uniquely identifies a public key (which has a corresponding private key) and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information and is digitally signed by a certification authority (i.e., a trusted party), thereby binding the public key to the owner.

Source: NIST-CSRC.

See also: public key infrastructure.

Supporting definitions:

Wikipedia : In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices.

public key cryptography

Public key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Source: Wikipedia.

See also: public key infrastructure.

public key infrastructure

A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. The PKI includes the hierarchy of certificate authorities that allow for the deployment of digital certificates that support encryption, digital signature and authentication to meet business and security requirements.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.

QR code

A QR code (short for "quick-response code") is a type of two-dimensional matrix barcode—a machine-readable optical image that contains information specific to the identified item. In practice, QR codes contain data for a locator, an identifier, and web tracking.

Source: Wikipedia.

See also: out-of-band introduction.

RBAC

See: role-based access control.

real world identity

A term used to describe the opposite of digital identity, i.e., an identity (typically for a person) in the physical instead of the digital world.

Also known as: RWI.

See also: legal identity.

recommended

A requirement that is not mandatory to implement in order for an implementer to be in compliance, but which should be implemented unless the implementer has a good reason. In ToIP governance frameworks, a recommendation is expressed using a SHOULD or RECOMMENDED keyword as defined in IETF RFC 2119.

See also: mandatory, optional.

For more information, see: https://www.rfc-editor.org/rfc/rfc2119.

record

A uniquely identifiable entry or listing in a database or registry.

registrant

The party submitting a registration record to a registry.

registrar

The party who performs registration on behalf of a registrant.

registration

The process by which a registrant submits a record to a registry.

registration agent

A party responsible for accepting registration requests and authenticating the entity making the request. The term may also apply to a party accepting issuance requests for digital credentials.

registry

A specialized database of records that serves as an authoritative source of information about entities.

See also: trust registry.

relationship context

A context established within the boundary of a trust relationship.

relying party

A party who consumes claims or trust graphs from other parties (such as issuers, holders, and trust registries) in order to make a trust decision.

See also: verifier.

Note: The term “relying party” is more commonly used in federated identity architecture; the term “verifier” is more commonly used with decentralized identity architecture and verifiable credentials.

reputation

The reputation or prestige of a social entity (a person, a social group, an organization, or a place) is an opinion about that entity – typically developed as a result of social evaluation on a set of criteria, such as behavior or performance.

Source: Wikipedia.

reputation graph

A graph of the reputation relationships between different entities in a trust community. In a digital trust ecosystem, the governing body may be one trust root of a reputation graph. In some cases, a reputation graph can be traversed by making queries to one or more trust registries.

See also: authorization graph, governance graph, trust graph.

reputation system

Reputation systems are programs or algorithms that allow users to rate each other in online communities in order to build trust through reputation. Some common uses of these systems can be found on e-commerce websites such as eBay, Amazon.com, and Etsy as well as online advice communities such as Stack Exchange.

Source: Wikipedia.

requirement

A specified condition or behavior to which a system needs to comply. Technical requirements are defined in technical specifications and implemented in computer systems to be executed by software actors. Governance requirements are defined in governance documents that specify policies and procedures to be executed by human actors. In ToIP architecture, requirements are expressed using the keywords defined in Internet RFC 2119.

See also: mandatory, recommended, optional.

For more information, see: https://www.rfc-editor.org/rfc/rfc2119.

revocation

In the context of digital credentials, revocation is an event signifying that the issuer no longer attests to the validity of a credential they have issued. In the context of cryptographic keys, revocation is an event signifying that the controller no longer attests to the validity of a public/private key pair for which the controller is authoritative.

See also: issuance, presentation.

Supporting definitions:

eSSIF-Lab: the act, by or on behalf of the party that has issued the credential, of no longer vouching for the correctness or any other qualification of (arbitrary parts of) that credential.

NIST-CSRC: ​​For digital certificates: The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward. For cryptographic keys: A process whereby a notice is made available to affected entities that keys should be removed from operational use prior to the end of the established cryptoperiod of those keys.

risk

The effects that uncertainty (i.e. a lack of information, understanding or knowledge of events, their consequences or likelihoods) can have on the intended realization of an objective of a party.

Source: eSSIF-Lab

Supporting definitions:

NIST-CSRC: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.

risk assessment

The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the overall ecosystem, resulting from the operation of an information system. Risk assessment is part of risk management, incorporates threat and vulnerability analyses, and considers risk mitigations provided by security controls planned or in place.

Source: NIST-CSRC.

Also known as: risk analysis.

Supporting definitions:

Wikipedia: Risk assessment determines possible mishaps, their likelihood and consequences, and the tolerances for such events.[1] The results of this process may be expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a broader risk management strategy to help reduce any potential risk-related consequences. More precisely, risk assessment identifies and analyses potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e. hazard analysis). It also makes judgments "on the tolerability of the risk on the basis of a risk analysis" while considering influencing factors (i.e. risk evaluation).

risk decision

See: trust decision.

risk management

The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.

Source: NIST-CSRC.

Supporting definitions:

eSSIF-Lab: a process that is run by (or on behalf of) a specific party for the purpose of managing the risks that it owns (thereby realizing specific risk objectives).

Wikipedia: Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

risk mitigation

Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process.

Source: NIST-CSRC.

role

A defined set of characteristics that an entity has in some context, such as responsibilities it may have, actions (behaviors) it may execute, or pieces of knowledge that it is expected to have in that context, which are referenced by a specific role name.

Source: eSSIF-Lab.

See also: role credential.

role-based access control

Access control based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect the permissions needed to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.

Source: NIST-CSRC.

Supporting definitions:

Wikipedia: In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC).

role credential

A credential claiming that the subject has a specific role.

router

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork (e.g. the Internet) until it reaches its destination node. This process is called routing.

Source: Wikipedia.

routing

Routing is the process of selecting a path for traffic in a network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched telephone network (PSTN), and computer networks, such as the Internet. A router is a computing device that specializes in performing routing.

Source: Wikipedia.

rule

A prescribed guide for conduct, process or action to achieve a defined result or objective. Rules may be human-readable or machine-readable or both.

See also: governance framework, policy.

RWI

See: real world identity.

schema

A framework, pattern, or set of rules for enforcing a specific structure on a digital object or a set of digital data. There are many types of schemas, e.g., data schema, credential verification schema, database schema.

For more information, see: W3C Data Schemas.

Note: credentialSchema is a Property Definition in the W3C VC Data Model, see 3.2.1

scope

In the context of terminology, scope refers to the set of possible concepts within which: a) a specific term is intended to uniquely identify a concept, or b) a specific glossary is intended to identify a set of concepts. In the context of identification, scope refers to the set of possible entities within which a specific entity must be uniquely identified. In the context of specifications, scope refers to the set of problems (the problem space) within which the specification is intended to specify solutions.

Supporting definitions:

eSSIF-Lab: the extent of the area or subject matter (which we use, e.g., to define pattern, concept, term and glossaries in, but it serves other purposes as well).

SCID

See: self-certifying identifier.

second party

The party with whom a first party engages to form a trust relationship, establish a connection, or execute a transaction.

See also: third party.

Secure Enclave

A coprocessor on Apple iOS devices that serves as a trusted execution environment.

secure multi-party computation

See: multi-party computation.

Secure Sockets Layer

The original transport layer security protocol developed by Netscape and partners. Now deprecated in favor of Transport Layer Security (TLS).

Also known as: SSL.

security domain

An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture.

Source: NIST-CSRC

See also: trust domain.

security policy

A set of policies and rules that governs all aspects of security-relevant system and system element behavior.

Source: NIST-CSRC

See also: privacy policy.

self-asserted

A term used to describe a claim or a credential whose subject is also the issuer.

self-certified

When a party provides its own certification that it is compliant with a set of requirements, such as a governance framework.

self-certifying identifier

A subclass of verifiable identifier that is cryptographically verifiable without the need to rely on any third party for verification because the identifier is cryptographically bound to the cryptographic keys from which it was generated.

See also: autonomic identifier.

Also known as: SCID.

self-sovereign identity

A decentralized identity architecture that implements the Principles of SSI.

See also: federated identity.

Supporting definitions:

eSSIF-Lab: SSI (Self-Sovereign Identity) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transactions with one another.

Wikipedia: Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent accounts (identities) across the internet must rely on a number of large identity providers, such as Facebook (Facebook Connect) and Google (Google Sign-In), that have control of the information associated with their identity.

sensitive data

Personal data that a reasonable person would view from a privacy protection standpoint as requiring special care above and beyond other personal data.

Supporting definitions:

PEMC IGR: While all Personal Information may be regarded as sensitive in that an unauthorized processing of an individual’s data may be offensive to that person, we use the term here to denote information that a reasonable person would view as requiring special care above and beyond other personal data. For reference see GDPR Recital #51 or Sensitive Personal Data in the W3C Data Privacy Vocabulary.

session

See: communication session.

sociotechnical system

An approach to complex organizational work design that recognizes the interaction between people and technology in workplaces. The term also refers to coherent systems of human relations, technical objects, and cybernetic processes that inhere to large, complex infrastructures. Social society, and its constituent substructures, qualify as complex sociotechnical systems.

Source: Wikipedia

software agent

In computer science, a software agent is a computer program that acts for a user or other program in a relationship of agency, which derives from the Latin agere (to do): an agreement to act on one's behalf. A user agent is a specific type of software agent that is used directly by an end-user as the principal.

Source: Wikipedia.

See also: digital agent.

Sovrin Foundation

A 501 (c)(4) nonprofit organization established to administer the governance framework governing the Sovrin Network, a public service utility enabling self-sovereign identity on the internet. The Sovrin Foundation is an independent organization that is responsible for ensuring the Sovrin identity system is public and globally accessible.

For more information, see: https://sovrin.org/ 

spanning layer

A specific layer within a protocol stack that consists of a single protocol explicitly designed to provide interoperability between the protocols layers above it and below it.

See also: hourglass model, trust spanning layer.

For more information, see: https://www.isi.edu/newarch/iDOCS/final.finalreport.pdf, National Academies of Sciences, Engineering, and Medicine. 1997. The Unpredictable Certainty: White Papers. Washington, DC: The National Academies Press. https://doi.org/10.17226/6062.

specification

See: technical specification.

SSI

See: self-sovereign identity.

Note: In some contexts, such as academic papers or industry conferences, this acronym has started to replace the term it represents.

SSL

See: Secure Sockets Layer.

stream

In the context of digital communications, and in particular streaming media, a flow of data delivered in a continuous manner from a server to a client rather than in discrete messages.

streaming media

Streaming media is multimedia for playback using an offline or online media player. Technically, the stream is delivered and consumed in a continuous manner from a client, with little or no intermediate storage in network elements. Streaming refers to the delivery method of content, rather than the content itself.

Source: Wikipedia.

subject

The entity described by one or more claims, particularly in the context of digital credentials.

Supporting definitions:

W3C VC: A thing about which claims are made.

eSSIF-Lab: the (single) entity to which a given set of coherent data relates/pertains. Examples of such sets include attributes, Claims/Assertions, files/dossiers, (verifiable) credentials, (partial) identities, employment contracts, etc.

subscription

In the context of decentralized digital trust infrastructure, a subscription is an agreement between a first digital agent—the publisher—to automatically send a second digital agent—the subscriber—a message when a specific type of event happens in the wallet or vault managed by the first digital agent.

supporting system

A system that operates at ToIP Layer 1, the trust support layer of the ToIP stack. A supporting system is one of three types of systems defined in the ToIP Technology Architecture Specification.

See also: endpoint system, intermediary system.

Sybil attack

A Sybil attack is a type of attack on a computer network service in which an attacker subverts the service's reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

Source: Wikipedia.

system of record

A system of record (SOR) or source system of record (SSoR) is a data management term for an information storage system (commonly implemented on a computer system running a database management system) that is the authoritative data source for a given data element or piece of information.

Source: Wikipedia

See also: authoritative source, trust registry, verifiable data registry.

tamper resistant

A process which makes alterations to the data difficult (hard to perform), costly (expensive to perform), or both.

Source: NIST-CSRC.

TCP

See: Transmission Control Protocol.

TCP/IP

See: Internet Protocol Suite.

TCP/IP stack

The protocol stack implementing the TCP/IP suite.

technical requirement

A requirement for a hardware or software component or system. In the context of decentralized digital trust infrastructure, technical requirements are a subset of governance requirements. Technical requirements are often specified in a technical specification.

For more information, see: https://datatracker.ietf.org/doc/html/rfc2119 

Note: In ToIP architecture, both technical requirements and governance requirements are expressed using the keywords defined in IETF RFC 2119.

technical specification

A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied.

Source: NIST-CSRC

See also: governance framework, governance requirement, policy, rule.

technical trust

A level of assurance in a trust relationship that can be achieved only via technical means such as hardware, software, network protocols, and cryptography. Cryptographic trust is a specialized type of technical trust.

Contrast with: human trust.

TEE

See: trusted execution environment.

term

A unit of text (i.e., a word or phrase) that is used in a particular context or scope to refer to a concept (or a relation between concepts, or a property of a concept).

Supporting definitions:

eSSIF-Lab: a word or phrase (i.e.: text) that is used in at least one scope/context to represent a specific concept.

Merriam Webster: a word or expression that has a precise meaning in some uses or is peculiar to a science, art, profession, or subject.

Note: A term MUST NOT be confused with the concept it refers to.

terminology

Terminology is a group of specialized words and respective meanings in a particular field, and also the study of such terms and their use; the latter meaning is also known as terminology science. A term is a word, compound word, or multi-word expressions that in specific contexts is given specific meanings—these may deviate from the meanings the same words have in other contexts and in everyday language.[2] Terminology is a discipline that studies, among other things, the development of such terms and their interrelationships within a specialized domain. Terminology differs from lexicography, as it involves the study of concepts, conceptual systems and their labels (terms), whereas lexicography studies words and their meanings.

Source: Wikipedia.

terms community

A group of parties who share the need for a common terminology.

See also: trust community.

terms wiki

A wiki website used by a terms community to input, maintain, and publish its terminology. The ToIP Foundation Concepts and Terminology Working Group has established a simple template for GitHub-based terms wikis.

thing

An entity that is neither a natural person nor an organization and thus cannot be a party. A thing may be a natural thing or a man-made thing.

third party

A party that is not directly involved in the trust relationship between a first party and a second party, but provides supporting services to either or both of them.

three party model

The issuer—holder—verifier model used by all types of physical credentials and digital credentials to enable transitive trust decisions.

Also known as: trust triangle.

timestamp

A token or packet of information that is used to provide assurance of timeliness; the timestamp contains timestamped data, including a time, and a signature generated by a trusted timestamp authority (TTA).

Source: NIST-CSRC.

Supporting definitions:

TechTarget: A timestamp is the current time of an event that a computer records. Through mechanisms, such as the Network Time Protocol, a computer maintains accurate current time, calibrated to minute fractions of a second. Such precision makes it possible for networked computers and applications to communicate effectively.

TLS

See: Transport Layer Security.

ToIP

See: Trust Over IP

ToIP application

A trust application that runs at ToIP Layer 4, the trust application layer.

ToIP channel

See: VID relationship.[c]

ToIP communication

Communication that uses the ToIP stack to deliver ToIP messages between ToIP endpoints, optionally using intermediary systems[d][e], to provide authenticity, confidentiality, and correlation privacy.

ToIP connection

A connection formed using the ToIP Trust Spanning Protocol between two ToIP endpoints identified with verifiable identifiers. A ToIP connection is instantiated as one or more VID relationships.

ToIP controller

The controller of a ToIP identifier.

ToIP Foundation

A non-profit project of the Linux Foundation chartered to define an overall architecture for decentralized digital trust infrastructure known as the ToIP stack.

See also: Decentralized Identity Foundation, OpenWallet Foundation.

For more information, see: https://trustoverip.org/.

ToIP endpoint

An endpoint that communicates via the ToIP Trust Spanning Protocol as described in the ToIP Technology Architecture Specification.

ToIP Governance Architecture Specification

The specification defining the requirements for the ToIP Governance Stack published by the ToIP Foundation.

For more information, see: https://trustoverip.org/our-work/deliverables/.

ToIP governance framework

A governance framework that conforms to the requirements of the ToIP Governance Architecture Specification.

ToIP Governance Metamodel

A structural model for ToIP governance frameworks that specifies the recommended governance documents that should be included depending on the objectives of the trust community.

ToIP Governance Stack

The governance half of the four layer ToIP stack as defined by the ToIP Governance Architecture Specification.

See also: ToIP Technology Stack.

ToIP identifier

A verifiable identifier for an entity that is addressable using the ToIP stack.

See also: autonomous identifier, decentralized identifier.

For more information, see: Section 6.4 of the ToIP Technology Architecture Specification.

ToIP intermediary

See: intermediary system.

ToIP layer

One of four protocol layers in the ToIP stack. The four layers are ToIP Layer 1, ToIP Layer 2, ToIP Layer 3, and ToIP Layer 4.

For more information, see: ToIP Technology Architecture Specification, ToIP Governance Architecture Specification.

ToIP Layer 1

The trust support layer of the ToIP stack, responsible for supporting the trust spanning protocol at ToIP Layer 2.

ToIP Layer 2

The trust spanning layer of the ToIP stack, responsible for enabling the trust task protocols at ToIP Layer 3.

ToIP Layer 3

The trust task layer of the ToIP stack, responsible for enabling trust applications at ToIP Layer 4.

ToIP Layer 4

The trust application layer of the ToIP stack, where end users have the direct human experience of using applications that call trust task protocols to engage in trust relationships and make trust decisions using ToIP decentralized digital trust infrastructure.

ToIP message

A message communicated between ToIP endpoints using the ToIP stack.

ToIP stack

The layered architecture for decentralized digital trust infrastructure defined by the ToIP Foundation. The ToIP stack is a dual stack consisting of two halves: the ToIP Technology Stack and the ToIP Governance Stack. The four layers in the ToIP stack are ToIP Layer 1, ToIP Layer 2, ToIP Layer 3, and ToIP Layer 4.

For more information, see: ToIP Technology Architecture Specification, ToIP Governance Architecture Specification.

ToIP system

A computing system that participates in the ToIP Technology Stack. There are three types of ToIP systems: endpoint systems, intermediary systems, and supporting systems.

For more information, see: Section 6.3 of the ToIP Technology Architecture Specification.

ToIP trust network

A trust network implemented using the ToIP stack.

ToIP Technology Architecture Specification

The technical specification defining the requirements for the ToIP Technology Stack published by the ToIP Foundation.

For more information: ToIP Technology Architecture Specification.

ToIP Technology Stack

The technology half of the four layer ToIP stack as defined by the ToIP Technology Architecture Specification.

See also: ToIP Governance Stack, ToIP layer.

ToIP trust community

A trust community governed by a ToIP governance framework.

ToIP Trust Registry Protocol

The open standard trust task protocol defined by the ToIP Foundation to perform the trust task of querying a trust registry. The ToIP Trust Registry Protocol operates at Layer 3 of the ToIP stack.

ToIP Trust Spanning Protocol

The ToIP Layer 2 protocol for verifiable messaging that implements the trust spanning layer of the ToIP stack.  The ToIP Trust Spanning Protocol enables actors in different digital trust domains to interact in a similar way to how the Internet Protocol (IP) enables devices on different local area networks to exchange data.

Mental model: hourglass model, see the Design Principles for the ToIP Stack.

For more information, see: Section 7.3 of the ToIP Technology Architecture Specification and the Trust Spanning Protocol Task Force.

transaction

A discrete event between a user and a system that supports a business or programmatic purpose. A digital system may have multiple categories or types of transactions, which may require separate analysis within the overall digital identity risk assessment.

Source: NIST-CSRC.

See also: connection.

Supporting definitions:

eSSIF-Lab: the exchange of goods, services, funds, or data between some parties (called participants of the transaction).

transitive trust decision

A trust decision made by a first party about a second party or another entity based on information about the second party or the other entity that is obtained from one or more third parties.

Note: A primary purpose of digital credentials, chained credentials, and trust registries is to facilitate transitive trust decisions.

For more information, see: Design Principles for the ToIP Stack.

Transmission Control Protocol

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

Source: Wikipedia.

Also known as: TCP.

See also: User Datagram Protocol.

Transport Layer Security

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and Voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications.

Source: Wikipedia.

Also known as: TLS.

Note: TLS replaced the deprecated Secure Sockets Layer (SSL) protocol.

tribal knowledge

Knowledge that is known within an “in-group” of people but unknown outside of it. A tribe, in this sense, is a group of people that share such a common knowledge.

Source: Wikipedia

trust

A belief that an entity will behave in a predictable manner in specified circumstances. The entity may be a person, process, object or any combination of such components. The entity can be of any size from a single hardware component or software module, to a piece of equipment identified by make and model, to a site or location, to an organization, to a nation-state. Trust, while inherently a subjective determination, can be based on objective evidence and subjective elements. The objective grounds for trust can include for example, the results of information technology product testing and evaluation. Subjective belief, level of comfort, and experience may supplement (or even replace) objective evidence, or substitute for such evidence when it is unavailable. Trust is usually relative to a specific circumstance or situation (e.g., the amount of money involved in a transaction, the sensitivity or criticality of information, or whether safety is an issue with human lives at stake). Trust is generally not transitive (e.g., you trust a friend but not necessarily a friend of a friend). Finally, trust is generally earned, based on experience or measurement.

Source: NIST Special Publication 800-39 p.24

See also: transitive trust decision.

For more information, see: Design Principles for the ToIP Stack.

trust anchor

See: trust root.

Note: The term “trust anchor” is most commonly used in cryptography and public key infrastructure.

trust application

An application that runs at ToIP Layer 4 in order to perform trust tasks or engage in other verifiable messaging using the ToIP stack.

trust application layer

In the context of the ToIP stack, the trust application layer is ToIP Layer 4. Applications running at this layer call trust task protocols at ToIP Layer 3.

trust assurance

A process that provides a level of assurance sufficient to make a particular trust decision.

trust basis

The properties of a verifiable identifier or a ToIP system that enable a party to appraise it to determine a trust limit.

See also: appraisability.

trust boundary

The border of a trust domain.

trust chain

A set of cryptographically verifiable links between digital credentials or other data containers that enable transitive trust decisions.

See also: chained credentials, trust graph.

For more information, see: Design Principles for the ToIP Stack.

trust community

A set of parties who collaborate to achieve a mutual set of trust objectives.

See also: digital trust ecosystem, ToIP trust community.

Note: A trust community may be large or small, formal or informal. In a formal trust community, the set of policies and rules governing behavior of members are usually published in a governance framework or trust framework. In an informal trust community, the policies or rules governing the behavior of members may be tribal knowledge.

trust context

The context in which a specific party makes a specific trust decision. Many different factors may be involved in establishing a trust context, such as: the relevant interaction or transaction; the presence or absence of existing trust relationships; the applicability of one or more governance frameworks; and the location, time, network, and/or devices involved. A trust context may be implicit or explicit; if explicit, it may be identified using an identifier. A ToIP governance framework an example of an explicit trust context identified by a ToIP identifier.

See also: trust domain.

For more information, see: Design Principles for the ToIP Stack.

trust decision

A decision that a party needs to make about whether to engage in a specific interaction or transaction with another entity that involves real or perceived risks.

See also: transitive trust decision.

For more information, see: Design Principles for the ToIP Stack.

trust domain

A security domain defined by a computer hardware or software architecture, a security policy, or a trust community, typically via a trust framework or governance framework.

See also: trust context, digital trust ecosystem.

trust ecosystem

See digital trust ecosystem.

trust establishment

The process two or more parties go through to establish a trust relationship. In the context of decentralized digital trust infrastructure, trust establishment takes place at two levels. At the technical trust level, it includes some form of key establishment. At the human trust level, it may be accomplished via an out-of-band introduction, the exchange of digital credentials, queries to one or more trust registries, or evaluation of some combination of human-readable and machine-readable governance frameworks.

trust framework

A term (most frequently used in the digital identity industry) to describe a governance framework for a digital identity system, especially a federation.

trust graph

A data structure describing the trust relationship between two or more entities. A simple trust graph may be expressed as a trust list. More complex trust graphs can be recorded or registered in and queried from a trust registry. Trust graphs can also be expressed via trust chains and chained credentials. Trust graphs can enable verifiers to make transitive trust decisions.

See also: authorization graph, governance graph, reputation graph.

trust limit

A limit to the degree a party is willing to trust an entity in a specific trust relationship within a specific trust context.

For more information, see: Design Principles for the ToIP Stack.

trust list

A one-dimensional trust graph in which an authoritative source publishes a list of entities that are trusted in a specific trust context. A trust list can be considered a simplified form of a trust registry.

trust network

A network of parties who are connected via trust relationships conforming to requirements defined in a legal regulation, trust framework or governance framework. A trust network is more formal than a digital trust ecosystem; the latter may connect parties more loosely via transitive trust relationships and/or across multiple trust networks.

See also: ToIP trust network.

trust objective

An objective shared by the parties in a trust community to establish and maintain trust relationships.

Trust over IP

A term coined by John Jordan to describe the decentralized digital trust infrastructure made possible by the ToIP stack. A play on the term Voice over IP (abbreviated VoIP).

Also known as: ToIP.

trust registry

A registry that serves as an authoritative source for trust graphs or other governed information describing one or more trust communities. A trust registry is typically authorized by a governance framework.

See also: trust list, verifiable data registry.

trust registry protocol

See: ToIP Trust Registry Protocol.

trust relationship

A relationship between a party and an entity in which the party has decided to trust the entity in one or more trust contexts up to a trust limit.

Supporting definitions:

NIST: An agreed upon relationship between two or more system elements that is governed by criteria for secure interaction, behavior, and outcomes relative to the protection of assets.

For more information, see: Design Principles for the ToIP Stack.

trust root

The authoritative source that serves as the origin of a trust chain.

For more information, see: Design Principles for the ToIP Stack.

trust service provider

In the context of specific digital trust ecosystems, such as the European Union’s eIDAS regulations, a trust service provider (TSP) is a legal entity that provides specific trust support services as required by legal regulations, trust frameworks, or governance frameworks. In the larger context of ToIP infrastructure, a TSP is a provider of services based on the ToIP stack. Most generally, a TSP is to the trust layer for the Internet what an Internet service provider (ISP) is to the Internet layer.

Also known as: TSP.

Supporting definitions:

Wikipedia: A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.

trust support

A system, protocol, or other infrastructure whose function is to facilitate the establishment and maintenance of trust relationships at higher protocol layers. In the ToIP stack, the trust support layer is Layer 1.

trust support layer

In the context of the ToIP stack, the trust support layer is ToIP Layer 1. It supports the operations of the ToIP Trust Spanning Protocol at ToIP Layer 2.

trust spanning layer

A spanning layer designed to span between different digital trust domains. In the ToIP stack, ToIP Layer 2 is the trust spanning layer.

See also: ToIP layer.

Mental model: hourglass model, see ToIP Technology Architecture Specification

For more information, see: Section 7.3 of the ToIP Technology Architecture Specification.

trust spanning protocol

See: ToIP Trust Spanning Protocol.

trust task

A specific task that involves establishing, verifying, or maintaining trust relationships or exchanging verifiable messages or verifiable data that can be performed on behalf of a trust application by a trust task protocol at Layer 3 of the ToIP stack.

For more information, see Section 7.4 of the ToIP Technology Architecture Specification.

trust task layer

In the context of the ToIP stack, the trust task layer is ToIP Layer 3. It supports trust applications operating at ToIP Layer 4.

trust task protocol

A ToIP Layer 3 protocol that implements a specific trust task on behalf of a ToIP Layer 4 trust application.

trust triangle

See: three-party model.

trusted execution environment

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes.

Source: Wikipedia.

Also known as: TEE.

See also: Secure Enclave.

trusted role

A role that performs restricted activities for an organization after meeting competence, security and background verification requirements for that role.

trusted third party

In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the third party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content. In TTP models, the relying parties use this trust to secure their own interactions. TTPs are common in any number of commercial transactions and in cryptographic digital transactions as well as cryptographic protocols, for example, a certificate authority (CA) would issue a digital certificate to one of the two parties in the next example. The CA then becomes the TTP to that certificate's issuance. Likewise transactions that need a third party recordation would also need a third-party repository service of some kind.

Source: Wikipedia.

Also known as: TTP.

Supporting definitions:

NIST-CSRC: A third party, such as a CA, that is trusted by its clients to perform certain services. (By contrast, the two participants in a key-establishment transaction are considered to be the first and second parties.)

trusted timestamp authority

An authority that is trusted to provide accurate time information in the form of a timestamp.

Source: NIST-CSRC.

Also known as: TTA.

trustworthy

A property of an entity that has the attribute of trustworthiness.

trustworthiness

An attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. Trustworthiness is also a characteristic of information technology products and systems. The attribute of trustworthiness, whether applied to people, processes, or technologies, can be measured, at least in relative terms if not quantitatively. The determination of trustworthiness plays a key role in establishing trust relationships among persons and organizations. The trust relationships are key factors in risk decisions made by senior leaders/executives.

Source: NIST Special Publication 800-39 p.24

TSP

See: trust service provider, trust spanning protocol.

TTA

See: trusted timestamp authority.

TTP

See: trusted third party.

UDP

See: User Datagram Protocol.

unicast

In computer networking, unicast is a one-to-one transmission from one point in the network to another point; that is, one sender and one receiver, each identified by a network address (a unicast address). Unicast is in contrast to multicast and broadcast which are one-to-many transmissions. Internet Protocol unicast delivery methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are typically used.

Source: Wikipedia.

See also: anycast.

unicast address

A network address used for a unicast.

user agent

A software agent that is used directly by the end-user as the principal. Browsers, email clients, and digital wallets are all examples of user agents.

Supporting definitions:

Wikipedia: On the Web, a user agent is a software agent capable of and responsible for retrieving and facilitating end user interaction with Web content.[1] This includes all common web browsers, such as Google Chrome, Mozilla Firefox, and Safari, some email clients, standalone download managers like youtube-dl, other command-line utilities like cURL, and arguably headless services that power part of a larger application, such as a web crawler.

The user agent plays the role of the client in a client–server system. The HTTP User-Agent header is intended to clearly identify the agent to the server. However, this header can be omitted or spoofed, so some websites use other agent detection methods.

User Datagram Protocol

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

Source: Wikipedia.

Also known as: UDP.

utility governance framework

A governance framework for a digital trust utility. A utility governance framework may be a component of or referenced by an ecosystem governance framework or a credential governance framework.

validation

An action an agent (of a principal) performs to determine whether a digital object or set of data meets the requirements of a specific party.

See also: verification.

Supporting definitions:

eSSIF-Lab: The act, by or on behalf of a party, of determining whether or not that data is valid to be used for some specific purpose(s) of that party.

NIST: Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.

vault

See: digital vault.

VC

See: verifiable credential.

verifiability (of a digital object, claim, or assertion)

The property of a digital object, assertion, claim, or communication, being verifiable.

See also:  appraisability.

verifiable

In the context of digital communications infrastructure, the ability to determine the authenticity of a communication (e.g., sender, contents, claims, metadata, provenance), or the underlying sociotechnical infrastructure (e.g., governance, roles, policies, authorizations, certifications).

See also: appraisability (of a communications end-point); digital signature.

verifiable credential

A standard data model and representation format for cryptographically-verifiable digital credentials as defined by the W3C Verifiable Credentials Data Model specification.

Source: W3C DID

See also: digital credential.

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

Supporting definitions:

W3C VC: A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

verifiable data

Any digital data or object that is digitally signed in such a manner that it can be cryptographically verified.

Note: In the context of ToIP architecture, verifiable data is signed with the cryptographic keys associated with the ToIP identifier of the data controller.

verifiable data registry

A registry that facilitates the creation, verification, updating, and/or deactivation of decentralized identifiers and DID documents. A verifiable data registry may also be used for other cryptographically-verifiable data structures such as verifiable credentials.

Source: W3C DID

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

See also: authoritative source, trust registry, system of record.

For more information, see: the W3C Verifiable Credentials specification [VC-DATA-MODEL].

Note: There is an earlier definition in the W3C VC 1.1. glossary that is not as mature (it is not clear about the use of cryptographically verifiable data structures). We do not recommend that definition.

verifiable identifier

An identifier over which the controller can provide cryptographic proof of control.

See also: decentralized identifier, autonomous identifier.

verifiable message

A message communicated as verifiable data.

See also: ToIP messages 

verification

An action an agent (of a principal) performs to determine the authenticity of a claim or other digital object using a cryptographic key.

See also: validation.

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

Supporting definitions:

eSSIF-Lab: The act, by or on behalf of a party, of determining whether that data is authentic (i.e. originates from the party that authored it), timely (i.e. has not expired), and conforms to other specifications that apply to its structure.

verifier (of a claim or credential)

A role an agent performs to perform verification of one or more proofs of the claims in a digital credential.

See also: relying party; issuer, holder.

Mental model: W3C Verifiable Credentials Data Model Roles & Information Flows

Supporting definitions:

W3C VC: A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Other specifications might refer to this concept as a relying party.

eSSIF-Lab: a component that implements the capability to request peer agents to present (provide) data from credentials (of a specified kind, issued by specified parties), and to verify such responses (check structure, signatures, dates), according to its principal's verifier policy.

NIST: The entity that verifies the authenticity of a digital signature using the public key.

VID

See ​​verifiable identifier.

VID relationship

The communications relationship formed between two VIDs using the ToIP Trust Spanning Protocol. A particular feature of this protocol is its ability to establish as many VID relationships as needed to establish different relationship contexts between the communicating entities.

VID-to-VID

The specialized type of peer-to-peer communications enabled by the ToIP Trust Spanning Protocol. Each pair of VIDs creates a unique VID relationship.

virtual vault

A digital vault enclosed inside another digital vault by virtue of having its own verifiable identifier (VID) and its own set of encryption keys that are separate from those used to unlock the enclosing vault.

Voice over IP

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

Also known as: VoIP.

VoIP

See: Voice over IP.

W3C Verifiable Credentials Data Model Specification

A W3C Recommendation defining a standard data model and representation format for cryptographically-verifiable digital credentials. Version 1.1 was published on 03 March 2022.

For more information, see: https://www.w3.org/TR/vc-data-model/ 

wallet

See: digital wallet.

wallet engine

The set of software components that form the core of a digital wallet, but which by themselves are not sufficient to deliver a fully functional wallet for use by a digital agent (of a principal). A wallet engine is to a digital wallet what a browser engine is to a web browser.

For more information: The charter of the OpenWallet Foundation is to produce an open source digital wallet engine.

witness

A computer system that receives, verifies, and stores proofs of key events for a verifiable identifier (especially an autonomous identifier). Each witness controls its own verifiable identifier used to sign key event messages stored by the witness. A witness may use any suitable computer system or database architecture, including a file, centralized database, distributed database, distributed ledger, or blockchain.

Note: KERI is an example of a key management system that uses witnesses.

zero-knowledge proof

A specific kind of cryptographic proof that proves facts about data to a verifier without revealing the underlying data itself. A common example is proving that a person is over or under a specific age without revealing the person’s exact birthdate.

Also known as: zero-knowledge protocol.

Supporting definitions:

Ethereum: A zero-knowledge proof is a way of proving the validity of a statement without revealing the statement itself.

Wikipedia: a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of the statement's truth.

zero-knowledge service

In cloud computing, the term “zero-knowledge” refers to an online service that stores, transfers or manipulates data in a way that maintains a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. This is achieved by encrypting the raw data at the client's side or end-to-end (in case there is more than one client), without disclosing the password to the service provider. This means that neither the service provider, nor any third party that might intercept the data, can decrypt and access the data without prior permission, allowing the client a higher degree of privacy than would otherwise be possible. In addition, zero-knowledge services often strive to hold as little metadata as possible, holding only that data that is functionally needed by the service.

Source: Wikipedia.

Also known as: no knowledge, zero access.

zero-knowledge service provider

The provider of a zero-knowledge service that hosts encrypted data on behalf of the principal but does not have access to the private keys in order to be able to decrypt it.

zero-trust architecture

A network security architecture based on the core design principle “never trust, always verify”, so that all actors are denied access to resources pending verification.

Also known as: zero-trust security, perimeterless security.

Contrast with: attribute-based access control, role-based access control.

Supporting definitions:

NIST-CSRC: A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The zero trust security model eliminates implicit trust in any one element, component, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.

Wikipedia: The zero trust security model, also known as zero trust architecture (ZTA), and sometimes known as perimeterless security, describes an approach to the strategy, design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify," which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.

ZKP

See: zero-knowledge proof.

[a]@christine.martin@continuumloop.com you're good to go - start moving this to a 

https://github.com/trustoverip/ctwg-main-glossary

put the content in specs/terms_and_definitions.md

ping me with questions.

_Assigned to christine.martin@continuumloop.com_

[b]focus on the terms - do [[def: first, then see how many [[ref: you can get done.

[c]Christine, I had forgotten this link. Just added it now.

[d]definition no longer in document

[e]My bad. As you can tell, aligning terms with the ToIP Technology Architecture Specification was the last step I took, and when I did that, I didn't check to see where I had used the old terms. I fixed this.

\ No newline at end of file diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/toip-html-download.zip b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/toip-html-download.zip new file mode 100644 index 00000000..2368f91a Binary files /dev/null and b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download/toip-html-download.zip differ diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/fetchToIPContent.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/fetchToIPContent.mjs new file mode 100644 index 00000000..d5c84bb5 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/fetchToIPContent.mjs @@ -0,0 +1,84 @@ +import axios from 'axios'; +import fs from 'fs'; +import path from 'path'; +import AdmZip from 'adm-zip'; +import { JSDOM } from 'jsdom'; +import dotenv from 'dotenv'; +dotenv.config(); + +console.log('ToIP: Fetching external content...'); + +// CONFIG +const dir = 'fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/download'; +const filename = 'toip-html-download.zip'; +const fullPath = path.join(dir, filename); // Use path.join for better compatibility + +const toipDownloadHtmlUrl = 'https://docs.google.com/document/export?format=zip&id=1fZByfuSOwszDRkE7ARQLeElSYmVznoOyJK4sxRvJpyM&includes_info_params=true&cros_files=false&inspectorResult=%7B%22pc%22%3A83%2C%22lplc%22%3A6%7D&showMarkups=true'; +const unzippedFilename = 'ToIPGlossaryWorkspace_PublicVersion_.html'; +const generatedJSONfilename = 'terms-definitions-toip.json'; +// END CONFIG + +const downloadFile = async () => { + const response = await axios({ + method: 'GET', + url: toipDownloadHtmlUrl, + responseType: 'stream', + }); + + const writer = fs.createWriteStream(fullPath); + response.data.pipe(writer); + + return new Promise((resolve, reject) => { + writer.on('finish', resolve); + writer.on('error', reject); + }); +}; + +const unzipFile = (zipFilePath, extractToDir) => { + let zip = new AdmZip(zipFilePath); + zip.extractAllTo(extractToDir, true); +}; + +const createJSONfromHTML = async (extractToDir) => { + const htmlFilePath = path.join(extractToDir, unzippedFilename); + const htmlContent = fs.readFileSync(htmlFilePath, 'utf-8'); + const dom = new JSDOM(htmlContent); + const document = dom.window.document; + const termsDefinitions = []; + + document.querySelectorAll('h1').forEach(h1 => { + let organisation = 'ToIP'; + let term = h1.textContent; + let anchor = h1.getAttribute('id'); + let definition = ''; + + let node = h1.nextSibling; + while (node && node.nodeName.toLowerCase() !== 'h1') { + if (node.outerHTML) { + definition += node.outerHTML; + } + node = node.nextSibling; + } + + termsDefinitions.push({ organisation, url: 'https://docs.google.com/document/d/1fZByfuSOwszDRkE7ARQLeElSYmVznoOyJK4sxRvJpyM/edit', term, definition, anchor }); + }); + + const jsonContent = JSON.stringify(termsDefinitions, null, 2); + const jsonFilePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, generatedJSONfilename); + fs.writeFileSync(jsonFilePath, jsonContent); + + console.log('Terms and definitions have been saved to terms-definitions.json'); +}; + +const main = async () => { + try { + await downloadFile(); + unzipFile(fullPath, dir); + await createJSONfromHTML(dir); + console.log('Download and unzip completed'); + } catch (err) { + console.error('An error occurred:', err); + } +}; + +main(); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchToipDidWebs/fetchToipDidWebs.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchToipDidWebs/fetchToipDidWebs.mjs new file mode 100644 index 00000000..ebb7efb6 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchToipDidWebs/fetchToipDidWebs.mjs @@ -0,0 +1,46 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import dotenv from 'dotenv'; +import cheerio from 'cheerio'; +import fs from 'fs'; +import path from 'path'; + +dotenv.config(); + +console.log('ToIP did:webs: Fetching external content...'); + +// Config +const url = 'https://trustoverip.github.io/tswg-did-method-webs-specification/index.html'; +const organisation = 'ToIP (DID:Webs)'; +const jsonFileName = 'terms-definitions-toipdidwebs.json'; + +axios.get(url) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + // 1: Find #terminology section, then 2: the next sibling that is
, then 3: each loop through
+ const termsList = $('#terminology').next('dl'); + termsList.find('dt').each((i, el) => { + const term = $(el).text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).next('dd').text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.error(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + + console.log(`Terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.error(error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchTswgAcdc/fetchTswgAcdc.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchTswgAcdc/fetchTswgAcdc.mjs new file mode 100644 index 00000000..204f260b --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchTswgAcdc/fetchTswgAcdc.mjs @@ -0,0 +1,47 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import dotenv from 'dotenv'; +import cheerio from 'cheerio'; +import fs from 'fs'; +import path from 'path'; + +dotenv.config(); + +console.log('ToIP did:webs: Fetching external content...'); + +// Config +const url = 'https://trustoverip.github.io/tswg-acdc-specification/index.html'; +const organisation = 'TSWG (ACDC)'; +const jsonFileName = 'terms-definitions-tswg-acdc.json'; + +axios.get(url) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + // 1: Find #terminology section, then 2: the next sibling that is
, then 3: each loop through
+ // const termsList = $('#terms-and-definitions').next('dl'); + const termsList = $('#terms-and-definitions').nextAll('dl').first(); + termsList.find('dt').each((i, el) => { + const term = $(el).text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).next('dd').text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.error(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + + console.log(`Terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.error(error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchTswgCesr/fetchTswgCesr.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchTswgCesr/fetchTswgCesr.mjs new file mode 100644 index 00000000..a2ece7d9 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchTswgCesr/fetchTswgCesr.mjs @@ -0,0 +1,47 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import dotenv from 'dotenv'; +import cheerio from 'cheerio'; +import fs from 'fs'; +import path from 'path'; + +dotenv.config(); + +console.log('ToIP did:webs: Fetching external content...'); + +// Config +const url = 'https://trustoverip.github.io/tswg-cesr-specification/index.html'; +const organisation = 'TSWG (CESR)'; +const jsonFileName = 'terms-definitions-tswg-cesr.json'; + +axios.get(url) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + // 1: Find #terminology section, then 2: the next sibling that is
, then 3: each loop through
+ // const termsList = $('#terms-and-definitions').next('dl'); + const termsList = $('#terms-and-definitions').nextAll('dl').first(); + termsList.find('dt').each((i, el) => { + const term = $(el).text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).next('dd').text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.error(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + + console.log(`Terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.error(error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchTswgKeri/fetchTswgKeri.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchTswgKeri/fetchTswgKeri.mjs new file mode 100644 index 00000000..653489fb --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchTswgKeri/fetchTswgKeri.mjs @@ -0,0 +1,47 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import dotenv from 'dotenv'; +import cheerio from 'cheerio'; +import fs from 'fs'; +import path from 'path'; + +dotenv.config(); + +console.log('ToIP did:webs: Fetching external content...'); + +// Config +const url = 'https://trustoverip.github.io/tswg-keri-specification/index.html'; +const organisation = 'TSWG (Keri)'; +const jsonFileName = 'terms-definitions-tswg-keri.json'; + +axios.get(url) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + // 1: Find #terminology section, then 2: the next sibling that is
, then 3: each loop through
+ // const termsList = $('#terms-and-definitions').next('dl'); + const termsList = $('#terms-and-definitions').nextAll('dl').first(); + termsList.find('dt').each((i, el) => { + const term = $(el).text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).next('dd').text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.error(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + + console.log(`Terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.error(error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchW3cDid/fetchW3cDid.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchW3cDid/fetchW3cDid.mjs new file mode 100644 index 00000000..940d1f69 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchW3cDid/fetchW3cDid.mjs @@ -0,0 +1,46 @@ +import axios from 'axios'; +import cleanJsonFile from '../../../modules-js-node/cleanJson.mjs'; +import dotenv from 'dotenv'; +import cheerio from 'cheerio'; +import fs from 'fs'; +import path from 'path'; + +dotenv.config(); + +console.log('W3C did: Fetching external content...'); + +// Config +const url = 'https://www.w3.org/TR/did-core'; +const organisation = 'W3C (DID)'; +const jsonFileName = 'terms-definitions-w3cdid.json'; + +axios.get(url) + .then(response => { + const html = response.data; + const $ = cheerio.load(html); + const terms = []; + + // find the heading with class "termlist" and then find the first sibling that is a definition list + const termsList = $('.termlist'); + termsList.find('dt').each((i, el) => { + const term = $(el).text().trim(); + const anchor = term.replace(/[\s-]+/g, ''); // Remove spaces and dashes from 'term' to create 'anchor' + const definition = $(el).next('dd').text().trim(); + terms.push({ organisation, url, term, definition, anchor }); + }); + + const filePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR, jsonFileName); + fs.writeFile(filePath, JSON.stringify(terms), err => { + if (err) { + console.error(err); + } else { + // Clean the JSON file, remove non-printable characters + cleanJsonFile(filePath, filePath); + + console.log(`Terms saved to ${jsonFileName}`); + } + }); + }) + .catch(error => { + console.error(error); + }); diff --git a/fetchExternalContent/fetchExternalGlossaries/fetchWotTermsContent/fetchWotTermsContent.mjs b/fetchExternalContent/fetchExternalGlossaries/fetchWotTermsContent/fetchWotTermsContent.mjs new file mode 100644 index 00000000..c3db94e7 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/fetchWotTermsContent/fetchWotTermsContent.mjs @@ -0,0 +1,52 @@ +import fs from 'fs/promises'; +import path from 'path'; +import { marked } from 'marked'; +import { config } from 'dotenv'; +config(); + +const inputDirJSON = 'docs/' + (process.env.GLOSSARY_DIR || 'default_glossary_dir'); +const outputFilePath = path.join(process.env.GENERATED_JSON_GLOSSARIES_DIR || 'default_output_dir', 'terms-definitions-wotterms.json'); + +async function processFiles() { + try { + const files = await fs.readdir(inputDirJSON); + + const termsMap = await Promise.all(files.map(async (file) => { + if (path.extname(file) === '.md') { + let term = file.replace('.md', '').replace(/-/g, ' ').replace(/\u2010/g, '-'); + const anchor = term.replace(/ /g, '-'); + + const filePath = path.join(inputDirJSON, file); + const fileContent = await fs.readFile(filePath, 'utf8'); + + // transform fileContent to html via marked, also remove all newlines and transform h2, h3, h4 to h4, h5, h6 + const html = marked(fileContent) + .replace(/\n/g, '') + .replace(/

/g, '

').replace(/<\/h4>/g, '
') + .replace(/

/g, '

').replace(/<\/h3>/g, '
') + .replace(/

/g, '

').replace(/<\/h2>/g, '

'); + + return { + organisation: 'WebOfTrust', + term: term, + url: "https://kerisse.org", + anchor: anchor, + definition: html + }; + } + })); + + // Remove undefined entries (for files that are not '.md') + const filteredTermsMap = termsMap.filter(Boolean); + + // Sort the termsMap alphabetically based on 'term' + filteredTermsMap.sort((a, b) => a.term.localeCompare(b.term)); + + await fs.writeFile(outputFilePath, JSON.stringify(filteredTermsMap, null, 2)); + console.log(`WotTerms terms saved to ${outputFilePath}`); + } catch (err) { + console.error('Error processing files:', err); + } +} + +processFiles(); diff --git a/fetchExternalContent/fetchExternalGlossaries/main.sh b/fetchExternalContent/fetchExternalGlossaries/main.sh new file mode 100644 index 00000000..a95b7641 --- /dev/null +++ b/fetchExternalContent/fetchExternalGlossaries/main.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +node fetchExternalContent/fetchExternalGlossaries/fetchDigitalGovtNzContent/fetchDigitalGovtNzContent.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchEssifLabContent/fetchEssifLabContent.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchNistContent/fetchNistContent.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchToIPContent/fetchToIPContent.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchToipDidWebs/fetchToipDidWebs.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchW3cDid/fetchW3cDid.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchWotTermsContent/fetchWotTermsContent.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchTswgKeri/fetchTswgKeri.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchTswgAcdc/fetchTswgAcdc.mjs + +node fetchExternalContent/fetchExternalGlossaries/fetchTswgCesr/fetchTswgCesr.mjs + + + + + +# Combine glossaries +node fetchExternalContent/fetchExternalGlossaries/createDictionary.mjs \ No newline at end of file diff --git a/fetchExternalContent/fetchSingleUrlsFromWotTermsGoogleSheet/fetchSingleUrlsFromWotTermsGoogleSheet.js b/fetchExternalContent/fetchSingleUrlsFromWotTermsGoogleSheet/fetchSingleUrlsFromWotTermsGoogleSheet.js new file mode 100644 index 00000000..ea06ce8c --- /dev/null +++ b/fetchExternalContent/fetchSingleUrlsFromWotTermsGoogleSheet/fetchSingleUrlsFromWotTermsGoogleSheet.js @@ -0,0 +1,55 @@ +#!/usr/bin/env node + +// This script should be run from the root of the project + +// const json2md = require('json2md'); +const fs = require('fs'); +const path = require('path'); +const https = require('https'); +require('dotenv').config(); + +// CONFIG +const outputDirJSON = process.env.SEARCH_INDEX_DIR + "/singleUrlsFromWotTermsGoogleSheet"; +const outputFileNameJSON = "singleUrlsFromWotTermsGoogleSheet.json"; + +// How to create JSON endpoint from Google Sheet: https://stackoverflow.com/a/68854199 +const url = process.env.GENERIC_SCRAPER_JSON_ENDPOINT; + +function writeJSONFile(content) { + // Create the output directory if it doesn't exist + if (!fs.existsSync(outputDirJSON)) { + fs.mkdirSync(outputDirJSON, { recursive: true }); + } + + // Path to the output file + const filePath = path.join(outputDirJSON, outputFileNameJSON); + + fs.writeFile( + filePath, + content, + function (err) { + if (err) { + return console.log(err); + } + console.log('JSON file has been written successfully.'); + } + ); +} // End writeJSONFile + +https + .get(url, (resp) => { + let data = ''; + + // A chunk of data has been received. + resp.on('data', (chunk) => { + data += chunk; + }); + + // The whole response has been received. Print out the result. + resp.on('end', () => { + writeJSONFile(data); + }); + }) + .on('error', (err) => { + console.log('Error: ' + err.message); + }); diff --git a/fetchExternalContent/fetchTermsWOTmanage/fetchTermsWOTmanage.mjs b/fetchExternalContent/fetchTermsWOTmanage/fetchTermsWOTmanage.mjs new file mode 100644 index 00000000..8636c140 --- /dev/null +++ b/fetchExternalContent/fetchTermsWOTmanage/fetchTermsWOTmanage.mjs @@ -0,0 +1,277 @@ +#!/usr/bin/env node + +/* + Author: Kor Dwarshuis + Created: 2023 + Updated: - + Description: + + This Node.js script performs the following tasks: + 1. Sends an HTTP GET request to a Google Sheets API endpoint to fetch JSON-formatted data. + - The URL of the Google Sheet API endpoint is hardcoded within the script. + 2. Receives and accumulates the JSON data in chunks as it is streamed from the Google Sheet API. + 3. Writes the received JSON data to a file named 'overview.json' in the './static/json/' directory. + 4. Also processes the received JSON data to generate Markdown (MDX) content for an "Overview and Context" page. + - The Markdown content includes a table with various columns populated by the Google Sheet data. + - Output is saved to 'overview-and-context.mdx' in the './docs/02_overview/' directory. + + Configuration: + - `outputPathMarkDown`: Name of the MDX output file and directory where the MDX output file will be stored. + - `outputDirJSON`: Directory where the JSON output file will be stored. + - `outputFileNameJSON`: Name of the JSON output file. + + Note: + - The script should be run from the root of the project. + - For information on how to create a JSON endpoint from a Google Sheet, refer to https://stackoverflow.com/a/68854199 + + The code uses Node.js built-in 'fs', 'path', and 'https' modules for file management, directory paths, and HTTPS GET requests. + The generated Markdown includes HTML elements and is formatted as an MDX file. +*/ + + +// This script should be run from the root of the project + +// import json2md from 'json2md'; +import fs from 'fs'; +import path from 'path'; +import https from 'https'; +import positionInArray from '../../modules-js-universal/positionInArray.mjs'; +import { config } from 'dotenv'; +config(); + + + +// CONFIG +const outputPathMarkDown = process.env.TERMS_WOT_MANAGE_MARKDOWN; +const outputDirJSON = process.env.TERMS_WOT_MANAGE_JSON_DIR_NAME; +const outputFileNameJSON = process.env.TERMS_WOT_MANAGE_JSON_FILE_NAME; + +// How to create JSON endpoint from Google Sheet: https://stackoverflow.com/a/68854199 +const url = process.env.TERMS_WOT_MANAGE_JSON_ENDPOINT; + +https + .get(url, (resp) => { + let data = ''; + + // A chunk of data has been received. + resp.on('data', (chunk) => { + data += chunk; + }); + + // The whole response has been received. Print out the result. + resp.on('end', () => { + let oData = JSON.parse(data); + cleanup(oData);// writes back to oData + let relevantContent = oData.values; + createMarkDownFiles(relevantContent); + let strData = JSON.stringify(oData); + writeJSONFile(strData); + }); + }) + .on('error', (err) => { + console.log('Error: ' + err.message); + }); + +function cleanup(content) { + if (content !== undefined) { + let relevantContent = content.values; + + // for every entry in relevantContent[0] (the first row) do remove spaces at both ends + relevantContent.forEach((row, rowIndex) => { + row.forEach((item, index) => { + item = item.trim(); + relevantContent[rowIndex][index] = item; // update the item in the relevantContent array + }); + }); + // Remove empty rows + relevantContent = relevantContent.filter((item) => { + return item[0] !== ''; + }); + + // Remove rows where Term is empty or undefined + relevantContent = relevantContent.filter((item, index) => { + const termIndex = positionInArray(relevantContent, 'Term'); + const term = item[termIndex]; + return term !== "" && term !== undefined; + }); + + + // // Remove empty columns + // relevantContent.forEach((item, index) => { + // item = item.filter((item) => { + // return item !== ''; + // }); + // relevantContent[index] = item; // update the item in the relevantContent array + // }); + + // // Remove first row + // relevantContent.shift(); + + // update the values property of the content object + content.values = relevantContent; + } + return content; // return the updated content object +} + + + + +function createMarkDownFiles(content) { + if (content !== undefined) { + + /** + * The column names of the list of websites to scrape. + * @type {Array} + */ + const entriesIndex = content[0]; + + + // Create separate files + // content.values.forEach((item, index) => { + // // Skip first one, https://stackoverflow.com/a/41283243 + // if (index < 1) return; + // // item[4] = item[4] || '-'; + + // let finalString = ''; + // item.forEach((item, index) => { + // item = item.trim(); + + // item[index] = item[index] || '-'; + // finalString += `## ${content.values[0][index]}\n\n${item}\n\n`; + // }); + + // fs.writeFile( + // // Where to write: + // outputDir + item[3] + '.mdx', + + // // What to write: + // // 1: Frontmatter slug and title: + // `---\nslug: "${item[3]}"\ntitle: "${item[3]}"\n---\n` + + // // 2: Content: + // // '## Key\n\n' + + // // item[0] + + // // '\n\n## Type\n\n' + + // // item[1] + + // // '\n\n## Definition\n\n' + + // // item[4] + // finalString, + + // // When it goes wrong: + // function (err) { + // if (err) { + // return console.log(err); + // } + // } + // ); + // }); + + // Everything in one file, in a table: + + + let finalStringAll = ''; + + // Create title for page + finalStringAll += `

Overview and context

`; + + // Create table container + finalStringAll += `
`; + + // Create buttons and input + finalStringAll += ` + + + + `; + // End buttons and inputs + + // Create table + finalStringAll += ``; + + // Create table header + finalStringAll += ``; + finalStringAll += ``; + + content[0].forEach((element, index) => { + finalStringAll += ``; + }); + + finalStringAll += ``; + finalStringAll += ``; + // End table header + + // Create table body + finalStringAll += ``; + + // Create table rows + content.forEach((item, indexTableRow) => { + // Skip first one, https://stackoverflow.com/a/41283243 + if (indexTableRow < 1) return; + // if (index < 1 || index > 12) return; + + finalStringAll += ``; + + // TODO: table looks wrong: + // finalStringAll += ``; + + // Create table cells + item.forEach((item, indexTableCell) => { + if (indexTableCell > entriesIndex.length) return; + item = item || ''; + + finalStringAll += ``; + }); + // End table cells + + finalStringAll += ``; + }); + // End table rows + + // End table body + finalStringAll += ``; + + // End table + finalStringAll += `
${element}
`; + if (indexTableCell === positionInArray(content, 'link') || indexTableCell === positionInArray(content, 'Philvid_start')) { + finalStringAll += `Link`; + } else { + finalStringAll += `${item}`; + } + + finalStringAll += `
`; + + // End table container + finalStringAll += `
`; + + fs.writeFile( + outputPathMarkDown, + finalStringAll, + // When it goes wrong: + function (err) { + if (err) { + return console.log(err); + } + } + ); + } +} + +function writeJSONFile(content) { + // Create the output directory if it doesn't exist + if (!fs.existsSync(outputDirJSON)) { + fs.mkdirSync(outputDirJSON, { recursive: true }); + } + + // Path to the output file + const filePath = path.join(outputDirJSON, outputFileNameJSON); + + fs.writeFile( + filePath, + content, + function (err) { + if (err) { + return console.log(err); + } + console.log('JSON file has been written successfully.'); + } + ); +} // End writeJSONFile